Purchase Solution

Security of Information in Commercial or Business Organizations

Not what you're looking for?

Ask Custom Question

This is a case study in preparing for analysis purposes, to study on Security of information in commercial or business organizations.

*This is a general approach, with no specific size of organization or industry type.

5 topics to cover:

(1) Definitions of human, technical and physical information assets at potential risk in commercial or business organizations.

(2) Definitions and descriptions of the terms, 'integrity', 'availability' and 'confidentiality' in relation to the security protection of information assets in commercial or business organizations, i.e. what is it about these assets that must be protected?

(3) Risks inherent in commercial or business organizations: for example, malware and Trojan horses, hackers, insider risks (social engineering) and threats, physical weaknesses

(4) Implications of the threats that put commercial or business organizations at risk.

(5) Suggested counter-measures for commercial or business organizations, namely:
- technical counter-measures
- physical counter-measures
- personnel counter-measures

Each topic should contain an introduction of what each topic means, definitions if required, and detailed explanation, possibly some examples that can aid in understanding the topic better.

This analysis must be based on the work of credible and relevant authors (not personal opinions about information security management). Hence please list in bullet points, the URLs, title/author of book, journal, etc.

**No need include any citation or quoting** as this is purely my own analysis work.
in doc/docx format.

Purchase this Solution
Solution Summary

The solution discusses the security of information in commercial or business organizations.

Solution Preview

Information security in commercial or business organizations

Information security within a commercial or business organization is involves an act that is concerned with information protection of the information systems from people who have no authority over the system. The main purpose of information security is restricting access to unauthorized users, information disclosure prevention, disruption, perusal and destruction.

Topic 1: definition of terms such as technical, human and physical information assets which are at potential risk in a business or a commercial organization.

There are several assets which are at a potential risk in a business or a commercial organization. These assets are classified into three major categories that that is; human, technical and physical information assets.
Human information assets

The human information assets within a business or a commercial organization are the most important assets among the three assets. Humans are like a backbone joining the vital capabilities concerned with sustaining an organization. Human information assets within an organization are basically divided into two major categories that is; employees and non employees.

Employees

This involves the organization's staff members as well as managers, especially the ones who are assigned roles dealing with knowledge management for example, an executive manager, a software developer, a system manager, and a security administrator among others. Generally, they are the 'go-to' people within an organization.

Non-employees

People under this group are either, temporarily working for an organization, special advisors or specialist contractors. An example of this group of people is the person who understands the physical Information Technology environment maintenance. An organization's suppliers and the partners to the organization are also examples of non-employees.
Both the employees and the non-employees form part of an organization's information asset which is at potential risk.

Physical information asset

Physical information assets are generally any tangible information asset within an organization. They are further divided into infrastructures which support IT, control IT environments and IT hardware. Some examples include devices used for storage and computing such as lap tops, computer rooms, and water alarms.

Technical information assets

These are information assets in an organization which have the ability of assisting in the processing of information. Moreover, technical assets assist in creation, output generation, input storing and data storage. Technical asset plays a big role in the identification and valuing of an organization's processes.

Question 2:
Define and describe the terms 'integrity', 'availability', and 'confidentiality' in relation to information security protection of information assets in organizations (either business or commercial). That is, what is it about these assets which make them valuable so that they need to be protected?

The integrity, availability and confidentiality of an information asset have to be protected through information security. Information security ensures that the integrity, availability and confidentiality of any information asset is upheld at all costs regardless of the form of the information asset for example, electronic or in a print form.
An organizations' information such as employee details should be confidential to the organization in context only.

In case an information asset falls in the hand s of a competitor, the organization's security will be breached which may result to drastic end results for example, business loss. In addition to that effect, an organization may become bankrupt in case a competitor obtains the information about it. An organization's confidential information asset protection is termed as both an ethical and legal requirement.

Confidentiality, integrity and availability are the basic principles of an information security. Confidentiality involves the prevention of information disclosure to ...

Purchase this Solution
Free BrainMass Quizzes
Operations Management

This quiz tests a student's knowledge about Operations Management

IPOs

This Quiz is compiled of questions that pertain to IPOs (Initial Public Offerings)

Income Streams

In our ever changing world, developing secondary income streams is becoming more important. This quiz provides a brief overview of income sources.

Organizational Leadership Quiz

This quiz prepares a person to do well when it comes to studying organizational leadership in their studies.

Accounting: Statement of Cash flows

This quiz tests your knowledge of the components of the statements of cash flows and the methods used to determine cash flows.

View More Free Quizzes
Related BrainMass Solutions

  • Differences between COBIT and the ISO 27000 series

    In this regard, organizations follow certain standards comprising of information security standards like ISO 27000 Series and information security governance standards like COBIT.

  • Assignment: Healthcare Commercial Organizations

    There are various types of commercial organizations: Think tank Patient's group Business association Small business firm (small market capitalization) Professional association In your article, Give two examples of each type of commercial

  • Role of the US Constitution & Legal System in Business Regulation

    The example of non-commercial speeches is the political speech that is highly protected by the security forces. The publisher also argued on the restriction of the non-commercial speeches.

  • Internal IT and eCommerce Security Monitoring

    "Electronic commerce or ecommerce is a term for any type of business, or commercial transaction that involves the transfer of information across the Internet.

  • ebusiness regulatory issues for Ford

    Because the relationship is more extensive, every time there is an exchange of information or data, it must be meticulously tracked and labeled as general business or confidential as appropriate (Dada, 2004).

  • Importance of Common Criteria for commercial products.

    (Wikipedia) Hence it provides an independent assessment of a product's ability to meet security standards and gives customers more confidence in the security of Information Technology products and leads to more informed decisions.

  • Implementation of Information Security Regimes

    Governance issues in information security management One of the greatest challenges of information security is aligning with business objectives.

  • Professional Issues in Computing

    They must be responsible in governing the usage of Internet in businesses, schools, or other organizations. Providing monitoring and control on how the Internet is used in companies or school buildings is one way.

  • Important of information security in organizations

    350585 Importance of information security in organizations 1) Explain the need for a sound information security in organizations. 2) How will you justify the need of introducing information security procedures, policies or awareness training to enterprises

View More Related Solutions