Telecommunication and Network System of ABCD University

Question: Describe about the Importance of Information Security, the laws and regulations of information security and Compliance, system audit controls of ABCD University? Answer: Introduction ABCD University is a 21st century college which has advanced technological infrastructure. The organization has an impressive collection of multimedia and computing resources. The university has total 19000 staff and students who use 3000 computers on a regular basis. The university provides maximum resources to the students like computer laboratories, server connection and also various learning facilities. Along with these all the resident students use the university network for their work purpose. Thus the university tries to benefit all the staff and students from their advanced network system. The firm wants to further improve their network system and implement security strategies. For this reason the university has hired a policy maker who would make the students understand the importance of network security and would increase the security system of the entire network connection of the university. He would train both the staff and students in how to maintain security of their ow n network. Thus this would make the University network more protected and secure to work with. Importance of Information Security According to Ronald Reagan The oxygen of modern age is Information. It is the most powerful tool one can have.(West, 2008). Every organization including universities must have Information Security-Management System (ISMS). It is one of the most important components of a place which deals with many computers and network server (Microsoft, 2005). All the data present in the IT systems of a University is extremely valuable. It helps in storing and processing information. Thus information security is very essential. The importance of information security is as follows: Confidentiality: All the data in the IT system can only access and viewed by the authorized person only. No third party can view the secured information of an individual. Integrity: It maintains integrity of the data and can be relied upon accurately and is processed correctly. All the data and information is properly securely stored within the system (Doherty Fulford, 2006). Availability: Even with the strict security system all the data can be accessed whenever it is needed. Reducing the Risk: Information security reduces the risk of leaking or hacking any kind of data and information from the IT system. Unique Accessibility: Information security allows only a single user to access the data that is uniquely protected by the individuals own password. Thus Information Security is extremely essential to keep an individuals personal data secured. In universities there are many students who are doing their research or project using ABCDs network system so no data or information can be allowed to leak out. According to Network Security Guidelines persons who extract data from different networks can face punishment from the court of law (Siponen, 2001). Thus information security should be the primary focus of ABCD University so that all the students can make optimum usage of the universities network system. Assets Classification and Control Every organization and universities has many types of assets. And in the 21st century all the record and data about the various assets are stored in the ABCDs universities server. It is through this network that the organization controls and classifies its assets and properties. Billions of dollars of assets and their details are stored in the universities server. All the record since the beginning of the university and all the details of the students are incorporated inside the server of the university. Thus to protect all these, information security is extremely essential for the university. Information security prevents a third party from viewing and accessing those confidential data about the universities assets. Classification of Information Information security helps to classify information according to security basis. The security system protects the entire data and server of the university but it has priority according to importance basis. For example all the record and details of each and every single student and staff is considered to be high priority. For this reason only a single user is given the liberty to access it. While library information is of medium priority and thus it is accessible to both the student and the librarian. Similarly the university has many medium priority data and information which is accessible to only few people. However for example a certain University club has data and information about its events is of least priority. Here the information security system allows all the members or students to access the clubs data and other event information. The Network System of ABCD University ABCD uses 3000 computers and even has its own network system for the benefit of the students and the staff. It has voice and data network systems with high network security. It has UNIX hosts and also fileservers which support many upgraded applications. For high security purposes and for optimum use of the computing laboratories the university even has a technical support team. The technical support team is always present inside the campus and offers support to all the students. They even have a help desk with expert technicians who fixes all the software and hardware problems faced by the staff and students. If any malfunction took place or any kind of security problem the technicians would be immediately informed and they would help the students and staff to solve it. The laws and regulations of information security During the early 2000s and also late 1990s many laws were established regarding the privacy and security of information of organizations. This was successful due to the involvement of large company like Enron (Wixom Todd, 2005).The main focus of all the information security laws and regulations is to protect the integrity, availability and confidentiality of all the information that might have an impact on the stakeholders of an organization (Solms, 2004). The laws regarding information security has certain goals like: Implementation and establishment of controls Maintain, assess and protect compliance issues Identification and remediation of the deviations and vulnerabilities Providing reports that could prove an organizations compliance Thus all the laws governing the information security of an organization have the same goal of protect ones information which he does not want to share. The information security of ABCD University will abide by all the rules and regulations so that all the staff and students can make optimum use of the universitys network and server. Training of the students and staff The information security installed in the ABCD University is extremely user friendly. But it requires a little guidance so the technicians arranged a training program for all the staff and students. The program was of 3 hour duration where all the students participated. The following things were taught and showed during the training session: The students were first told about the importance and necessity of information security. UniTech was the organization that provided all the latest information security software for the University. The students were made familiar with the software that was installed in every single computer. If they faced any difficulty they were provided with the help desk number. For more security the students could individually approach their local technicians who would upgrade their IT system. Every student and staff was given a unique ID code which would help them to login with the information security system where they could give their own password. Thus from the training program the students were shown a demo of the information security. They were also warned about the violation of the information security protocols. The entire program was a successful event. Access and Cryptographic Control Information is one of the most important assets of an organization. The information security helps to protect all the data and record of a University or a firm. It uses various software to protect the infiltration of a third party from viewing the data and also prevents various viruses from corrupting the files. Information security contains high level antivirus (Kagan, 2007). The two basic functions of information security are as follows: Access Control Access Control determines and ensures the proper user who is allowed to view or access the information. It does not allow any other person to view the record and data. It controls the servers, mobile devices, mainframes, operating systems, and network services, desktop and also the laptops are monitored by the access control software (Vroom Solms, 2004). No third party can bypass the security systems provided by the access control. All the data and information is available to only the authorized person and he has unique password to access any data. Cryptographic Control Cryptography is considered to be a science which uses complex mathematics including logical designing methods. Strong encryptions are required to hide data and information about an organization (Mogull, 2005). Information security has such strong and protected encryption that allows the valuable information of the University to remain hidden. At present there are many hackers who can even hack and retrieve data and information from highly secured encryptions. The cryptographic control of information security prevents such things from happening. Thus both access control and cryptographic control is an essential part of information security. The security system installed by ABCD University has both the facilities and thus the students can use the learning resources of the university without any problem. Compliance, system audit controls of ABCD University Auditing of an organization is extremely necessary. It maintains and checks the security of the firm and also maintains the risk management of the company (Petter, Straub Rai, 2007). Thus ABCD University must make a thorough auditing of the entire system of the university. The university must undergo auditing because of the following reasons: To check the security system and information security of the university. The auditing checks the security policies of the universities and finds the drawbacks in it. It helps to manage the risks of the University. The entire auditing of the University follows compliance audit. Thus from the above we can see that ABCD University require a good and thorough auditing. Thus it helps to maintain the security measures of the university and also the various securities polices of ABCD University. Information security also helps to control the environmental security of the university. The university after the auditing installed various information security software by UniTech so that both the students and the staff could receive the optimum benefit of the computing laboratories and the learning resources. Conclusions Thus from the above detailed analysis of ABCD University it is evident that information security plays a major role in the privacy of the company. The following things have been derived from the above study: Information security is one of the essential parts of the university which would protect its assets and detailed data. Information security also has access and cryptographic control over the entire system of the organization. Training is required for the students and staff so that they can understand the information security system and can operate it easily. Information security has many rules and regulations which must be followed by the university. Anybody who fails to abide by the security protocols will be punished in the court of law. Information security provides a unique ID and password for every single student and staff so that only the authorized person can view the information or data stored the university server and network. Thus it can be said that ABCD University must increase their information security and upgrade it so that both the students and staff can utilize the learning resources of the university to its optimum level. Recommendations After such a detailed study about the information security of ABCD University many points have come to light. Information security is extremely important for the university so that it can protect all its assets and have proper cryptographic control over the details of every student. The following are the recommendations that the university can add: The university must upgrade the information security system on a monthly basis. All the students must be aware of the importance of information security and students not using it must be penalized. All the technicians must have detailed knowledge about the system so that they can assist whenever it is necessary. Bibliography (2005, December).Data Confidentiality. Retrieved May 16, 2012, from MSDN. Mogull, R. (2005, August).Management Update: Use the Three Laws of Encryption to Properly Protect Data.Retrieved February 4, 2006, from Gartner. (2001, November 26).Advanced Encryption Standard. Retrieved May 15, 2012, from NIST Computer Security Resource Center. Olzak, T. (2006, February).Data Storage Security.Retrieved May 19, 2012, from Adventures in Security. Zim, H. S. (1962).Codes and Secret Writing.Scholastic Book Services. Mogull, R. (2005, August).Management Update: Use the Three Laws of Encryption to Properly Protect Data.Retrieved February 4, 2006, 2004 E-Crime Watch Survey Summary of Findings, Computer Emergency Response Team Coordination Center (CERT/CC). Kankanhalli, H.-H. Teo, B.C.Y. Tan, K.-K. Wei (2003), An integrative study of information systems security effectiveness, International Journal of Information Management 23. Karahanna, D.W. Straub, N.L. Chervany (1999), Information technology adoption across time: a cross-sectional comparison of pre-adoption and post-adoption beliefs, MIS Quarterly 23 (2). G. Peace, D. Galletta, J. Thong (2003), Software piracy in the workplace: a model and empirical test, Journal of Management Information Systems 20 (1). Doherty, N. F., and Fulford, H. 2006. Aligning the Information Security Policy with the Strategic Information Systems Plan, Computers and Security (25:1), pp. 55-63. Dhillon, G., and Backhouse, J. 2001. Current Directions in Information Security Research: Toward Socio-Organizational Perspectives, Information Systems Journal (11:2), pp. 127-153. Petter, S., Straub, D., and Rai, A. 2007. Specifying Formative Constructs in Information Systems Research, MIS Quarterly (31:4), pp. 623-656. Siponen, M. T. 2001. Five Dimensions of Information Security Awareness, Computers and Society (31:2), pp. 24-29. West, R. 2008. The Psychology of Security, Communications of the ACM (51:4), pp. 34-40. Whitman, M. E. 2008. Chapter 6: Security Policy: From Designto Maintenance, in Information Security: Policy, Processes, and Practices, D. W. Straub, S. Goodman, and R. Baskerville (eds.), Armonk, NY: M. E. Sharpe, pp. 123-151. Willison, R. 2006. Understanding the Perpetration of Employee Computer Crime in the Organizational Context, Information and Organization (16:4), pp. 304-324. Vroom, R. von Solms (2004), towards information security behavioral compliance, Computers Security 23 (3). M. Stanton, K.R. Stam, P. Mastrangelo, J. Jolton (2005), Analysis of end user security behaviors, Computers Security 24 (2). V. Post, A. Kagan (2007), Evaluating information security tradeoffs: restricting access can interfere with user tasks, Computers Security 26 (3). v. Solms, B.v. Solms (2004), From policies to culture, Computers Security 23. G. Peace, D. Galletta, J. Thong (2003), Software piracy in the workplace: a model and empirical test, Journal of Management Information Systems 20 (1). Dhillon, J. Backhouse (2001), Current directions in IS security research: towards socio organizational perspectives, Information Systems Journal 11. Wixom, B. H., and Todd, P. A. 2005. Theoretical Integration of User Satisfaction and Technology Acceptance, Information Systems Research (16:1), pp. 85-102. Venkatesh, S. Brown (2001), A longitudinal investigation of personal computers in homes: adoption determinants and emerging challenges, MIS Quarterly 25 (1). References Petter, S., Straub, D., and Rai, A. 2007. Specifying Formative Constructs in Information Systems Research, MIS Quarterly (31:4), pp. 623-656. V. Post, A. Kagan (2007), Evaluating information security tradeoffs: restricting access can interfere with user tasks, Computers Security 26 (3). Wixom, B. H., and Todd, P. A. 2005. Theoretical Integration of User Satisfaction and Technology Acceptance, Information Systems Research (16:1), pp. 85-102. Vroom, R. von Solms (2004), towards information security behavioral compliance, Computers Security 23 (3). Siponen, M. T. 2001. Five Dimensions of Information Security Awareness, Computers and Society (31:2), pp. 24-29. West, R. 2008. The Psychology of Security, Communications of the ACM (51:4), pp. 34-40. Mogull, R. (2005, August).Management Update: Use the Three Laws of Encryption to Properly Protect Data.Retrieved February 4, 2006, from Gartner. Doherty, N. F., and Fulford, H. 2006. Aligning the Information Security Policy with the Strategic Information Systems Plan, Computers and Security (25:1), pp. 55-63. (2005, December).Data Confidentiality. Retrieved May 16, 2012, from MSDN. v. Solms, B.v. Solms (2004), From policies to culture, Computers Security 23.