Security Data Protection Is A Major Issue †Myassignmenthelp.Com

Question: How To Security Data Protection Is A Major Issue? Answer: Introducation It security and data protection is a major issue in todays business world. This is particularly because the data resource of an organization is exposed to a number of security threats from the cyber attacks, which include hacking, phishing, spoofing and so on. The CNSS security model involves various factors of data security and integrity. This includes data confidentiality, integrity and availability. Data confidentiality means that the authorized users can only access the data stored in the information security system or to the members it is intended to and cannot be accessed by unauthorized members. This is an essential phenomenon of data security (Von Solms Van Niekerk, 2013). Data integrity refers to the fact that data is not changed while storage or its transformation that is the data remains consistent and accurate. Alteration of data is not allowed and is against the security policy and hence this is an essential consideration for IT data security. Data availability ensures that the data continues to be available at a required level of performance and in every situation. The threats may harm or hamper any of the security conditions as a result of severe security attack which may include the involvement of viruses and other malicious software. Ensuring information security is utmost essential and therefore it should be the top most priority for any organization. Therefore, proper security measures are to be undertaken to prevent or lessen the effects of the security threats (Peltier, 2013). IT landscapes have considerably changed with the involvement of newer technologies such as cloud computing. This has considerably resulted in the change of strategies in business concepts and adoption of newer technologies in business environments. The newer landscapes or technologies have given rise to newer difficulties and challenges, which in turn resulted in the need of newer security infrastructure for data protection (CeArley Claunch, 2012). IT Security Models and access controls Security models are essential for ensuring proper security of the data and their confidentiality (Zissis Lekkas, 2012). The main objective of the information security model is to outline the different security measures undertaken by an organization in order to protect the data and resources of an organization. In order to ensure proper data security, different access control methods are employed. Security models support the security policies that are implemented in an organization (Lin et al., 2012). The access control limits the use and access of a particular data only to the authorized persons. Different access control methods includes user authentication that limits the access of any service or resource only to a registered person who has a valid user id and password. Proper security model are necessary to maintain in order to protect the data integrity and availability. Access control is enforced to allow or restrict selected members or users in accessing the resources of an org anization. Other access control methods includes data monitoring using CCTV surveillance method, use of card or key for entry in a protected area or finger print protection of data and resources. Access control is classified into two broad areas, physical and logical access control. Logical access control deals with the protection and limiting the access of the confidential and sensitive information of an organization while the physical access control mainly deals with the protection of physical resources of an organization, which includes, the IT assets, physical hardware devices and their components. Access control is enforced in order to limit the access of data or components only to the authorized users and protects the system and information from unauthorized access (Almutairi et al., 2012). Access controls are enforced according to the specifications of the set security model. IT security Threat and Risk Assessment Threat can be defined as a condition of eminent danger, an organization or a system is exposed to. Threats are capable of creating serious harms to the information system and therefore it is essential to eliminate all the threats from a system before it creates serious harm. The threats in an Information security system include hacking, phishing, denial of service attack and so on. Threats are results of the active and passive attack a system is exposed to. Passive attack is however less harmful than an active attack as in passive attack, the attacker silently monitors the system in order to plan an attack (Crossler et al., 2013). Active attack is more dangerous than passive attack as it is capable of causing serious harm to the system. The security threat includes data loss and data breach, which is capable of causing serious harm to an organization. Risk assessment deals with identifying and analyzing the threats or the risks associated with an organization or a system. Risk manage ment evaluates and categorizes the risk according to its impact and recommends a plan to eliminate that risk. All the details about the risks and threats associated with a system and its likelihood of occurrence is stored in a structured document, which is updated and reviewed time to time. Risk management helps in managing a risk in an effective way and also helps in monitoring the risks associated with a system. One of the important feature of risk management is that, it classifies the risk according to their priority and hence gives a clear idea of the risks or threats that need immediate attention. Having a proper risk management plan is essential for every organization for better management of the threats and reducing their action (Alhawari et al., 2012). References Alhawari, S., Karadsheh, L., Talet, A. N., Mansour, E. (2012). Knowledge-based risk management framework for information technology project. International Journal of Information Management, 32(1), 50-65. Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., Ghafoor, A. (2012). A distributed access control architecture for cloud computing. IEEE software, 29(2), 36-44. CeArley, D., Claunch, C. (2012). The top 10 strategic technology trends for 2013. The Top, 10. Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., Baskerville, R. (2013). Future directions for behavioral information security research. computers security, 32, 90-101. Lin, G. Y., He, S., Huang, H., Wu, J. Y., Chen, W. (2012). Access control security model based on behavior in cloud computing environment. Journal of China Institute of Communications, 33(3), 59-66. Peltier, T. R. (2013). Information security fundamentals. CRC Press. Von Solms, R., Van Niekerk, J. (2013). From information security to cyber security. computers security, 38, 97-102. Zissis, D., Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems, 28(3), 583-592.