Topic: Securing Information Systems
Name: Priyanka Sharanu
Course: CMP-552
Term: Spring- 2014 (Mondays)
Abstract: Information Systems Security is one of the most pressing challenges confronting all kinds of present-day organizations. Although many companies have discovered how critical information is to the success of their business or operations, very few have managed to be effective in maintaining their information secure, avoiding unauthorized access, preventing intrusions, stopping secret information disclosure, etc.
Security is currently a widespread and growing concern that affects all areas of society: business, domestic, financial, government, and so on. In fact, the so-called information society is increasingly dependent on a wide range of software systems whose mission is critical, such as air traffic control systems, financial systems, or public health systems. The potential losses that are confronted by businesses and organizations that rely on all these hardware and software systems have therefore led to a situation in which it is crucial for information systems to be properly secured from the outset.
Introduction: As IT Systems become more functionality rich, open and dynamic and the information they contain grows in size and value, many companies are rethinking their security strategies to balance the threats and opportunities inherent in new technologies. In mid-2012, coordinated attacks on 60 banks around the world netted an estimated $80 million for the hackers. An automated, malicious software program initiated thousands of attempted thefts from bank accounts that, if successful, could have potentially captured $2.5 billion. In the competitive frenzy that characterizes global business today, security concerns often take a backseat to new ways of doing business. At the same time, information itself is becoming a huge new asset and an increasingly rich and valuable target. It’s important that you monitor both systems and applications for vulnerabilities.
As an Information System matures, it converges with many other technologies due to the demand for increased agility, virtualization and interconnection. The end result is an unplanned 'system of systems' where functionality overrides resilience, leading to security concerns. If this fails, it can take out many systems at once. In the face of these challenges, companies are struggling to strike a new balance between access and risk—one that matches the accelerating whirlwind of innovative technologies with an agile, risk-aware security approach that’s attuned to business necessities. A confluence of significant technological advances is making many formerly secure systems increasingly unsecure, transforming IT from a relatively stable environment into a more volatile one. If not addressed, these changes can introduce unforeseen vulnerabilities and significantly reduce the effectiveness of an organization’s security systems.
System Vulnerability and Abuse
Business Value of Security and Control
Securing Information Systems Before and After an Incident
Although the development of IT security architecture has gained much needed momentum in recent years, there continues to be a need for more writings on best theoretical and practical approaches to security architecture development. Writings that document a practical approach are few.
SYSTEM VULNERABILITY AND ABUSE:
Nowadays, security solutions are focused mainly on providing security defenses, instead of solving one of the main reasons for security problems that refers to an appropriate Information Systems (IS) design. In this paper a comparative analysis of eight different relevant technical proposals, which place great importance on the establishing of security requirements in the development of IS, is carried out. And they provide some significant contributions in aspects related to security. These can serve as a basis for new methodologies or as extensions to existing ones. Nevertheless,