Information security gap and information assurance
Information security in the current business arena has become an important component as more businesses are relying on technology to carry out their business functions. Today, information technology has brought massive benefits and much value to businesses. Thus, managers in organizations have continued to express interest in information systems. As such, it has become essential for information systems to be aligned with business functions. However, it is imperative to highlight that information systems have particular strengths and weaknesses. The latter is also referred to as gaps and might hinder an organization from reaching its goals or business targets (Yang, Athula, Mayr, & Kutsche, 2009). In order to understand the loopholes, it is critical to address the aspect of information security gap.
In his article, Krogstie (2012) explores need-gap analysis method to try and explain how software applications and information systems perform in a business and assesses how each one of them determines whether business goals and objectives have been met. Information security programs that are necessary for achieving business goals must be developed and maintained. Krogstie (2012) indicates that this can be achieved via ensuring that an existing program is measured and identifying areas that need improvements and implementing necessary changes, and ensuring that all ongoing business programs are effectively managed.
Information assurance gap as Yang et al. (2009) explain is concerned with the security and management of risks associated with transmission of data, its use, storage and processing. Information assurance is a part of the major information security. As Gaaloul, Krogstie, Nurcan, and Proper (2014) point out, information assurance deals specifically with IT processes and IT security control.
Recommendations and conducting gap analysis
A number of articles on information security gaps do not fully explore and make recommendations on gap analysis. Yang et al. (2009) observe that in order to ensure effective alignment of IT in information assurance and business strategy, information security is essential. There are numerous frameworks which can be used. According to Krogstie (2013), frameworks such as Cobit and Handerson’s model are significant as they provide guidelines which ensure that an organization uses its IT infrastructure effectively to meet business goals. I would recommend the above models since they ensure a business realizes value associated with IT. I would conduct the gap analysis by assessing the business target and objectives. These are found in its improvement objectives, mission statement and strategic goals. Thereafter, I will collect relevant data from its business processes by observing projects, brainstorming and documentation.
Models of access control
Access control methods as Lerner (2012) suggests are important for allowing or limiting access as well as restricting access to business information or resources. This only allows authorized individuals to access business resources. In a business setting, these models work together to ensure access control limits and right of use for resources, computer processes, systems, access to passwords, hardware and biometrics. Lerner (2012) observes that the four parts of access control include authorization, identification, authentication and accountability. The latter is critical in tracing actions to an individual. These actions include making changes to a data. Importantly, it associates an action to a user. Authentication involves the use of identity cards for access while identification establishes means a person can be identified with. Lastly, authorization as the name suggests is concerned with approval for access. The models are very important for physical and logical access control. They can be combined meaningfully to limit access to computers by setting up passwords and by limiting access to company facility if a person does not possess and identity card.
Many organizations allow employees to fulfill multiple roles. The employee is therefore provided with logical access to various company computers, software and biometrics records. While this is critical in information assurance, it has negative effects as well. According to Yang et al. (2009), such an employee might use the access to manipulate data, combine information and use it in inappropriate ways. Accordingly, with rising competition in the current business arena and the need to adopt new market trends where an individual can carry out multiple tasks, cases of lost or mismanaged information continues to grow.
Bell-La Paluda, Biba, Clark and Wilson, and Brewer and Nash models
Different systems of integrity models are critical in ensuring information security. They are used in various settings for diverse purposes. One such model is the Bell-La Paluda model. This is a state machine model used in military applications and government functions. The Bell-La Paluda has rules that limit and control access to government property. Unlike the Bell-La Paluda, Clark-Wilson model deals with computing systems. It majors in information integrity by preventing error and corruption of data via integrity policy. On the other hand, the Chinese wall model referred to as Brewer and Nash model is used to mitigate conflict of interest. In comparison with other models, it changes dynamically and is based upon evidence of flow archetypal.
Performing various roles in organizations
The best way to deal with the duplication of roles at workplace is to begin by assessing the responsibilities of each worker on any given day. Once the duties have been clearly defined, it is possible to note down which roles are duplicate of each other. In addition, unique departments should be set up to handle various tasks or duties. Verification of identity should also accommodate role verification because an organization should be in a position to know employees who are performing particular tasks and their degree of qualifications.
Leave a Reply