$19.95 Buy and instantly download this paper now
The paper discusses the need to educate and train users in information technology and information security with continuous training programs. The paper addresses the limitations of passwords and the role of two or three-factor authentication, and points out that there can never be one hundred percent risk free, rather, risk can be managed. The paper also discusses how organizations may adapt the Information Security Management System based on the ISO 27000 series of the International Organization for Standardisation (ISO) to provide the best practices and standards for ensuring optimum protection of the information systems infrastructure.
From the Paper:"Provision of security to the information systems resources though should be done from the technological perspective and the management milieu. This is not something done piecemeal but synergized together because one cannot survive without the other. For instance, deployment of the best of breed firewall and intrusion protection system (IPS) is a technological solution. If management decided not to allocate funds to train the IT personnel in the operations and maintenance of these two security products, then the firewall and IPS will be useless. Thus not authorizing funding for training is a management mistake that did not complement their technological solution.
"Even on the regular user side, there have been several cases wherein small, medium and large organizations implemented information technologies but failed to incorporate proper change management that includes user training and user acceptance testing. The result was disastrous because users were given tools and technology they could not handle. Training and education would have enabled and empowered them to learn about "security policies, be informed about the actual threat out there, be kept up to date on the recent security alerts know how to follow security policy guidelines and do their best to help maintaining the security (Arief & Besnard, 2003)." In the same manner as information technology implementations are management decisions, the resulting support needed to manage, maintain and operate the technology by technologists and users is also a management decision that should always go hand in hand with the technology decision."
Sample of Sources Used:
- Arief, B. & Besnard, D. (2003, March 3). Technical and human issues in computer-based systems security. Centre for Software Reliability, School of Computing Science, University of Newcastle upon Tyne. [Online] Retrieved September 8, 2009 from, http://www.dirc.org.uk/publications/techreports/papers/5.pdf.
- McNulty, E. (2007). Boss, I think someone stole our customer data. Harvard Business Review, 85(9), 37-50.
- RSA Security, Inc. (2005). Are passwords really free? - A closer look at the hidden cost of password security. [Online] Retrieved September 8, 2009 from, http://www.rsasecurity.com/solutions/topics/whitepapers/CLHC_WP_0804.pdf.
- Schneier, B. (2005, February 9). The curse of the secret question. Computerworld. [Online] Retrieved September 8, 2009 from, http://www.computerworld.com/securitytopics/security/story/0,,99628,00.html.
- Schneier, B. (2005, April). Two-factor authentication: Too little, too late. Inside Risks 178, Communications of the ACM, 48(4). [Online] Retrieved September 8, 2009 from, http://www.schneier.com/essay-083.html.
Cite this Term Paper:
Protecting Information Systems (2012, January 25) Retrieved December 08, 2022, from https://www.academon.com/term-paper/protecting-information-systems-150086/
"Protecting Information Systems" 25 January 2012. Web. 08 December. 2022. <https://www.academon.com/term-paper/protecting-information-systems-150086/>