Assignment Writing Help on Control Types

Control Types

The most important information and data security practices

Currently, breaches in security systems are common in many organizations. When this occurs, the organization’s reputation is vulnerable to damages, with customers’ and other stakeholders’ welfare at risk. A recovery from any breach in the security system can be quite costly. With this in mind, the IT department at Phoenix should insist on only the best and most effective information security practices (Hamlen, Kantarcioglu, Khan, & Thuraisingham, 2012, p. 37). For instance, encrypting all stored data and file systems ensures that sensitive data is protected from possible hacking and loss. The department should also employ strict access controls for all sites, using digital sign-in certificate applications on hardware devices such as routers. Similarly, the application of spam filter (Spam Assassin) on email servers would prevent unwanted emails on the department’s inboxes and folders. Lastly, the department should increase employees’ awareness on the most important information security practices.

Three key elements in an organization used in strengthening the overall information security posture

For any organization globally, forming an information security program to strengthen its information security framework is critical as this governs the protection of key information in an institution. The three key elements that constitute this information security policy program include confidentiality (authorized data access), integrity (any change or manipulation on the data or information by unauthorized personnel is easily detected and those made by authorized personnel tracked thoroughly), and availability (easy access to data and information for authorized personnel upon request) (Hamlen, Kantarcioglu, Khan, & Thuraisingham, 2012, p. 38).

Roles of the three key elements in organizational operations

Confidentiality limits access to the organization’s data and information to a few authorized personnel and prevents leakages or any unauthorized disclosure. Integrity, on the other hand, ensures intact, complete, and accurate data storage and a properly operational IT system to control access and data recovery. Availability defines objective indication of relevant data or information at the disposal of authorized personnel in the organization and ensures that information is distributed promptly on request (Hamlen, Kantarcioglu, Khan, & Thuraisingham, 2012, p. 39).

Applications of the principles of information security systems on data and information security in an organization

Balancing between maintaining the confidentiality of crucial data and information and user utility has proved to be a challenge. An organization should ensure that its IT department insulates vital information systems to ensure a balance between availability and integrity of the data and information. The uses of sensitive data and information in an organization should be well defined with clear guidelines on whom, when, and for what purpose one is allowed to access some particular information to ensure that integrity is maintained. For instance, an accountant at Phoenix during a transaction in the database with a client does not need to see the client name, but he can be allowed access to transaction figures in the sales process. Moreover, the IT department should regularly monitor their security system and be prepared to counter any breach effectively, anytime (Hamlen, Kantarcioglu, Khan, & Thuraisingham, 2012, p. 44).

How the information security systems in an organization enable business transactions and protection of sensitive data and information

The application of an anti-spam software program by an organization helps in scanning the firms’ emails automatically to avoid a possible virus invasion of the system. Using strong and up-to-date antivirus software protects the organization’s information system against any suspicious malware, spyware, Trojans, and viruses. Lastly, the application of a strong firewall protection program assists in controlling data traffic and filters any threat into the information system (Hamlen, Kantarcioglu, Khan, & Thuraisingham, 2010, p. 47).

References

Hamlen, K., Kantarcioglu, M., Khan, L., & Thuraisingham, B. (2012). Security issues for cloud computing. International Journal of Information Security and Privacy (IJISP), 4(2), 36-48.