An outline of taxonomy of data security and information assurance
a) Definition of key terms
As an IT security professional, speculate as to what might be the biggest challenge to your management of the technology used to secure your systems.
Information security is the aspect that is concerned with protecting information and information systems from unauthorized access. The main goals of an information security system are to protect the confidentiality, integrity and availability of information. Information security management system is a set of policies which are concerned with information security management or IT related risks. (Bernard et al, 2000) There are several technologies which are used to manage the information security systems.
ChoicePoint is a leading corporation that deals with the risk-management and fraud prevention data. The information security breach was that of the unauthorized people who pretended to be legitimate customers and hacked the system. They got access to personal data and that of more than 145000 other people. They use vague identities and managed to pass the customer authentication and verification without being noticed.
In this article, the authors discuss the various threats that accountants and auditors need to bear in mind when performing information security for their respective companies. Also, the article examines SOX and how it dictates the duties that managers and accountants must attend to when dealing with potential security threats. Due to the new technologies and information systems that change on an almost daily basis, it is important for information security professionals to keep up with current business topics and techniques to successfully prevent breaches in security and hacking. The importance of academics to properly educate future AIS professionals
Like blood in the human systems, information is the livelihood of businesses, governments, security agencies and the entire society. Chessen (2002) suggests that information is the vital asset in today’s information technology enabled era. To make decision-making process faster and effective in businesses and government requires high quality and up-to-date information. Similarly, to remain competitive and secure, it is important to regulate the parties accessing specific information.
In order for this to be achieved, it is important to design strategies that guarantee access to high quality information. According to Greenspan, (2002), these
1. Familiarise yourself with the various network addressing terms e.g. socket.
Socket: a socket is a combination of an IP address (where the computer is located) and a port and places it together into a single identity – a good analogy is a telephone where the actual phone connection is a combination of a given phone number and a particular extension. In computer networking, an Internet socket or network socket is an endpoint of a bidirectional inter-process communication flow across an Internet Protocol-based computer network, such as the Internet.
Subnet Mask: A subnetwork is a distinct and visible
Security is the degree of protection that is usually against danger, damage and loss. Security is a form of protection and has structures that implement the same. According to ISECOM, security is a form of protection whereby a separation is created between the assets and the threat. It includes elimination of the asset from the threat or elimination of the threat from the asset in question.
Planning is the procedural way of organizing events. It involves laying down all the requirements for a particular event and then establishing the procedure at which they are to be executed.
This research is based on the requirements of an individual interested in the Information Security as stipulated by the International Information Systems Security Certification Consortium, (ISC)2.
The requirements focus on major domains to be covered by completion of the certification. In this text, certifications discussed include; Certified information Systems Security Professional CISSP, Systems Security Certified Practitioner SSCP, Information Systems Security Architecture Professional ISSAP, Information Systems Security Engineering Professional ISSEP, and GIAC Security Essentials Certification GSEC.