In addition, information assurance surpasses mere provision of computer systems security. Agreeably, it is a sum total of processes, people, tools, techniques and methods required to safeguard data. Of critical importance in this analysis is the provision of information assurance for Vology Inc. against all kinds of events that could seriously disrupt the organization’s information flows, information systems and overall operations.
Conducting information security survey for Vology inc.
There are various security threats organizations face. Therefore, a company’s security frameworks when not properly controlled might be susceptible to compromise, offer numerous deficiencies and few benefits. Vology inc. is one of the main IT solution providers in the market today. It deals in pre-owned infrastructure products and provides installation services for its security and management technologies. Its proprietary information and IT assets comprising of used IT equipment are not safe from internal and external threats. Information assurance has been a tool that Vology uses to bring much value to the integrity of its core functions and as such an alignment and security of its information system with its business functions is essential. As Chaput (2015) points out, there is no silver bullet when it comes to ensuring and implementing information assurance (IA). Agreeably, installing a firewall does not accomplish IA needs in an organization.
Conducting an Infosec/IA site survey at Vology requires outlining various survey items that will be audited, reviewed and inspected. The survey will consider multiple factors as expressed in the list below which related to various activities and procedures in Vology’s data center. This will aid in identifying potential risks, assess control measures and operating environment in order to effectively and efficiently mitigate threats. The following items in the information security site survey will be looked at:
- Responsibilities and procedures of personnel
- Vology’s cross-functional and systems training
- IT and management as well as established change management processes
- Back up procedures to prevent data loss and minimize downtime
- The state of physical security, its adequacy in ensuring prevention of unauthorized access to data.
- Environmental controls in place
Besides the above, other items that will be looked at include:
- Vology’s information security policies, standards and procedures
- Security architecture
- System configurations
- Information security product design
- Access control
- Contingency plans for computing operations
- Business relationship confidential agreements and contracts
Vology’s business Process
One of the core business processes of Vology is leasing or selling of used but refurbished and reconfigured IT equipment. An interaction with the products exposes the company to various risks. Cheng, Green and Chi Wa Ko (2015) indicate that many organizations miss basic background knowledge of information assurance on its products and IT systems. Owing to increasing frequency security issues, lack of information on AI exposes them to various threats from viruses and malware. Vology has in its daily business used the Broadleaf E-Commerce Suite to provide customer relationship management, billing, order processing and other customer related functions. E-commerce has become a core factor in the company for determining the levels of aspect for its growth and development. An understanding of the myriads of security threats that faces its e-commerce suite is critical in formulation of information assurance objectives. It is also crucial; to mention that businesses relying on e-commerce face problems of being defrauded by robbers and their trade secrets are revealed to competitors through information leakage to outsiders.
Vology’s security needs
Vology, like any other company has security needs that needs to be considered. Its current business functions such as capital planning, human resource management, taxes and payroll processes are being handled via a “back office” system. There is need to form an operations clause which will primarily focus on provision of guidance with respect to information processing facilities (MacLeod, 2015). This will be critical in ensuring authorization and access for the maintenance of information availability and integrity. This will also guarantee the protection of information being transmitted across networks and in the supporting infrastructure. Furthermore, there is need for a clause that issues guidelines concerning ways of minimising risk with respect to system failures, assuring e-commerce services security, detecting unauthorised activities regarding information processing and ensuring software integrity. As MacLeod (2015) indicates, this is important in ensuring that information contained within the IT system is adequately protected thus not susceptible to loss or damages.
The article Advanced persistent threats: minimising the damage by Brewer (2014) highlights fundamentals and in-depth information assurance strategy. The author points out four critical categories that an organization should factor when mitigating information technology threats as well as securing propriety information and IT assets. These include people, network, host and application. The combination of the components is crucial for providing overall strength and security posture
Leave a Reply