Information security management Essay Example | Topics and Well Written Essays - 2500 words

Information security management - Essay Example Both threats and vulnerabilities need to be considered concurrently. Threats can provide damage to the confidentiality, availability and integrity of information present in the information systems. They explore opportunities for security breaches to cause confidential data invasion via unauthorized access, amendment of data, removal of information from information systems. Threats can hit the network from various sources. Threats are confidential on the parameters of different capabilities and approach including external approaches by cyber criminals, hackers, terrorists. For handling threats of different nature different risk mitigation and control methodologies are required in the context of protecting the prioritized information systems. Vulnerabilities are the weaknesses which are present in the system against the current threats. Vulnerabilities can be distinguished as security loop holes in the system. If hackers find these loop holes in the system, results are devastating incl uding unauthorized access, amendment or complete deletion of the system. A recent example is the hacking of wiki leaks website which impacted the whole world and also affected strategic and economic relations between countries as various confidential documents were leaked out from the website. Vulnerabilities are successful due to policy weaknesses, inadequate implementation of security infrastructure, and information of personal issues. For identifying any possible threats, testing of the security infrastructure including network components, hardware and software is essential which may occur in the future. The risk is defined as the likelihood of different threats via different circumstances, which are affecting the network and information systems. The circumstances should consider the strategy, security measures, environmental measures, own experience and the experience of other connected entities in the context of information security failure. The impact calculation is also requi red in terms of data integrity, availability; confidentiality and the cost associated with the fixing systems, lost availability and other related issues which are of prime concern to the network and information system operations. Measurements consist of Cost which is used to protect the information and systems Value of the information and information systems Threat probability and occurrence Effectiveness of Controls Hazards determine the identities and quantities of any chemicals or harmful substances present as pollute causes in the environment. There are different type of hazards required for cleaning and maintenance of the office furniture and items. Hazards may masquerade to human health or the network and information systems when spilled out accidentally by mistake. They also require flammable characteristics which may occur in severe threats and help to increase fire or other incidents. Assets are the components serving internally, as well as externally, within the network. Assets can be divided in to several different information technology environments. The physical infrastructure contains Servers, workstations, data centers, switches, routers etc. The core infrastructure contains virtual private networks, Microsoft active directory, domain controllers, email servers etc. The Internet infrastructure co