IS System Security: importance, overview, challenges,

Need help with an introduction on the topic of system security.

This introduction must:
1. Lay the foundation of the discussion of the topic of your choice.

2. Cover the importance of the topic to the IS domain.

3. Provide an overview of the main challenges, research, and managerial or information systems oriented issues.

4. Include a comprehensive bibliography/reference list consisting of research paper/article citations and a citation of all other resources.

Assignment:
From my topic SYSTEM SECURITY (access to information) it is important because of implications of security breach, laws governing protection of certain types of data, Web Based systems security and Internal security.

I have to comprehensively discuss the topic I have selected. Then, I have to provide a rationale on why this topic is important to me and to the IS domain in general. In addition, I have to provide a comprehensive list of the references for this topic. I have to provide this is 500 words.

Please let me know if I can provide additional information.

Ameri (2004) identifies a model for information security based on five pillars which include protection, detection, reaction, documentation and prevention. Protection involves defining what we are protecting, how we plan on protecting it and what its value is. From a traditional risk management approach this is basically the risk assessment in which you identify all your risks and potential mitigation strategies. Once identified you then place a value on the risks based on the damage that would be caused and the probability of the risk occurring. A decision must then be made on which mitigation strategies to implementation based on a cost-benefit analysis. This is a required step in any type of risk management plan as you must identify your risks, vulnerabilities and mitigation strategies before you possibly implement a plan to control those risks.
Detection involves identifying both static and dynamic events that might identify a breach of security and pose threat to the information technology (IT) system.

Detection must be able to identify both threats to known vulnerabilities as well as unknown vulnerabilities. As an example detection may include the implementation and use of intrusion detection software and systems. These can help to indentify known vulnerabilities as well as watch for network traffic patterns that may indicate a possible attack on the network. The detection aspect of an information security is a required part as a failure to detect an attack will allow for the attack to be launched. Once launched the probability of the attack being successful is much higher than if it is properly detected in its very early stages.

Reaction involves the actions that are planned and executed if and attack or security breach is detected. Once a breach is detected there must be an established reaction plan which includes isolating the breach and resolving the issue. A reaction plan may also include such items as public relations to properly communicate with customers. The reaction pillar is also a required pillar for any security plan to be successful.

Documentation involves the tracking of all attempted security breaks as well as maintaining information on normal procedures and known security issues from third party sources. In order to be able to properly identify vulnerabilities and detect suspicious activity it is necessary to not only know what is not expected but also know what is expected. For example, intrusion detection systems can give off many false alarms if they are not properly setup based on known patterns of network traffic. This is also true for firewalls and DMZ's. Documentation should be a required pillar for any security plan; however, it is often one of the most overlooked areas, especially when it comes to budget cuts, etc.

Unfortunately, it the budget does not allow it, documentation would have to be one of the first areas to cut.
Prevention involves acts that can help to prevent security breaches. The author does not clearly define what he is referring to in the area of prevention. I consider prevention to include such items as employee training, proper security policies, enforcement of security policies, etc. Prevention can also include the actions that are taken in the protection and detection pillars. Much like documentation, if the budget dictates prevention is an area that is typically cut.
Protection, detection and reaction are considered necessities while documentation and prevention are usually considered optional areas that can be done without if necessary based on budget issues. However, while this may be the norm I do not agree with it. If proper attention is given to documentation and prevention it can reduce the expenditures required in the detection and reaction pillars. Documentation can help to focus detection and reaction where really needed while prevention can help to mitigate vulnerabilities up front.

References

Ameri, A. (2004). The Five Pillars of Information Security. Risk Management, 51(7), 48. Retrieved October 4, 2008, from ABI/INFORM Global database.