Report Sample on Creating an Effective Info Security Implementation Plan

Introduction

Information security is the measures taken to mitigate the risks associated with the use of information; the mitigation strategies are focused on reducing the risks associated with the use of information. Information Security Implementation Plan is used by organizations and companies to implement an information security framework that will secure the information and safeguard the operations of the organizations.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Physical Security

Physical security is a major factor that influences the security by determining whether the security of the information. Companies have to ensure that the physical security for their information technology infrastructure to reduce the chances of compromise. Physical security is implemented through physical and administrative elements that ensure unauthorized people do not access the information technology peripherals (Paliszkiewicz, 2019). Physical infrastructure is embraced when the organization of the company is implementing information systems that facilitate the operations of the organizations. Physical security ensures that only authorized personnel access information and other related technologies that support the information system infrastructure. Physical security is the first step in securing information.

Physical security measures that can be implemented by companies to ensure physical security is guaranteed include securing the server room with lockable doors that remain closed for authorized access only. The organizations can also use CCTV technologies to facilitate the monitoring of the technologies and how the people are using. Securing the technologies that facilitate information management system ensures the information is secured (Paliszkiewicz, 2019). When people access the technology infrastructure, it increases the chances of the information getting compromised. There are companies that chose to hire security people to secure the information technology infrastructure by offering their physical security. Physical security needs to be reviewed regularly to ensure that the security is up to date.

Physical security also includes protecting the room that contains the technology from fire, including arson fire attacks from people with malicious reasons. Device management is also an important factor where the devices get managed in a manner that reduces accidents and device breakdown due to falls and other forms of accidents that might come up when the professionals are checking on the devices (Paliszkiewicz, 2019). The layout of the rooms that host the devices influences the security of the information management system. The air conditioning of the rooms needs to be considered in improving physical security by ensuring that the technologies have a proper environment for efficient performance.

Authentication

Authentication in information technology is the limitation of access to information and information technology by checking the credentials of the people given access to the information. Authentication confirms the user identity and provides access to the information depending on access given in terms of the information that the person is allowed to access (Paliszkiewicz, 2019). There are different types of authentication used in authentication, depending on the needs of the organization and the type of information being protected. Authentication works by comparing the credentials provided with the ones stored in the database. When the credentials provided match the ones in the database, then the person is given access to the information. Different protocols are followed in determining the credentials to be used for verification.

The different types of authentication include password-based authentication, where the types of passwords include numbers, letters and special characters. The password combinations must be similar to the once stored in the system for the person to be given access to the information. People are encouraged to keep on changing their passwords to prevent phishing where other people get the password and access to the information (Paliszkiewicz, 2019). The other type of authentication is biometric authentication that uses biological characteristics for authentication. Biometric authentication is mainly used on gates and doors to give people access to an area. Biometric authentication uses facial recognition, fingerprint scanners, eye scanners and voice identification to recognize people.

The other type of authentication is the multi-factor authentication that verifies the user using generated codes that are sent to the phone or email of the user. The technology is used in combination with other technologies where is used as backup authentication (Paliszkiewicz, 2019). There is also certificate-based authentication that uses digital certificates as a public key to access information. There is also token-based authentication technology that uses random encrypted characters that are used once; they cannot be reused again. The authentication is mainly used in international money transfer, where the sender provides the codes that will be used by the receiver to access the money.

Network Security

Network security refers to rules and configurations designed to protect the confidentiality, integrity, the accessibility of computer networks and the data through the use of hardware and software technologies (Perlman, Kaufman & Speciner, 2016). Network security includes devices, technologies and processes. Through the implementation of the tools and tasks, no unauthorized person or program can access your networks or devices connected to the network. Network security prevents hacking since, for your computer to be hacked, the hackers have to get over the network. Network security consists of protection, detection and reaction.

Protection is implemented through both inbound and outbound traffic. Detection helps identify the change in configuration and traffic in the network, which may be an indication of a problem (Perlman, Kaufman & Speciner, 2016). After identifying the problem, the next step is responding to seize the network from harm as soon as possible. User management and logins are conducted by managing sign in and managing the email and collaboration environments. Apart from access control, network security is maintained through anti-malware, which prevents initial infection of the network with viruses, Trojans and worms as well as rooting out in case any infection finds its way to the network. Network security is also maintained through application security, behavior analytics, firewalls, web security, VPN and Email security.

To maintain the security of the network, isolation and segmentation is conducted. Treating the network as one entity is dangerous (Perlman, Kaufman & Speciner, 2016). Segmentation is therefore done based on the type of traffic flowing through. Creating sub-networks helps boost security by locking some users from some parts in which the network containing sensitive information that does not concern them. If a part of a network is breached, it can also contain the threat without affecting other segments of the network.

Creating an organizational culture that values and focuses on security is important in promoting network security (Perlman, Kaufman & Speciner, 2016). It is critical to ensure that the employees are trained and updated on measures of boosting cybersecurity. Organizations also secure wireless networks as they are commonly used by hackers to gain access to the network. Organizations are also investing in hiring a managed service provider to help in managing the network.

Data Encryption

Data encryption is a method of maintaining security where the information can only be accessed or decrypted by the user through the encryption key (Kleut, 2019). The encrypted data is referred to as ciphertext and appears in a format that is unreadable to those who are denied access to it. The organization uses data encryption to prevent malicious or negligent individuals from accessing data classified as sensitive. Data encryption deters access to intercepted data as much as possible and is facilitated by cipher or encryption algorithms. The software helps create an encryption scheme that can be broken by the use of exceptional computing power.

There are two types of encryption, namely asymmetric encryption and symmetric encryption. Symmetric encryption uses a symmetric key, which means that both the encryption and decryption keys are the same (Kleut, 2019). To communicate, the parties, therefore must have similar keys. Advanced Encryption Standard is the commonly used form of symmetric encryption, as it is the standard set by the US government. This method is suitable for encrypting drives and files.

Asymmetric encryption uses the public key, which means that the key is published publicly, thus available for anyone. In asymmetric encryption, only the recipient requires the key to read the messages (Kleut, 2019). This form of encryption is used on messaging platforms such as email where the service users have private and public keys. The receiver uses the public key from the sender to verify the message and their private key to decrypt the message. This method is more secure than symmetric encryption since hackers cannot view the content in the message without the private key from the receiver.

The main types of computer encryption are individual files, folder encryption, full disk and whole disk encryption (Kleut, 2019). In file and folder encryption, only specific selected files are encrypted and are suitable in a company where only a few documents are stored on the computer. Full disk or whole disk is the most suitable and complete form of computer encryption. Companies also use built-in encryption programs as well as third party encryption programs.

Software Development

Software development has a role to play in improving security management for information systems. The information security implementation plan is also incorporated in the development of software to ensure that the software used by companies has the security features that guarantee user safety and information safety (Assal & Chiasson, 2018). Software security ensures that the people using the software do not lose the information that they share and collected is not compromised. Software security ensures that people access the information that they are supposed to access depending on the user needs and the functions and responsibilities of the user. All the systems used in organizations have the software element; hence when the software security is compromised, all the information of the company is also compromised.

Software exposes organizations to vulnerabilities of cyber-attacks by hackers who get the information used by the organization and use the information to exploit the organizations. Software security is enhanced, beginning on the development of the software where security measures are incorporated in the software (Assal & Chiasson, 2018). The security features incorporated in the software need to be reviewed regularly and updated to keep the security of the software up to date. Cybersecurity is a significant challenge affecting the security of information; hackers are constantly trying to get access to companies' information to exploit and use the information they get for their own advantage. Software security needs to be improved to ensure the information processed is sage.

Conclusion

The implementation plan ensures that all factors are considered and implemented in protecting the information and systems of organizations. The paper discusses various strategies used in the information security implementation plan to protect businesses from different types of security threats.