Security and Risk Management , IT Database security
The IT infrastructure of the organization makes it susceptible to external intrusions. For example, there are more than 1000 access points with no security awareness programs and no deployed security software programs or reporting to protect the access points. In addition, there is need for approved information policies in the organization to control access to sensitive information. Therefore, there is need for implementation of a tactical strategy to secure the company information as well as the IT infrastructure. There is need for implementation of a five-phased strategic plan, Organizational phase that constitutes of policies and processes, the operating system that controls the data access points and links all of them, database management system, telecommunications and access security to protect information assets.
The organizational phase is the most important phase in the in the bid to boost the security of the IT networks and data. Its relevance is a function of its role in connecting all the other elements of the security system. For example, organization controls the software and hardware susceptible to the security threats as well as the personnel in charge of them (Doughty, 2003). The first step is the appointment of a dedicated resource for physical security. The lack of dedicated resource for physical security is among the key weaknesses identified in the diagnosis phase (Doughty, 2003). Appointing a qualified person for the position helps control the physical resources as well as the associated networks. In addition, it is important to place the department in a specialized department, such as the IT department in the organization (Basta & Zgola, 2012).
[...] Operating system The operating system is the software that manages access and entry of information into any database. Therefore, an operating system is important because it dictates the mode of usage by the employees as well as the type of security software installed. The organization uses different operating systems to access and feed data into the servers (Doughty, 2003). The use of multiple systems is an attribute of user preference. However, there is need for security considerations when selecting an operating system. [...]
[...] In conclusion, the above process can be used to boost the IT security of the organization by addressing all the vulnerabilities pinpointed in the audit report. It is important for the appointed security resource to update selected vulnerabilities and to have other auditors go through the system to establish points of weakness and to keep the system updated. References Basta, A., & Zgola, M. (2012). Database security. Boston, Mass.: Course Technology/Cengage Learning. Doughty, K. (2003, February 1). Implementing Enterprise Security: A Case Study . isaca.org. [...]
[...] In addition, it is not possible for the management to safeguard access to sensitive data. Therefore, the only way to safeguard privacy would be to have a separate system (Basta & Zgola, 2012). To safeguard the information within the existing system, it would be important for the policies proposed by the appointment IT management resource to address restricted access to information as well as security of the access points. For example, a requirement for user identification and creation of user accounts that have access to different levels of information would secure access to the database. [...]
[...] Access security is flexible in the sense that the same aspects used to management databases can be applied to control access. For example, user accounts may be applied to create user profiles and at the same time control access to data. Telecommunications security in an organization is another area of interest in IT security. Workers in an organization often contact one another over the local intranet. In addition, the two separate databases need to be connected for easier access to information. [...]
APA Style reference
For your bibliographyOnline reading
with our online readerContent validated
by our reading committee
