Information security development strategy

It is therefore advisable to weigh the two main models of acquiring a system software which is the package acquisition model and the Bespoke model (Häberlein 2004, pp. Package acquisition model call for purchasing of system software that is already running in the market. While on the other hand, bespoke software implementation model calls for in-house development from scratch. Each model has got circumstance that makes it the appropriate model to be adopted. It is advisable that a study of the organization needs and requirements be conducted first before even thinking of choosing a given model. Implementing modern technologies in your organization does not mean that you are done. Implement the action of these technologies puts you at high risk of failing if they are not well managed.

To make great use of the computer systems to reap a lot of benefits from it, it is mandatory that these assets be secured as hard as possible (Siponen 2000, pp. The best way to do this is not by fumbling to correct already damaged system. It is by Laing down some strategies that can help to prevent the occurrence of security breach and damage either externally or internally to the computer systems. Other than strategies for protection of the computer system, the handbook also outlines strategies that are to be followed while the user is using the network in fractures as well as the information system. Every employee is expected to keep the password private, not to share any information in the system without authorization.

An employee also is expected not to try to access restricted information in the network and the system at large. Even though the present handbook strategies that are set to protect the computer systems in our organization, it has not defined the operating system that s to be used. There exist different operating systems within the organization. There are various strategic plans laid down to protect the information in our organization. These plans include computer systems protection, risk evaluation strategies, securing information, risk mitigations strategies, and corrective procedures. In our organization, we acknowledge that information can and will never be safe minus protecting the systems that house the information itself. Therefore, the first and foremost strategy in our plan is to protect the computer systems.

This is because when the computer systems are safe, the information too will be secured from unauthorized access. These threats range from internally caused to externally caused threats (Zamzuri et al. 2011, pp. The following is a discussion of both internal and external causes of the risks associated with computer systems: Internal threats Internal threats originate from inside the organization. The leading causes of these threats include the employees, contractors, and suppliers outsourced to provide service to the organization. These groups of people sometimes knowingly or unknowingly cause these threats which intern damage the organization's reputation. The only way to avoid software threats is by disabling installations without the administrator's password in every computer system and disable installation of software from any other source other than the app store.

Since we use various kinds of operating system, some of them are not registered while others are registered. If legal inspections are contacted at any time, I am pretty sure that legal action can be taken to us by the different software owners. This issue can only be solved by buying a genuine operating system with registration keys so that whenever installed on machines, registration can be done. Other than software and legal threats, network threats are also possible, likely threats to attack us since most of our systems mostly depend on the internet. This methodology has proven its efficiency as long as the users keep their passwords as private as possible. Even though the use of passwords has proven to be efficient, the most data leaks in the worlds from information systems are due to attacks on passwords.

Passwords are vulnerable to attacks such as brute-force attack, replay attack, phishing attack, and dictionary attack. Preventing these attacks is sometimes difficult therefore it requires more mechanisms to avoid the attacks as mentioned above When it comes to role-based control, users are allowed to access information according to the level of their performance. Typically, the system administrator assigned the roles to a user during creation (Li et al. The other reason why I would remove the role strategy is that it is difficult to implement when a user belongs to multiple groups, but with rules, it is straightforward. Choosing the strategy to use depends on the sensitivity of the information contained in your information system. But according to my opinion, even if the information is less sensitive, it needs to be protected to the later from illegal access.

Therefore, implementing proactive strategies work better for me. Proactive strategies place you ahead of the risk; the risk is eliminated and prevented in time before it occurs (Yue et al. When the incident is established, the possible solutions are weighted using the Hierarchy Process (AHP), the Rank-order, or the Fuzzy Methods as described by Ahn & Park (2008, pp. A team responsible for resolving the incident is then dispatched, and the stakeholders notified. A solution is then made, documented, and then future preventive measure put in place. Brief security strategy Organization Mission: To safeguard people, information and the facilities. Vision: To provide a pleasant and safe environment for all visitors and workforces. Computers & Operations Research, 35(5), pp. Arnold, O. , Bilheux, J. C. , Borreguero, J.