Discuss About The Principles Of Information Security Learning.
Today business are driven by the constant up gradation of the technology and the technological practices. However, the technology, besides revolutionizing the business field, also poses threat to the organization in terms of security and maintenance of the security asset. The solution to these security threats are also inspired by the demands of the business and the business related activities.
Every organization has its own set of business requirements and different security setup that best suits the requirements. Based on the security asset, there are different types of threats that the organization is likely to face (Khoo, Harris & Hartman, 2014). However it is important to identify these threats to design proper strategies to mitigate the consequences that might arise out of these security related issues. It is very much important to be able to acquire well-organized communication, IT asset and technologies that provide effective support to the business processes and that too at an affordable and low cost is a foundational module of effective IT plans. Among the important aspects of the effective information security program, one of the most fundamental demand is to secure the organization’s revenues, resources and reputation from various security threats. These threats can broadly divided into threats related to physical, digital, personnel, and process asset. Other important asset that are at the security risks are behavioral problems, technical problem regarding the matter of productivity and problems of communication (Patriciu, Priescu & Nicolaescu, 2014). All the asset have been categorized in terms of the criticality ranking which lists the important factors under each asset.
The organization should have a business contingency plan for recovery of information if there is any need to recover the information from disaster (Ahmad, Maynard & Shanks, 2015). The contingency plan will make it sure that, whenever there is any need for the data recovery, the process will be cost effective.
The objective of this policy is to give a proper direction for the information management, along with the support for the information security which complies with the requirements of the business (Webb et al., 2014). This policy includes three rules for the enterprise information security:
It is the duty of the security management to initiate and control the architecture that is associated with the information security. This security architecture includes policy framework, however this is not limited to this only (Enterprise information security policy, 2018). This architecture also includes organizational, communication as well as technology framework that ensures the information security in the enterprise setup.
It is the duty of the agencies to develop the policy document that is specific to the organization or the enterprise. This organization specific policy document plays an important role in the enterprise security management (Enterprise information security policy, 2018). It should be made sure that the concerned agency or the regulatory body should act according to the document policy to ensure that the rules are properly followed.
The agencies concerned with the policies should communicate the policies should communicate the policy document with all the concerned agencies.
The objective of the policy is to provide protection for the information resources and asset which include hardware, software and data (Lindup, 2015). These asset should be protected from unauthorized use, misuse, or destruction so that all the operation involving the data and the asset are executed smoothly and correctly.
All the vendors or the assigned contractors responsible to act on the data should create standard security measures for their respective environments in which they operates to ensure optimum data protection (Bulgurcu, Cavusoglu & Benbasat, 2015). The vendors should also provide the documentation to the user and made it available for use.
In order to provide security to the information, the facilities that process the information must be controlled and maintained in such a way that it synchronizes with the security compliance (Anderson & Choobineh, 2015). All the written documentation policies that is generated by the control policies must be retained which will act as the evidence of the compliance.
It is the duty of the enterprise to monitor and tune the resources in order to make it compatible for the projection of the future capacity management.
The automatically generated malicious code must be prevented from propagation which is most of the time is executed automatically after it is generated by the hackers (Enterprise information security policy, 2018). The attempt of the attackers to contaminate the enterprise network environment should also be prevented to secure the enterprise information network.
This particular policy lists some guidelines for the information security:
All the computing resources that are attached to the enterprise network should be prevented from being exposed to all kind of malicious attacks. The attacks might be intentional or unintentional, but the information should be treated with extra care to avoid all kind of malicious attacks to take place (Johansson & Johnson, 2015). Malicious software includes software viruses, worms, Trojan horses, logic bombs and rootkits. However the list is not all exclusive. Systems which have been compromised in terms of security, should be removed from the network for better security. However, all the computers that are part of the network must be included in the list when there is any security update process is initiated for any system part of the network, so that all the computer system is updated with latest security update.
There must be proper backup plan to make sure that no important data is not lost due to data breach. The importance of having a proper data backup plan is that it ensures data availability which is an important features for the enterprise data security. The backup copies of the data, software and system specific images should be regularly tested so that it complies with the established security measures. Along with the backup, the copy of the backup data should be made available offline as per the regulatory requirements (Johnston & Warkentin, 2014). Whenever, the data is restored as part of the data backup, the restore result must be delivered to the data owners. The data owners should also be made aware of any recommendations, if any remedial step is found during the restore test of the data. Once the recommendation is sent to the data owner, it is the responsibility of the owner to review the recommendation and approve the remedial plan that is required to implement the remediation steps (Chen, Ramamurthy & Wen, 2015). The approval must be given by the owner within three months after receiving the recommendations.
Logging and monitoring facilities is must for the enterprises for recording events which ensures evidence. All the system should have the configuration for supporting the security event logging, recording of user activities, exceptions, faults and also events that relates to the information security (Gordon et al., 2015). It is the responsibility of the system administrator to monitor unauthorized login and access to the enterprise information and any illegal activity must be communicated with the concerned higher authority (Enterprise information security policy, 2018). System which are critical in nature must have the configuration to provide automatic login facility to the people responsible for monitoring the integrity of the login facility. The levels of the login and elements associated with the monitoring facility must be decided as per the information regulatory policy to maintain the login and monitoring policy complied with the information security rules.
In order to ensure enterprise information security, it is important to ensure that the integrity of the operational system is maintained throughout the system architecture. It is important to note that, in order to strengthen the security level, it is preferred to install software that has proper license and also secured with proper security patches (Whitman, & Mattord, 2014). The software vendor should provide regular security updates along with the latest security patches to make the software difficult to hack into. Now the frequency of the software update roll out is subject to the approval of vendor as well as the client site. This frequency must be maintained by the vendor. Any delay or change in the plan must be communicated to the client so that there is no confusion about the receiving the security update (Enterprise information security policy, 2018). However, if there is any need for security patches in emergency basis, that must be provided to the client only after it is validated with successful testing.in addition to this, applications running on the operating system, must be reviewed to make it sure that any changes applied to the operating system does not have any diverse effect on the execution of the applications and it does not affect the system security, which must be given the highest priority.
The exploitation of the technical vulnerabilities must be prevented. In order to deal with the technical vulnerabilities, the vulnerabilities report on the information system should be collected on a regular basis. It will help to evaluate the risk associated with the system and the supporting infrastructure (Enterprise information security policy, 2018). The benefit of having a continuous assessment of the system helps to identify any technical problem that might cause security issues for the system. Now, once the report has been made it must be evaluated for better insight about the problems identified so that it become easier for the enterprise to create an effective plan against the technical issue (Laudon & Laudon, 2016). Now it should be well circulated among the users of the system that the user should not use or install any software without the approval of the system administrator of the enterprise as it might compromise with the system security which must be avoided for the information security.
The impact of the audit activities should be minimized on the operational system. Audit activities requires the verification of the operational system and hence these activities must be planned carefully (Anderson & Choobineh, 2015). The activities, before execution must be carefully planned and it must be approved by all the concerned authorities in advance for minimizing disruptions to business process.
The main goal is to identify the assets of the organization and then define the proper responsibilities of the protection.
The assets are involved with the information and with the processing facilities of the information must be identified and the inventory for these assets must be made and taken care of properly for the protection of the assets (Lowry & Moody, 2015).
The information of the assets must have an owner who will make sure that the all assets have protection to keep the value of the assets.
There are rules for the acceptable use of the assets information and the facilities of the assets must be identified, implemented, documented and communicated with the employees and with the contractors those have the access to the assets (Brotby, & Hinson, 2016).
After the termination of the contract or the employment the all employees and the contractors must return their assets.
The objective of the data classification is to ensure the used data and manage must be receives a proper level of protection to the assets with their value, criticality and the importance of the data to the state.
The data of the assets should be managed and classified according to the personal information definition or the records that are confidential and specifies the need, degree and the priority of the protection will receive (Posey et al., 2014).
The proper set of several procedures for the data labelling so that the data are managed and developed for the scheme of the classification scheme.
The handling of the data of the assets must be implement and developed for the scheme of the classification which the state is adapted.
The data are classified as the public data. The data must be protected from the user that are unauthorized for the modification or from destruction.
The data are classified as the confidential and the data must be protected for that. Several controls had to be applied on the data in a manner that the value will be intact (Enterprise information security policy, 2018). The data that are declared as the confidential data must be encrypted properly for the security.
The data that are confidential must not be stored on the devices that are used for the personal use. The data must not be stored on to the personal computer or in the devices.
The emails that are sent from the domain of the state using the internet connection that is public. But the internet connection must be encrypted if in the connection is stores the confidential data.
The cards that are used for the payment purpose are must be kept secure. And the credentials of the card must be kept confidential (Garba et al., 2015). The credentials are consist of the owner like the first name and the last name of the owner, the card number, bank details and others. The state processed the all payment and the information of the card.
Only in the system of the production the confidential data can be used. The data that are confidential is prohibited from testing, development, training in the systems.
The main objective of the media handling is to prevent the disclosure that are unauthorised. The data stored on the media cannot be modified, removed or destructed.
The all procedures must be implemented for the removable media management for the scheme of the classification that the organization is adapted (Li et al., 2016).
The removable media must be sanitized before it removes from the facilities of the state for the repair or the maintenance.
The removal media must be disposed when the media is not going to be used.
The removable media those are containing the data that is confidential should be protected from the access that is unauthorized.
The main objective of the computing of the workstation is to prevent the modification, disclosure, destruction or the removal of the data which is unauthorized.
The platforms of the workstation computing includes the laptops and the laptops must be protected physically against any kind of theft whet the laptop left unattended (Enterprise information security policy, 2018). Any kind the data that are confidential must not store on these devices.
All the platforms of the workstation computing includes the all kind of mobile storage devices and these kind of devices must be sanitized after the approval of the sanitization only.
All the data of the enterprise facilities of the processing that process or store the data are identified as sensitive or critical must have several layers of the physical security (Enterprise information security policy, 2018). All the layers of the physical security must be spate or must be independent from each other.
The areas that are secure must be protected by the entry control that restricts the unauthorized access of the personnel.
For the rooms, facilities and the office’s physical security had to be designed in a appropriate way.
The access points like the delivery and the areas of the loading and the other points that can be accessed by the unauthorized person must be controlled (Herath & Rao, 2015).
A proper set of equipment are required for the loss, theft or damage prevention of the assets. The equipment must be placed in some area that are secured to reduce the amount of the risk.
The infrastructure and the computing equipment related to the security must be protected from the failure of the power and from other kind of failures.
The services of the information must be protected from any kind of damage, interception or from interference.
All of the equipment must be maintained properly for ensuring the integrity and the availability.
All the equipment, information or the software that is the part of the operational system of the state or the process must not be taken to the off site without getting the authorization from the management executives or from the designated representative and it must be removed to the agency for the transfer procedures of the equipment.
The main objective of the network security management is to secure the assets of the State of Tennessee that would be mainly accessible by several vendors and suppliers.
Network Controls (3.1.1)
The control of the network could be defined as the approach in order to secure the computers that would help in securing the endpoint of the technology, system or authentication of the user and the network based security (Lo & Ansari, 2013).
Security of Network Services (3.1.2)
The Network Security Services would comprise of a predefined set of libraries that would be majorly designed in order to support the development of the client and server side applications. The mechanisms for the security of the network, the service levels of the organization should be identified and agreements based on the network services should be clearly defined (Perlman, Kaufman & Speciner, 2016).
Segregation in Networks (3.1.3)
The segmentation of the network could be defined as the involvement of the partitioning of the network within different kind of other small networks (Saleh & Alfantookh, 2015). The segregation of the network also includes the development and thus enforcing a specific rule set that would be able to control the computerized devices that are provided permission in order to communicate with the several other kind of computing devices (Jackson, 2014).
The primary objective of the transfer of information is to secure the information that would be transferred within the infrastructures of the network. This would be managed on behalf of the State with the help of any external entity
Information Transfer Policies and Procedures (3.2.1)
The formal based policies of transfer, controls and the different procedures over the transfer of information should be set properly for the secure transfer of the information with the help of every type of facilities of communication.
Agreements on Data Transfer Policies (3.2.2)
There should be some agreements that would be defined for the secure transfer of the business related information that would be transferred between the external parties and the State (Johansson, 2015).
Electronic Messaging (3.2.3)
The data that would be transferred with the help of the electronic messaging should be protected with the help of proper techniques of security.
Internal Electronic Messages Control (3.2.3.1)
The instant based messages and the email based content that would be a part of the domain of the State consists of confidential data (Pipkin, 2014). This data should be encrypted properly during the process of the transmission of the information.
External Electronic Messages Control (3.2.3.2)
The content of the email hat would be sent through the public internet should have a proper type of encryption as the content might contain confidential information within the attachment.
Electronic Messaging Management (3.2.3.3)
The electronic messages that would be created, sent or received should have a secure relation with the official business transactions. These messages should abide by the approved gateways of the State in order to communicate with the help of the internet (Cunningham & Froschl, 2013).
Confidentiality or Non-Disclosure Agreements (3.2.4)
This kind of agreement could be defined as a legal based contract between two parties that would be able to outline the confidential data, knowledge or the use of information (Walton, 2015). The process of the exchange of the information should be bounded by the clause of the confidentiality of the contract.
To ensure the internal security of the teleworking and the varied use of the mobile devices.
Mobile Device Policy (4.1.1)
Each of the mobile device that are connected to the State of Tennessee have to manage their consumption of data and their basic infrastructure as per the previously defined policies of the State (Harris & Patten, 2014). The mobile devices should also abide by the rules that are defined by the enterprise configuration manager of the State. The rules that have been defined should be able to comply as per the usage policies of the mobile devices that are mainly required by the state or the federal stature.
There are certain requirements, which should be met in order to maintain the usage policies of the mobile devices.
Technical Requirements
The mobile devices should be able to store all the passwords that are saved by the user in an encrypted format.
The devices should be configured properly with the help of a secure password that would comply with the policy requirements of the company. The passwords should not have any kind of similarity with any other kind of credentials that is used by the organization.
The mobile devices that are mainly managed by the IT should be given the access in order to directly connect with the internal networks within the organization (Ghosh, Gajar & Rai, 2013).
User Requirements
The user should be given the access to load only those kind of data that would be required for the purposes based on their role.
The users should not download any form of illegal content or any other form of pirated software on the devices used within the organization.
The devices that are used within the organization should be kept upgraded according to the latest patches of software in order to detect any major viruses that could affect the system (Dinh et al., 2013).
The failure to comply with the policies set by the organization might lead to the suspension of the use of technology and the privileges of connectivity, termination of employment of the user and disciplinary based action (Peltier, 2014). The Immediate Director or Manager of the organization would be advised of the breaches within the policy and hence remedial actions would be taken accordingly.
Teleworking (4.1.2)
Teleworking would be defined to the use of the telecommunication technology and information technology. The technology would allow the employee to work from their homes with the aid of the tools of communication. The tools would include the use of devices such as modem, fax, phone, Internet conferencing or email in order to perform the duties of work from a remotely accessible location (Sato, 2013). The teleworkers who make use of the tools of communication should strictly comply with the proper policies of the telework sector that are mainly required by the federal statute, state or policy of the agency and regulation.
The access control technique is an effective way to protect the physical asset. It will help to organization to control the physical asset in a planned manner (Cunningham & Froschl, 2013). The security cameras can also be used in this regard. The security cameras are capable of recording videos which will help the organization to identify the sabotage employees. This videos are helpful for preventing those employees
The organization should implement the alarm system to increase the security of the physical asset. The technique of the alarm system is helpful as it can provide effective measures to prevent the asset from being affected by the human and the natural damage (Layton, 2016). In addition to that it will inform the authority about the damage to make them aware of the damage.
The physical asset is also damaged by the natural calamities. Hence it is important to have some arrangement that minimizes the chance of the damage of the asset (Peltier, 2015). One of the effective ways to do that is to have wired electric grounding system and in addition to that the rooms in the workshop has to be decorated with the automatic sensory sprinklers that will minimize the chance of fire breakout.
The physical asset are need to protected because the threats associated with the asset have certain vulnerabilities like leakage of valuable data to the competitors, system loss, data storming and system malfunction (Cunningham & Froschl, 2013). Hence the treats are needs to be mitigated and there must be proper strategy for that.
Digital recovery plan or commonly known as the DRP, is an effective strategy to provide security to the digital asset. Sometimes the digital data might be lost due to various reason and it is often needed to recover the lost data completely (Peltier, 2014). The presence of DRP in the enterprise setup makes it possible to recover the lost data completely.
The distributed denial service or the DDOs, is considered to be one of the prime factors for the damage of the digital asset. In order to resolve the issue related to the DDos, all the domains name should be consolidated within a single platform (Peltier, 2014). Along with this mitigation process should be adopted that mitigate the process with the DDos protection system.
All the computer system that is part of the enterprise network must be protected with the antivirus protection. The antivirus protection will help to detect if there is any malicious software installed on the system which might cause the theft of the data.
Bandwidth limitation is an effective way to reduce the chance of the attack, thus increasing the security of the digital data.
Digital asset, if damaged by the possible threats like DDos, SSl, phishing emails, have large impact on the enterprise system. Possible vulnerabilities include chance of cyber-attack which further include theft of valuable organizational data. Hence the threats have to be mitigated with proper strategy and procedures.
The possible strategies to protect the information asset are firewalls, instruction detection system.
In the field of computing, firewalls refer to the technique of network security, in which the system performs the task of monitoring and controlling of the incoming and the outgoing traffic associated with the network.it basically creates a barrier that acts between the authorized internal network and the external network that is not authorized by the system (Cunningham & Froschl, 2013). This creates an effective measure for protecting the internal network and thus flow of information over the network from the outside access. Firewalls are broadly categorized as network firewalls or as host-based firewall. Network firewall basically apply filter between two or more network to modify the traffic between the networks that participate in the exchange of information. It prevents illegal access of information by other network thus providing security for the information being exchanged. In order to activate the host- based, host computers are needed. The host-based firewall basically provide control over the information exchange between those host computers on which the firewall is activated.
Instruction Detection systems, or commonly known as IDS is another effective way for monitoring the network, which can be extended to the monitoring of any computer system part of the network. IDS primarily checks if there is any malicious activity being performed over the network, like illegal access of information or violation of policies (Cunningham & Froschl, 2013). The violation is normally reported to the administrator who is charge of the network. Sometimes the violation is also collected with the help of the security information and event management (SIEM) system, which is installed centrally. SIEM basically collects the information from various sources and then analyse the information with the help of the alarm filtering system. The alarm filtering system is capable of filtering out the malicious activity form the false alarm. Hence, IDS is an effective technique for information security.
In order to understand the importance of securing the information asset, it is required to analyze the threats associated with the asset and how this threats creates vulnerability for the system and what are the impacts (Cunningham & Froschl, 2013). The threats associated with the information asset are bank details hack, illegal withdrawal of the money without proper authorization , theft of customer related information causing alteration in the customer related services and the loss of the employee information which further affect the HR management process. Hence, it is important to secure the information asset with proper and effective strategy.
Conclusion:
The report concludes that the physical asset for Mega Crop include risk of theft followed by the malicious alteration. Other physical asset that are vulnerable to threats include Damage by intention or by negligence by employees, Inoperability of the system, Natural calamity, Water (Cunningham & Froschl, 2013). Among all these physical asset, the risk of theft has the highest criticality ranking. Others important threats are malicious alteration, Damage by intention or by negligence by employees, Inoperability of the system, Natural calamity, Water, which creates malfunction in the system.
The threats of the digital asset are DDos, SSL, Phishing emails, among all of these the DDos has the highest critical ranking and the phishing emails has the lowest critical ranking. The vulnerabilities associated with the DDos is cyber-attacks with network overloading, while the phishing email causes theft of valuable organisational data (Peltier, 2014).
The threats related to the personal asset are poor financial management, improper maintenance of the real estate and unstable market economy (Peltier, 2014). Among these factors, the poor financial management has the highest criticality ranking which might cause misplace of the financial account and the liquid cash of the Megacrop.
The threats for the information asset include safety of the bank details, maintenance of the customer information and the employee details. The safety of the bank details has the highest criticality ranking and the safety of the employee details the lowest criticality ranking.
In order to recover information from disaster, it is important for the Megacorp, a subsidiary of Generico Inc., to have business contingency plan that contains different business component. The benefit of having a business contingency plan is that it provides contingency for serious business plan (Cunningham & Froschl, 2013). The components of contingency planning are Business Impact Analysis (BIA) Incident Response Planning (IRP), Disaster Recovery Planning (DRP), Business Continuity Planning (BCP).The contingency plan also provides the planning required for dealing with the unexpected events and the restore the normal operation with minimum cost possible.
Reference:
Harris, M., & P. Patten, K. (2014). Mobile device security considerations for small-and medium-sized enterprise business mobility. Information Management & Computer Security, 22(1), 97-114.
Ahmad, A., Maynard, S. B., & Shanks, G. (2015). A case analysis of information systems and security incident responses. International Journal of Information Management, 35(6), 717-723.
Anderson, E. E., & Choobineh, J. (2015). Enterprise information security strategies. Computers & Security, 27(1-2), 22-29.
Anderson, E. E., & Choobineh, J. (2015). Enterprise information security strategies. Computers & Security, 27(1-2), 22-29.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2015). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548.
Chen, Y. A. N., Ramamurthy, K. R. A. M., & Wen, K. W. (2015). Impacts of comprehensive information security programs on information security culture. Journal of Computer Information Systems, 55(3), 11-19.
Cunningham, P., & Fröschl, F. (2013). Electronic business revolution: opportunities and challenges in the 21st century. Springer Science & Business Media.
Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.
Enterprise information security policy. (2018). [eBook] Available at: https://www.tn.gov/…/Enterprise-Information-Security-Policies-ISO-27002-Public.pdf [Accessed 29 Jun. 2018].
Garba, A. B., Armarego, J., Murray, D., & Kenworthy, W. (2015). Review of the information security and privacy challenges in Bring Your Own Device (BYOD) environments. Journal of Information privacy and security, 11(1), 38-54.
Ghosh, A., Gajar, P. K., & Rai, S. (2013). Bring your own device (BYOD): Security risks and mitigating strategies. International Journal of Global Research in Computer Science (UGC Approved Journal), 4(4), 62-70.
Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Zhou, L. (2015). The impact of information sharing on cybersecurity underinvestment: a real options perspective. Journal of Accounting and Public Policy, 34(5), 509-519.
Herath, T., & Rao, H. R. (2015). Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154-165.
Jackson, M. O. (2014). Networks in the understanding of economic behaviors. Journal of Economic Perspectives, 28(4), 3-22.
Johansson, E. (2015). Assessment of enterprise information security: How to make it credible and efficient (Doctoral dissertation, KTH).
Johansson, E., & Johnson, P. (2015, August). Assessment of enterprise information security-estimating the credibility of the results. In Proceeding of the Symposium on Requirements Engineering for Information Security (SREIS) in the 13th International IEEE Requirements Engineering Conference(Vol. 13).
Johnston, A. C., & Warkentin, M. (2014). Fear appeals and information security behaviors: an empirical study. MIS quarterly, 549-566.
Khoo, B., Harris, P., & Hartman, S. (2014). Information security governance of enterprise information systems: An approach to legislative compliant. International Journal of Management and Information Systems, 14(3), 49.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education India.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. CRC Press.
Li, L., Xu, L., He, W., Chen, Y., & Chen, H. (2016, December). Cyber Security Awareness and Its Impact on Employee’s Behavior. In International Conference on Research and Practical Issues of Enterprise Information Systems (pp. 103-111). Springer, Cham.
Lindup, K. R. (2015). A new model for information security policies. Computers & Security, 14(8), 691-695.
Lo, C. H., & Ansari, N. (2013). Decentralized controls and communications for autonomous distribution networks in smart grid. IEEE transactions on smart grid, 4(1), 66-77.
Lowry, P. B., & Moody, G. D. (2015). Proposing the control?reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies. Information Systems Journal, 25(5), 433-463.
Patriciu, V. V., Priescu, I., & Nicolaescu, S. (2014). Security metrics for enterprise information systems. Journal of Applied Quantitative Methods, 1(2), 151-159.
Peltier, T. R. (2014). Information security policies and procedures: a practitioner’s reference. CRC Press.
Peltier, T. R. (2014). Information security risk analysis. Auerbach publications.
Peltier, T. R. (2015). Information security risk analysis. Auerbach publications.
Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a public world. Pearson Education India.
Pipkin, D. L. (2014). Information security: protecting the global enterprise. Prentice Hall PTR.
Posey, C., Roberts, T. L., Lowry, P. B., & Hightower, R. T. (2014). Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders. Information & management, 51(5), 551-567.
Saleh, M. S., & Alfantookh, A. (2015). A new comprehensive framework for enterprise information security risk management. Applied computing and informatics, 9(2), 107-118.
Sato, A. (2013). Teleworking and changing workplaces. Japan Labor Review, 10(3), 56-69.
W Krag Brotby, C. I. S. M., & Hinson, G. (2016). Pragmatic security metrics: applying metametrics to information security. Auerbach Publications.
Walton, J. P. (2015, November). Developing an enterprise information security policy. In Proceedings of the 30th annual ACM SIGUCCS conference on User services (pp. 153-156). ACM.
Webb, J., Ahmad, A., Maynard, S. B., & Shanks, G. (2014). A situation awareness model for information security risk management. Computers & security, 44, 1-15.
Whitman, M. E., & Mattord, H. J. (2014). Principles of information security. Cengage Learning.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download