Premium Essay

Applying Information Security and Sdlc to Business

In: Business and Management

Submitted By phipsgc04
Words 2638
Pages 11
Applying Information Security and SDLC to Business

Applying Information Security and SDLC to Business
Businesses today have a continually growing need to explore new technologies to help make their businesses more productive and ultimately more profitable. To accomplish this task there are many factors to consider centered on discovering what resources are available, what the user’s needs are, along with how to improve the customers experience with the company. Barnes and Noble has taken advantage of this process and turned the company around from facing the prospect of going out of business to becoming a successful driving force in the industry.
Barnes and Noble is a giant that bought out and helped put so many bookstores in the world out of business. This company has more than 703 stores worldwide and is in a fight with Amazon to keep the reputation as the top bookstore in the world. Barnes & Noble claims to be a technology guru just like Amazon and continue to produce products like the NOOK to compete with the Kindle. Barnes & Noble strive to be the best in their business. They state in their mission statement that, “As booksellers we are determined to be the very best in our business, regardless of the size, pedigree or inclinations of our competitors. We will continue to bring our industry nuances of style and approaches to bookselling which are consistent with our evolving aspirations (Barnes and Noble, 2013).” Their mission is to operate the best specialty retail business in America, regardless of the product they sell. Barnes & Noble wants to not only be our go-to book source but also want to be a valuable resource to their customers. They also state in their mission statement that, “Above all, we expect to be a credit to the communities we serve, a valuable resource to our customers, and a place where our dedicated booksellers…...

Similar Documents

Premium Essay

Information Security

...Information Security White Paper Why Security? The security of business information is the most important piece of a businesses infrastructure. Even in small operations, sensitive information that is essential to the business operations must be protected. "A survey by the computer security institute showed that one-third of all data breaches in just one year came at the expense of businesses with one hundred employees or less" (National Institute of Standards and Technology, 2009). What happens if you lose the most important information critical to your business operation? What would it cost your company to recover from an attack? How would you recover? These are all important questions to ask. Most likely your company's reputation would suffer, along with profits. In turn, any legal costs in relation to this security breach would be detrimental to your company’s financial health. Every business is required to have insurance, which might help with the aftermath of an attack, but it won't prevent an attack. Only information security is proactive in protecting your company's reputation and well being. Threats and Vulnerabilities The concept of threats and vulnerabilities are mentioned often in regards to computer security. A vulnerability is a weakness, or flaw, in a computer network that could be exploited. A threat is something that has the potential to cause harm to a computer, a network, or any......

Words: 1024 - Pages: 5

Premium Essay

Information Security

...JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES LABORATORY MANUAL TO ACCOMPANY Security Strategies in Windows Platforms and Applications 1E REVISED 38542_FMxx.indd i 9/5/12 10:48 AM World Headquarters Jones & Bartlett Learning 5 Wall Street Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com. Copyright © 2013 by Jones & Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner. The Laboratory Manual to accompany Security Strategies in Windowa Platforms and Applications is an independent publication and has not been authorized, sponsored, or......

Words: 25969 - Pages: 104

Premium Essay

Intro to Information Security Notes

...microsoft.com/en-us/security/advisory Mitigate vulnerabilities Threats are things you have to respond to effectively. Threats are controllable Risks are manageable Vulnerabilities can be mitigated All affect the CIA triad Not all threats are intentional Confidentiality, integrity, accessibility = CIA Starting on pg 161 DAC- only as secure as the individuals understanding. Access determined by owner. MAC- access determined by data classification itself. data itself has a classification. Need to be cleared to the level of the data security. Also has a “need to know” aspect to it. Non DAC- third party determines the permissions. Role based- pg 166. Access determined on the job of the user. Rule based- variation of DAC. Rules are created and access is based on the rules created. Week of 4/17/13 Starts on pg 146 Project- search SSCP CBK on the library under 24/7 Each of the 7 domains, vulnerabilities in each, security used in each to control, For lab 5--- Make 4 types of connections. 2 secure 2 not secure. telnet, securenet, ssh, and ftp. Will need 3 machines. Student, Target, ubuntu 1 Wireshark setting to capture a file in promiscuous mode on student. Do an FTP to target windows. Command prompt from student to ubuntu. Try to log in. Do questions. Question 9, focus on SSH and what traffic you are getting. Assignments— Week of 5/1/13 Acronyms- Pg263 BCP- Business Continuity Plan DRP- Disaster Recovery Plan Pg266 BIA- Business Impact......

Words: 907 - Pages: 4

Free Essay

Information Security

...IT SECURITY All of new technologies of the modern age have changed the way the human race commutates with other human beings. Also, this feat has made the way business is conducted today very convent and easier to do. The Internet is a huge discover for mankind for the commutation barrier. With all of these new products like smartphones, tablets, and computers made this new capability for anyone in the world that can afford at least one of these products. Since this new commutation barrier is being used daily by the human race, this very much-changed the “business world”. Databases of your personal information, such as credit card numbers, social security numbers, and even your address are on the Internet somewhere. IT has proved to be a significant employer. Many people with knowledge of computers have got jobs in this field, and have successfully made a career out of it. Since it has changed the business world in such a dramatic way, Corporations need employees that have the skill to protect this values and private information. Information technology has helped one find cures for several diseases; thereby, serving mankind in plentiful ways. Many other programs have helped individuals that have visual or hearing impairment. Corporations use information in databases to run operating activities day to day. In the world we live in today information technology is only becoming more and integrated in our daily lives, as we know it. To the......

Words: 1443 - Pages: 6

Premium Essay

Information Security

...Information security means protecting information and information systems from unauthorized access, use, disclosure, modification or destruction. Since the early days of writing, heads of state and military commanders understood that it was necessary to provide some mechanism to protect the confidentiality of written correspondence and to have some means of detecting tampering. For over twenty years, information security has held confidentiality, integrity and availability as the core principles of information security. Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds. In information security, integrity means that data cannot be modified without authorization. When Management chooses to mitigate a risk, they will do so by implementing one or more of three different types of controls. Administrative controls form the framework for running the business and managing people. Logical controls (also called technical controls) use software and data to monitor and control access to information and computing systems. Physical controls monitor and control the environment of the work place and computing facilities. Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called......

Words: 4064 - Pages: 17

Premium Essay

Information Security

...production from the worm outbreak last month, and they directed us to improve the security of our technology. Gladys says you can help me understand what we need to do about it.” “To start with,” Charlie said, “instead of setting up a computer security solution, we need to develop an information security program. We need a thorough review of our policies and practices, and we need to establish an ongoing risk management program. There are some other things that are part of the process as well, but these would be a good start.” “Sounds expensive,” said Fred. Charlie looked at Gladys, then answered, “Well, there will be some extra expenses for specific controls and software tools, and we may have to slow down our product development projects a bit, but the program will be more of a change in our attitude about security than a spending spree. I don’t have accurate estimates yet, but you can be sure we’ll put cost-benefit worksheets in front of you before we spend any money.” Fred thought about this for a few seconds. “OK. What’s our next step?” Gladys answered, “First, we need to initiate a project plan to develop our new information security program. We’ll use our usual systems development and project management approach. There are a few differences, but we can easily adapt our current models. We’ll need to appoint or hire a person to be responsible for information security.” The Need for Security Our bad neighbor makes us early stirrers, Which is both healthful and good......

Words: 24411 - Pages: 98

Premium Essay

Information Security

...Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...)[1] Two major aspects of information security are: • IT security: Sometimes referred to as computer security, Information Technology Security is information security applied to technology (most often some form of computer system). It is worthwhile to note that a computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory (even a calculator). IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber attacks that often attempt to breach into critical private information or gain control of the internal systems. • Information assurance: The act of ensuring that data is not lost when critical issues arise. These issues include but are not limited to: natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost. Since most information is stored on computers in our modern era, information assurance is typically dealt with by IT security specialists. One......

Words: 768 - Pages: 4

Premium Essay

Information Security

...Internet Information Security: The Problems and Solutions Chenlong Wu PRE-SESSIONAL COURSE July 2011 The Language Centre EFL Unit University of Glasgow Introduction: As a useful instrument in modern life, the internet has revolutionized life styles in recent years. Generally, the internet popularization over the world facilitates academic research, communication and entertainment. Nevertheless, problems exist in various aspects, such as misuse of the Internet, Internet addiction and information security, which includes individual privacy, business secrets and national information. According to the data provided by The World Bank (2011), 83.2% people have access to the Internet in the United Kingdom until 2009, but there was almost nobody surfing the Internet 20 years ago. Although increasing number of consumers are using the high technology, individual privacy and business secrets are exposed to potential risks. This essay aims to analyse the consequences of the problem and propose possible methods. Firstly, the essay will describe the major problems currently. Then discuss executable measures to address the problem. Finally, it will provide evaluation and conclusion. Problems: Internet information security is a new concept which for the purpose of protecting personal, commercial or national information on the internet, and guaranteeing privacy and business secrets not being destroyed or leaked out. Online privacy contains private information......

Words: 1376 - Pages: 6

Premium Essay

Information Security

...Why Information Security is Hard – An Economic Perspective Ross Anderson University of Cambridge Computer Laboratory, JJ Thomson Avenue, Cambridge CB3 0FD, UK Ross.Anderson@cl.cam.ac.uk Abstract According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. In this note, I put forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons. risk of forged signatures from the bank that relies on the signature (and that built the system) to the person alleged to have made the signature. Common Criteria evaluations are not made by the relying party, as Orange Book evaluations were, but by a commercial facility paid by the vendor. In general, where the party who is in a position to protect a system is not the party who would suffer the results of security failure, then problems may be expected. A different kind of incentive failure surfaced in early 2000, with distributed denial of service attacks against a number of high-profile web sites. These exploit a......

Words: 5786 - Pages: 24

Premium Essay

Information Security

...Information Security August 10, 2012 One of the biggest issues in the Information Technology field these days is information security. Today almost anything can be found on the internet. Even like how to videos on how to put in a window, break-into a house, or even hack computers. The digital age has many perks but it also has many down falls to it as well. The perks that we enjoy so much from the internet also leaves us open to identity theft and company information theft. This gives Information Technology professionals a lot to think about when they consider Information Technology. One of the biggest threats facing the IT industries today is the end users non-malicious security violations that leave companies vulnerable to attack. In a recent Computer Security Institute survey, 41 percent of the participating U.S organizations reported security incidents. (Guo, 2012 p. 203-236) Also according to the same survey it was found that 14 percent of the respondents stated that nearly all of their company’s loses and or breaches were do to non-malicious and or careless behavior by the end users. (Guo, 2012 p. 203-236) Some of the end users behaviors that help these threats along were the peer-to-peer file-sharing software installed by the end user that might compromise company computers. Some other examples of security being compromised by end users would be people that use sticky notes to write there passwords down and leave them where other people can see......

Words: 1422 - Pages: 6

Premium Essay

Information Security

...Assessment Information Management Dovile Vebraite B00044098 Department of Business School of Business & Humanities Institute of Technology, Blanchardstown Dublin 15. Higher Certificate of Business Information Management 20/08/2014 Contents What is Information Security? ........................................................................ 3 What are the Goals of Information Systems Security? ….……………………………. 4 How big is the Security Problem? ………………………………………………………………. 5 Information Security Threats ……………………………………………………………………… 6 How to Secure the Information Systems? ………………………………………………….. 7 Conclusion …………………………………………………………………………………………………. 8 Bibliography ………………………………………………………………………………………………. 9 What is information security? ‘’Information security, to protect the confidentiality, integrity and availability of information assets, whether in storage, processing or transmission. It is achieved via the application of policy, education, training and awareness, and technology.’’ (Whitman, Mattord, 2011). Information security is the protection of information and information systems from unauthorised access, modification, disruption, destruction, disclosure, or use. In other words it handles the risk management. The definition of information security is based on the concept that if there is a loss of CIA (confidentiality, integrity and availability) of information, then the person or business will suffer harm. What are the goals of......

Words: 1543 - Pages: 7

Premium Essay

Information Security

...Principles of Information Security, Fourth Edition Chapter 3 Legal, Ethical, and Professional Issues in Information Security Learning Objectives • Upon completion of this material, you should be able to: – Describe the functions of and relationships among laws, regulations, and professional organizations in information security – Differentiate between laws and ethics – Identify major national laws that affect the practice of information security – Explain the role of culture as it applies to ethics in information security Principles of Information Security, 4th Edition 2 Introduction • You must understand scope of an organization’s legal and ethical responsibilities • To minimize liabilities/reduce risks, the information security practitioner must: – Understand current legal environment – Stay current with laws and regulations – Watch for new issues that emerge Principles of Information Security, 4th Edition 3 Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain societal behavior • Ethics: define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group; ethics based on these • Laws carry sanctions of a governing authority; ethics do not Principles of Information Security, 4th Edition 4 Organizational Liability and the Need for Counsel • Liability: legal obligation of an entity extending beyond criminal or contract law; includes legal obligation to make restitution...

Words: 2389 - Pages: 10

Premium Essay

Applying Owasp to a Web Security Assessment

...Assessment Worksheet Applying OWASP to a Web Security Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you explored the Open Web Application Security Project (OWASP) Web site and reviewed its Web application test methodology. You studied the standards and guides published by this project and summarized your findings. Finally, you drafted a Web Application Test Plan based on the information you gained in your OWASP research. Lab Assessment Questions & Answers 1. Identify the four recognized business functions and each security practice of OpenSAMM. 1) Governance 2) Construction 3) Verification 4) Deployment 2. Identify and describe the four maturity levels for security practices in SAMM. 1) Implicit starting point representing the activities in the Practice being unfulfilled 2) Initial understanding and ad hoc provision of Security Practice 3) Increase efficiency and/or effectiveness of the Security Practice 4) Comprehensive mastery of the Security Practice at scale 3. What are some activities an organization could perform for the security practice of Threat Assessment? Threat Assessment involves accurately identifying and characterizing potential......

Words: 574 - Pages: 3

Premium Essay

Information Security

...implementing the information security management standards, plus potential metrics for measuring and reporting the status of information security, both referenced against the ISO/IEC standards. Scope This guidance covers all 39 control objectives listed in sections 5 through 15 of ISO/IEC 27002 plus, for completeness, the preceding section 4 on risk assessment and treatment.  Purpose This document is meant to help others who are implementing or planning to implement the ISO/IEC information security management standards.  Like the ISO/IEC standards, it is generic and needs to be tailored to your specific requirements. Copyright This work is copyright © 2010, ISO27k Forum, some rights reserved.  It is licensed under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.  You are welcome to reproduce, circulate, use and create derivative works from this provided that (a) it is not sold or incorporated into a commercial product, (b) it is properly attributed to the ISO27k Forum at www.ISO27001security.com, and (c) derivative works are shared under the same terms as this. Ref. | Subject | Implementation tips | Potential metrics | 4. Risk assessment and treatment | 4.1 | Assessing security risks | Can use any information security risk management method, with a preference for documented, structured and generally accepted methods such as OCTAVE, MEHARI, ISO TR 13335 or BS 7799 Part 3. See ISO/IEC 27005 for general advice. | Information security risk......

Words: 4537 - Pages: 19

Premium Essay

Information Security

...Darrel Smith IT255 11/29/2011 Research Assignment 2 A sound security plan is the first step towards a multi-layer defense. To develop a plan, the company must access its most important assets; identify vulnerabilities as well as the infrastructure and technology most appropriate for mitigating risk, then implement a strategy for putting the plan in action. Emails are prime examples. It has become a critical business communications tool and is also a primary conduit for malicious code. Protecting emails against viruses, worms, spam, Trojan horses, phishing attacks and other threats requires a variety of security technologies. These antivirus and antispyware software, content filtering, and firewalls. Such security technologies must be installed at various levels of the infrastructure-such as the gateway, mail servers and desktop or laptop. This way, threats that may bypass one level are dealt with at another. In addition, layering security helps mitigate the risk of an employee who disables protection on his or her desktop. The gateway serves as an entry and exit point to the company network. By installing a security solution such as antivirus and content filtering at this tier, mass-mailer worms are scanned and deleted and spam is moved to quarantines. Mail servers should also be equipped with security. These systems receive, send, and store email, and an email security solution work together with the email program to provide a greater degree of protection......

Words: 1445 - Pages: 6