CB Hart Law Firm: An Information Security Report
Business Information Systems
Salford Business School
TABLE OF CONTENTS:
1. MAIN CONTENT
1.1. Information security from business perspective
1.2. Value of information
1.3. Information security threats and risks:
1.3.4.Incompetence and mistakes
1.3.5. Accidents and disasters
2. MAIN BODY
2.2. Ten most common domains
2.2.1. Security management practices
2.2.2. Access control
4. List of figures
CB Hart has suffered major reputation problems because of disregarding the small security issues. Company has been affected by the event of data leakage. The information that leaked was not hugely confidential but that situation was damaging enough to cause a big decrease in the reputation of the CB Hart.
Company requires serious changes in its security aspects. This will need to be done by reviewing the past similar situations regards data leakage. It is important that proper security of clients’ information, which is stored within CB Hart’s database, is a part of the company marketing strategy.
IT department will have to review past security problems and methods of how it has been solved. They will also be required to arrange new problem solving methods that have not been previously implemented. IT team will need to research most current data which is stored on company’s servers and try to find and eliminate possible errors.
New CB Hart’s management has agreed further steps and investment for marketing strategy and differentiation factor of the firm. IT department is required to provide solutions for company’s security improvement. The most important will be then to provide proper training for IT technicians with newly implemented changes, which will be a must to be applied in current and new contracts.
An organization is formulating its objectives and this is being transferred to IT department and all the other sections. All departments had been given required tasks and targets, which will need to be achieved to follow new strategies. Entire processes in Business take place in organization in order to achieve these objectives. While these processes are being executing, the organization becomes increasingly dependent on properly functioning information supply. In other words, organizations are increasingly dependent on IT services to meet all the business requirements. Finally, information security is not a goal in itself but a means of achieving the business objectives.
The way the information providing process is maintained depends on the type of organization and the nature of its products or services, which are supplied in support of business processes. The appropriate organization collects information in order to make products or supply a service. The data is stored, processed, security aspects are applied and are available anytime whenever are required. The people responsible for the information supply chain have to ensure that clients can count on the integrity of the product. It is highly important to make sure that only authorized persons can gain the access to this information. Main key concepts of information supply are confidentiality, integrity, authenticity, non-repudiation, and availability. Therefore a company must organize collection, storage, handling, processing and provision of data in a way where all conditions and requirements are met and client is satisfied.
Information security can be described as all types of process that are required to protect the information and information systems from unauthorized access, use,...
References: Stoneburner, Gary. “Computer Security”, Retrieved November 11, 2011, From National Institute of Standards and Technology at http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf
Fenner, Audrey. “Placing Value on Information”, Retrieved November 10, 2011, From http://unllib.unl.edu/LPP/fenner.pdf
Hinson, Gary (2008)
Unknown author (2010). “Top 10 Information Security Threats for 2010”, Retrieved November 21, 2011 from Help Net Security at http://www.net-security.org/secworld.php?id=8709
Unknow author (2010). “ 10 Security Domains”, Retrieved November 24, 2011 From http://orkanet.com/production/info_tech/10_security_domains.htm
Dougherty, Michelle (2004)
Cazemier, Jacques (1999). “Security Management” (1st Edition), Controller of Her Majesty’s Stationary Office, Norwich. ISBN: 0 11 330014
Hawkner, Andrew (2000). “Security and Control in Information Systems”, Routledge, New York, ISBN 0-415-20534-4
Unknown Author, Retrieved November 22, 2011 From http://transit-safety.fta.dot.gov/security/SecurityInitiatives/DesignConsiderations/CD/sec5.htm
Please join StudyMode to read the full document