Key Risks in the Assets of Information Security
The key risks in relation with the assets within an organization due to poor security are:
- Strategic Risk- There are various kinds of strategic based objectives within an organization. The risks originating from the strategic part is a common scenario for organizations. This could be a top threat for the organization as well as their assets. Different organizations should be able to balance the various kinds of risks in relation to the strategic areas (Galliers and Leidner 2014). The failure in order to integrate the IT strategies within their investments would also be able to lead them to severe vulnerabilities of their data getting hacked.
- Cyber Security Risk– Cyber-attacks have become a common phenomenon in the recent times. Data breaches and misconduct within major companies have helped for the growth of cyber security threats within an organization. These attacks could prove vital for the organization as they have the potential to locate the crucial data within an organization and thus gain access over them. The management within an organization should focus on the development of proper form of security measures in order to deal with the impact of the events of risks and thus develop proper form of measures in order to mitigate them (Jouini, Rabai and Aissa 2014).
In order to reduce the imminent risks within the organization, there should be some form of security measures in order to avoid such kind of situation:
In order to avoid the risks related to the strategies within an organization, there should be proper form of measures such as investments within the implementation of newer form of advanced technologies that would be able to help them in relieving from these issues. In the recent times, cloud based solutions are widely being adopted so as to ensure a healthy environment (Peltier 2013). Various organizations are in the rapid process of adoption of the cloud platform in order to store their data. The data stored within the cloud platform is highly stored as they have proper form of encryption standards and methods. These organizations should highly focus on the implementation of the hard set strategy that are governed by top level of management. They should not go out of scope of the strategies. Rather they should be bound within the set strategies (Aljawarneh 2013).
In the cases of cyber security risks, there should be a proper form of implementation of cyber incident response (CIR). There is a high rate of failure within the systems of cyber security. These higher rates of the incidents of failure of cyber security should be kept at the topmost priority and proper form of measures should be taken by the higher level of management within the organization (Pasqualetti, Dörfler and Bullo 2013). The high probability of the cyber incidents should be able to dictate that the top level management and the board of directors within an organization should implement a solid and proper testes CIR plan that would automatically be launched during the incident of cyber security. The responses gained from the incident should be collected and should be analyzed properly, which should be able to cover communication, forensics, compliance protocols and technical functions within the risks (Knowles et al. 2015). The reports gained from proper analyzing should be able to provide valuable insights about the development of various crucial measures that should be taken in order to avoid the future events of risks. The main priorities that should be taken care of would include the securing of digital based evidences, restoring of operations after the incidents and thus notifying the senior level of management immediately during the incidents of cyber-attacks (Sadeghi, Wachsmann and Waidner 2015). The team of developers who would be responsible for maintaining and securing the aspects of software should develop and implement higher security levels within the organization so as to protect the data of the organization.
Physical Security Controls
There are various types of cryptographic algorithms, which are mainly used for encryption and decryption. The three major types of cryptographic algorithms are:
- Public Key Cryptography (PKC)– This is also known as asymmetric cryptography. It is a form of encryption that makes use of a public and a private key. They are unlike the symmetric keys that make use of one key for both encryption and decryption. In this form of cryptography, each of the keys would be able to perform a particular function. The public key is mainly used to encrypt the message while the private key would be used to decrypt the message (Salomaa 2013).
The PKC is computationally infeasible for computing on the private key based on the help of public key. The public keys could be independently shared that would permit the user for encrypting the contents of vital messages and thus verifying the digital signatures.
- Secret Key Cryptography (SKC)– In this form of cryptography, a single key is primarily used for the purposes of encryption and decryption. The sender of the message would use the key for encrypting the plaintext and would then send the cipher text to the receiver. The receiver on the other side would apply the same key in order to decrypt the received message and thus would be able to recover the plaintext (Chandra et al.2014). The secret key cryptography is also known as symmetric encryption as a single key would be used for both the functions.
- Symmetric Key Cryptography– This method of cryptography refer to the methods of encryption in which the sender and receiver of the message would be able to share the same key that would be meant for encryption as well as decryption (Alam and Khan 2013).
The different methods of cryptography are mainly used to secure the vital data that is mainly stored by them in the cloud as well as local computers in an organization.
The public keys are freely distributed. In this system, only the authorized people would be able to read the encrypted data with the help of the method based on public key encryption. The data is encrypted during the transmission with the help of the public key of the person (Hoekstra et al. 2013). The person on the other side would be able to decrypt the data with the corresponding private key. This form of cryptography technique is useful as the private key would be used for the signing of data with a digital form of signature. This form of cryptography is widely used in the applications based on e-commerce and other forms of commercial applications. The use of these cryptographic measures are mainly used in business applications such as digital signatures and encryption.
In the context of digital signatures, the content would be signed in a digital format with the help of the private key of an individual. This would then be verified with the public key of the individual. In the encryption standards, the crucial content would be encrypted using the public key of an individual. They can only be decrypted with the help of the private key of the individual.
The Security Benefits of Digital Signatures – The use of digital signatures by various organizations would be helpful for gaining a number of benefits such as:
Non-repudiation – As the individual would only be responsible for applying the digital signature, hence they cannot claim that they were did not apply the signature (Hashizume et al. 2013).
Integrity – After the verification of the digital signature, the contents would be checked for the purpose of matching of the exact document. Any form of slightest change would cause the failure of checks within the process.
The Security Benefits of Encryption – The proper form of encryption would be able to provide the certain needed benefits:
Critical Role of Cryptography in Information Security
Confidentiality – As the content is encrypted with the public key of the individual, hence the decryption would be performed only with the help of the private key of the receiver of the information. This would ensure that the message is decrypted only by the intended person (Singh 2013).
Integrity – One of the parts of the process of decryption would be able to ensure that the contents of the message would match based on the encrypted and decrypted message. A slight change within the original content and the received content would ensure that the message was tampered or used by some other individual (Nafi et al. 2013).
These forms of cryptography processes ensures the highest form of security of the data within the organization. Based on the recent form of cyber-attacks within the organizations, it has become extremely vital for implementing the proper technical solutions in order to deal with the raised issues. Various technological solutions within an IT organization mainly rely on these forms of cryptographic processes in order to secure their vital data and thus ensure customer satisfaction and their trust within the processes of the organization.
References
Alam, M.I. and Khan, M.R., 2013. Performance and efficiency analysis of different block cipher algorithms of symmetric key cryptography. International Journal of Advanced Research in Computer Science and Software Engineering, 3(10).
Aljawarneh, S., 2013. Cloud security engineering: Avoiding security threats the right way. In Cloud Computing Advancements in Design, Implementation, and Technologies(pp. 147-153). IGI Global.
Chandra, S., Paira, S., Alam, S.S. and Sanyal, G., 2014, November. A comparative survey of symmetric and asymmetric key cryptography. In Electronics, Communication and Computational Engineering (ICECCE), 2014 International Conference on (pp. 83-93). IEEE.
Galliers, R.D. and Leidner, D.E., 2014. Strategic information management: challenges and strategies in managing information systems. Routledge.
Hashizume, K., Rosado, D.G., Fernández-Medina, E. and Fernandez, E.B., 2013. An analysis of security issues for cloud computing. Journal of internet services and applications, 4(1), p.5.
Hoekstra, M., Lal, R., Pappachan, P., Phegade, V. and Del Cuvillo, J., 2013. Using innovative instructions to create trustworthy software solutions. [email protected] ISCA, 11.
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496.
Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P. and Jones, K., 2015. A survey of cyber security management in industrial control systems. International journal of critical infrastructure protection, 9, pp.52-80.
Nafi, K.W., Kar, T.S., Hoque, S.A. and Hashem, M.M.A., 2013. A newer user authentication, file encryption and distributed server based cloud computing security architecture. arXiv preprint arXiv:1303.0598.
Pasqualetti, F., Dörfler, F. and Bullo, F., 2013. Attack detection and identification in cyber-physical systems. IEEE Transactions on Automatic Control, 58(11), pp.2715-2729.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Sadeghi, A.R., Wachsmann, C. and Waidner, M., 2015, June. Security and privacy challenges in industrial internet of things. In Design Automation Conference (DAC), 2015 52nd ACM/EDAC/IEEE (pp. 1-6). IEEE.
Salomaa, A., 2013. Public-key cryptography. Springer Science & Business Media.
Singh, G., 2013. A study of encryption algorithms (RSA, DES, 3DES and AES) for information security. International Journal of Computer Applications, 67(19).
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
