Security Protecting Global Enterprise †Free Samples to Students

Question: Discuss about the Security Protecting Global Enterprise. Answer: Introduction IT Security which is also known as cyber or computer security management is the process or actions performed to ensure computer systems are protected from damage or theft in regard to the information they hold and the hardware and software in which they use. IT security and the technology landscape refer how IT security is implemented and maintained based on the technology practices and resources available. IT security models are schemes which are provided to aid in enforcing and specifying security policies (Katsicas, 2009). Access control is the act of restricting access to a system or resource and only allowing a few individuals who have been authorized to access the system. IT security threat and risk assessment is the process or act of performing a risk assessment to establish to what degree a system is at threat or being breached or accessible to unwanted parties. IT Security refers to the protection of systems to avoid misdirection or disruption as they provide their services. IT security and the respective technology landscape covers various spheres. Vulnerabilities are weaknesses which are identified and exploited in a systems design and used to enable an individual gain access to the system. The act of gaining access to a system without authorized access is known as vulnerability exploitation (ISACA, 2006). There are various systems which have been developed to help secure systems. The current technological landscape has been improving to ensure that systems are kept safer (Pipkin, 2000). Though there are new vulnerabilities being discovered and exploited, the technological landscape is improving to ensure that they are being patched so that malicious individuals will not be able to exploit systems management. The changes in the technology landscape have also brought about machines which are very powerful and affordable to individuals who may utilize them in trying to breach various IT systems. It is therefore upon any organization to be innovative and adapt so that they are able to keep their systems from being breached. IT Models Access Controls IT models are necessary in ensuring that a company can come up with policies which can guide them as they face various IT security risks. The models are in place as a guideline to help any company which has them in knowing the most appropriate procedure to take in case a security problem arises. The models are advantageous because they display a companys preparedness in dealing with IT security risks (Schliemger Teufer, 2003). Access control is one such model of IT security. A company can have a policy which limits the kind of clearance any employee has to their system. Here the employees will be granted access to a part of the system which will enable them to perform their duties. A selected few individuals are the only ones who are granted full access to the system because their roles may need such kind of clearance. In the rise of the digital age, information has become an invaluable resource. The large amounts of data generated by people is being used to predict future business and trends that may arise. This is the reason why most companies are increasingly becoming very dependent and careful with their data. They know data is an important resource to their businesses and they protect it so that they are able to operate effectively (Gordon Loeb, 2002). There are individuals with malicious intent who have identified that data is indeed a good resource and they try to access data which belongs to other companies for malicious purposes. Data is stored in the database of a company and therefore it is run and controlled by a system. These individuals are able to gain access to the system and tamper with the data or steal it for purposes such as selling to the companys competitor. Most companies know that this acts are a risk which they face every day and therefore they need to invest heavily in en suring that IT security within the organization is always at optimum levels. Most companies today have a risk assessment strategy in which they evaluate the level of risk they can take while venturing into their business management (McDermott Geer, 2001). When a company has performed a risk assessment especially regarding IT they can plan for all the risks which can occur and even come up with a risk transference strategy where any risk they incur will be transferred to their insurer. Conclusion IT security is very important today especially for companies. The need to ensure that they have setup the necessary steps, infrastructure and resources to maintain a high level of IT security within their organizations. They also need to ensure that they have done risk assessment which will help them plan for any IT issues that may arise (ISACA, 2008). The technology landscape today is such that it is evolving at a very fast pace. Companies also need to do the same to ensure they are always ahead of anyone who may wish to breach their systems. The threat and risk assessment strategies in a company enable them to come up with models which they can use when an IT security issue arises. Preparation or prevention for a company is the best approach in handling IT security issues. The models formed can be used as a guideline in safeguarding an organization and its information from unauthorized access. IT security is therefore a structure in which any company should implement and have in pl ace to protect themselves as they endeavor to achieve their mission. References Engineering Principles for Information Technology Security. csrc.nist.gov Gordon L. Loeb M. (2002). The Economics of Information Security Investment. ACM Transactions on Information and System Security. 5(4): 438-457. ISACA (2006). CISA Review Manual. Information Systems Audit and Control Association. p.85 ISACA (2008). Glossary of Terms. Retrieved from www.isaca.org Katsicas S. K. (2009). Computer and Information Security Handbook. Morgan Kaufmann Publications. Elsevier Inc. p.605. McDermott B. E. Geer D. (2001). Information security is information risk management. In Proceedings of the 2001 Workshop on New Security Paradigms. Pp. 97 -104. Pipkin D. (2000). Information security: Protecting the global enterprise. Hewlett-Packard Company. Schliemger T. Teufer S. (2003). Information Security culture from analysis to change. South African Computer Journal. 31: 46-52.