ISSC481 discussion response
Question Description
Hello,
I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
1. Why is it necessary to define policy elements?
2. Discuss the terms confidentiality, integrity, and availability as they relate to information systems. Why are they important?
Student one:
Greetings class,
Information systems are not simply a place in which information or data is stored. Information systems are complex structures that do store information, but that information needs to be protected, send and received capabilities exist and those need to be regulated, the software, users, and abusers all need to be considered when it comes time to drafting a comprehensive plan to ensure proper employment of the whole thing. Because it is so complex and there are so many parts within the whole, every organization that has information systems needs to have an information system security policy in place. To accomplish this, every element within the system needs to be reviewed so its role in the system is understood, as well as how any potential challenges it may encounter so that those challenges can be prevented or mitigated as best as possible.
Confidentiality, integrity, and availability, also known as the CIA Triad, play a large role when considering the way an organization should go about protecting its information systems. Some questions to ask might be:
Confidentiality: Who should have access to different types of information? What access policies and procedures are in place? What information needs to be protected by law? What information needs to be protected based on the policies of the organization? How does that information stay protected against unauthorized use? How will we know if unauthorized users attempt or successful access data that should be protected? What equipment or software do we need? How often should the system be assessed to find any weaknesses in that area?
Integrity: What type of information needs to be protected from unauthorized modifications? How do bad actors accomplish this and what needs to be done to prevent it?
Availability: How can our organization’s systems be disrupted? What incident response plans will be enacted should this happen?
In my opinion, it’s a great idea to start asking questions to make the best plan forward because knowing what is at stake will help drive the next steps of effort.
Have a great week,
Ashley
Student two:
Hello Class,
1. Why is it necessary to define policy elements?
Policies provides instructions on dictate the parameters on how businesses operate and their transactions with other organizations. Information Security Systems policies are written to define parameters to minimize threats and ultimately to keep the organization functioning and productive. So it’s important to define policy elements so that everything is known, clear, and understood by everyone. Defining policy elements thoroughly minimizes confusion and helps with ensuring that the policy elements are adhered to. It also helps people who fall under these policies, recognize certain actions or when someone else isn’t meeting the policy element specifications. This will provide those employees or members with the knowledge of what to do and who to contact if the policies aren’t being followed.
2. Discuss the terms confidentiality, integrity, and availability as they relate to information systems. Why are they important?
Information systems access, process, contain all sorts of data. Some information is more sensitive or confidential than other information. There is often private and proprietary data contained on information systems. Organizations most assuredly used information systems to process transactions and conduct business overall. So whether it’s a personal information system or if it belongs to an organization, both people and organizations alike want their information to be kept confidential. They don’t want their data to be modified unless they are the one who is change it and they want to be able to use their system. Putting these parameters in place forms the CIA triad, confidentiality, integrity, and availability. The CIA triad is the goal for securing data on information systems. Confidentiality, integrity, and availability are essential for information systems because owners of the systems want to be able to access their information whenever they want and ensure that it isn’t being accesses or altered by outsiders.
Reference:
Johnson, R. (2015). Security Policies and Implementation Issues, 2nd Ed. VS Burlington: Jones & Bartlett Learning ISBN: 9781284055993. Retrieved from https://online.vitalsource.com/#/books /9781284070637/cfi/42!/4/4
Metivier, B. (2017). Fundamental Objectives of Information Security: The CIA Triad. Retrieved from https://www.sagedatasecurity.com/blog/fundamental-…
-Kimberly