The paper "Information Technology and Information System Security" is an engrossing example of coursework on information technology. Today, it cannot be doubted that Information Technology is changing at a high pace. This greatly affects personal information, business processes as well as work environments. However, it is quite unfortunate that individuals entrusted with the responsibility to maintain the security posture of their business processes, personal computing systems, and environments are not well-informed that security is changing rapidly. This implies that a number of people and organizations do not actually seem to acknowledge that albeit technologies, computing environments and operating systems could be left static.
The approaches needed to maintain the security of such systems as the attempt to control the latest threats that affect them would be adapted continuously and force change. Due to the spreading news about the latest computer viruses, information attacks, and new vulnerabilities as well as updates needed for operating systems as circulated across the globe, it becomes necessary for individuals to develop appropriate security mechanisms to protect their computer systems and information resources against threats. A Security Assessment of my Personal Computing Situation In order to effectively evaluate the security condition of my critical computer systems and data, I involved in active testing and risk evaluation phases.
I have discovered that through risk assessment processes, current and future security and computer configuration issues can be easily identified and controlled so as to maintain the availability, confidentiality, and integrity of my computing systems and environment. Therefore, my security assessment involves regular auditing and evaluation of the existing computer systems and data as my security-based practice. A discussion of the methodology adopted for security evaluation of my personal computing environment Although threats can occur in form viruses, terrorism, cyber-hackers, or power disruptions, my argument is that evaluation of the risks associated with particular threats is a critical task of any security auditing and assessment.
In this view, I decided to adopt a Threat Analysis approach for security evaluation of my personal computing situation. It is a methodology implemented on the basis of different types of threats, vulnerabilities, and methods of system attack in relation to security threats. This methodology is ideal for this exercise simply because it identifies threats and it could help me to define the risk mitigation policies for my computer systems and information resources.
Therefore, ensuring the identification of risks, their adequate classification, and prioritization for mitigation is a major aspect of any security assessment. Basically, the Threat Analysis security methodology helped to develop a systematic approach to protect the availability, confidentiality, and integrity of my computing systems and data. However, it is important to note that the metrics used in a Threat Analysis approach proves to be a challenging requirement whilst determining the status of my computing security performance.
This clearly indicates that modifications such as developing a more generic methodology should be considered to minimize the exposure of my computing system and data to huge threats and vulnerabilities. It becomes quite clear that the new generic approach will involve threat analysis and security metrics that will effectively prioritize threats and the associated vulnerabilities so as to continue enhancing the security of my computing systems and environment.
ReferencesWhitman, ME & Mattord, H.J., 2011, The Roadmap to Information Security: For Information Technology (IT) and Information System Security (InfoSec) for Managers, Cengage Learning.