The paper “ Information Security - the Difficulty in Estimating the Probability of a Threat or Attack Occurring” is a meaningful variant of assignment on information technology. Information security is the aspect of keeping and protecting information from unauthorized access, presentation, modification, and even destruction, which would attribute to huge losses mostly in organizations. The qualities of information security are confidentiality, integrity, and availability. Confidentiality assures access to information by only authorized users, hence keeping information by themselves. Integrity enhances the withholding of the right information for the right purpose and by the right persons.
Availability is meant to ensure that the authorised users have easy access to whatever information they are supposed to access at any time. Standard of due care is a term used in information security where it means that an organization has taken up the responsibility through various activities to protect its data and information both internally and externally (Harris, 2003). This is by adopting certain measures and practices to be followed by employees in accessing whatever information they want to. To observe due care in information security, an organisation should make sure all the qualities of information security are implemented together with Authentication and Authorisation, Data privacy and Non-repudiation.
All these information security qualities are achieved through the organization putting the necessary security mechanisms such as access control, firewalls in their networks, cryptography, and other minor security practices. Due diligence is a term related to due care, whereby, it shows the continual implementation of information security activities over time. This is through a commitment to ensuring protective access of the information in the organisation by making sure that the security mechanisms are operational, and achieving the intended goals.
Both standard of due care and due diligence in information security is relational in that by showing due care there is a need to show due diligence to achieve information security. They both work together, following each other on how they are implemented. They are implemented by reasonable and prudent people who show qualities of being mindful, attentive, and enduring. Prudent people make sure that all necessary measures are implemented to ensure information security in organized ways that are ethical to the business and the legal entities (Harris, 2003). Question 2:Discuss the difficulty in estimating the probability of a threat or attack occurring.
What are some methods that can be used to make these estimates? Threats to information security are either propagated by certain individuals or they happen accidentally. It is difficult to ascertain when an attack will take place based on how much information security mechanisms are implemented. The probability is based on the likelihood of a threat to occur, which can be estimated by looking at the frequency of how other attacks have been happening (Garcia, 2006).
It becomes more complex to understand the basis to which a threat can occur especially when the countermeasures to information security are properly implemented. With more information being produced in an organization, the rise to threats also rises due to the diversity of this information that brings about business development daily. The frequency of particular information access and the amount of personnel who have the right to access it can be a determinant to the probability of information security threat. Change of technology results in new ways being introduced, on how to launch an attack (Alberts & Dorofee, 2002).
This is done by hackers who never sleep to see that they have a solution to pose a threat and outdo a certain security mechanism. To assess the probability of information security threat especially by people there has to be an identified motive, the means or ways of launching the threat, and the opportunity that is a potential vulnerability existing in the organization.
Alberts C. & Dorofee A. (2002). Managing Information Security Risks: The OCTAVE (SM) Approach. Essex, UK: Addison-Wesley Professional
Cisco Systems, Inc. (2011). Cisco IOS Login Enhancements (Login Block). (2011). Retrieved from http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_login_enhance_ps6922_TSD_Products_Configuration_Guide_Chapter.html
Garcia M. L. (2006). Vulnerability Assessment of Physical Protection Systems. New York; USA: Elsevier Inc.
Harris, S. (2003). All-in-one CISSP Certification Exam Guide (2nd Ed.). Emeryville, California: McGraw-Hill.
National Institute of Standards and Technology. (1993). Security Issues in Public Access Systems. Computer Systems Laboratory Bulletin. Retrieved from http://csrc.nist.gov/publications/nistbul/csl92-02.txt
unix.org. (n.d). The UNIX Operating System: Mature, Standardized, and State-of-the-Art. Retrieved from http://www.unix.org/whitepapers/wp-0897.html