Information Security Exam 2: Describe the different types of information security professionals
Security personnel are the people who offer directive measures in organizations. They play a critical role in helping curb the risks that employees encounter in their bid towards exploitation of access to the premises and information of organizations. The act of information systems protection from unauthorized access is referred to as information security. There are various classes of information security professionals. Foremost, there are information security analysts. These are individuals who are responsible for taking precautions and making sure that all the documents and websites of the organization are well safeguarded. Besides, they are also charged with the responsibility of making changes and updates to the documents and ensuring that only authorized personnel have access to them. There are also risk management professionals whose role is the identification of vulnerabilities and threats that are likely to be faced in protecting the information of the organization. On the other hand, there are also security guards who are mainly placed at the entry points of premises. Their work is to ensure that non-staff members and unauthorized persons do not enter the premises. Security guards often play this role through asking for identification documents from the people who want to gain access to the premises of various organizations. The other category of information security personnel are the information technology auditors. These are people who handle the financial statements of organizations and make sure that funds are not misused. They are able to achieve this through tracking intruders, keeping them at bay and instituting audit trails (Whitman & Mattord, 2012).
Which kinds of information security personnel are required in a university?
A university requires various types of information security personnel. Since they are unable to afford all of the personnel, the board should consider employing the key ones. One of such personnel includes administrative officers. The main role that is played by administrative officers is to help all the students in campus to access the institution’s buildings by offering assistance in registration with security departments. Besides, a university should also consider information security analysts. Campus students need the school website so as to know the current happenings across the institution. This will assist the students in obtaining updates on the activities that are planned for the entire semester. Communication security alerts systems are also among the security related aspect that should be considered. It is the security body that is held accountable for the determination of crises and issuance of notification on issues that would threaten the safety or health of the students within the campus. Another system that should also be considered is the missing student security personnel. For example, when a student is considered to be missing by his peers, they are required to issue a report to the security department who will then take action and assign people to undertake the search, and also report the matter to the nearest police station (Whitmen & Mattord, 2012).
Describe the kind of training program that a university should set up for its information security personnel.
Security personnel are required to undergo training in order to deal with safety threats that are experienced in campus. They should be taken through thorough screening process before employment. Besides, it is also important that they attend a police academy in the region so as to acquire training like that of law enforcers from the municipal police units. After this, they should be interviewed by a board that will oversee the licensing of law enforcement to the security personnel. In campus, new security personnel are taken through a training program that integrates the training from the academy into practical work experience. For example, studying and mastering all the locations in the university in order to access the premises and residence halls during constant patrol and housing security. Besides, they should also undergo first aid training and acquire all data and information about the institution, which will help them in familiarizing themselves with the wider campus staff. They are also required to undergo continuous training process since information security is an ongoing process as observed by (Whitman & Mattord, 2012).
What should a university expect when it outsources its help desk, programming and MIS to India yet the cultures are varied?
There are various advantages and demerits of outsourcing. For instance, if the campus decides to outsource its help desk, programming and MIS to India yet the cultures are different; they are likely to encounter the problem of language barrier because not all Indians are able to communicate in English. Issues of licensing and copyright should be well handled by the campus in order to avoid the stealing of their projects by competitors. It should also be noted that poor standard of work caused by outsourcing results from differences in communication and cultures. On the other hand, outsourcing can also enhance better risk management since the university is able to share the risks with its outsourcing partners. The university needs to be prepared and create a budget for the long term increase in costs. Through outsourcing to India, the university will be able to acquire global recognition. Besides, the university will be able to also gain the benefits of getting more profits because they will be able to get skilled personnel, flexible staff, reduced overheads, thereby saving a lot of time (Whitman & Mattord, 2012).
What should a university expect when it outsources everything to China considering the cultural differences?
Although the university may opt to outsource to China because of lower production costs, it should critically look into the aspect of cultural differences. The university must put into consideration the amount of funds that are needed. Besides, it must also consider the cost-benefit and analyze it before rolling out any project plans. This will assist in understanding and working with the budget constraints that they are facing and also benchmark the expenses that are not necessarily important for outsourcing. They will benefits from outsourcing market in China which is on a steady growth and be able to rapidly establish its developments and manufacturers.
How should a university handle information security differently?
After outsourcing to other countries, information security should be handled in a different manner. They should make sure that they have put in place, sufficient measures that will assist in curbing crime. The campus should recognize strategic implications of security in a broader way towards ensuring the protection of information assets and ensuring that the organization is preserved. For the successful achievement of proper security information, the institution must have in place a risk management plan for dealing with any likely threats. They are required to hire outsourcing specialists and lawyers to help in the negotiations, issuing advice and verification of legal and technical issues (Whitman & Mattord, 2012).
Conversion Strategies concerning the implementation of information security
The implementation of security is done is various steps like conversion strategies. With regards to this, as parts of a new security system are implemented, various strategies must be applied in order to enhance the preparation for the changes that are likely to be initiated. Conversion strategies involved in the implementation of information security include direct changeover, phased implementation, pilot implementation and parallel operation.
The Bulls-Eye Model
This is a certified model that has proven to be quite efficient in the prioritization of programs for complex change. Issues are specifically picked and handled with a systematic solution and not focused on a personal problem. They are dependent on the evaluation of the process of project plans in four basis steps that include policies, networks, systems and application.
Technology, governance and change control
These are processes that are applied by an organization in controlling the blow and finances from the implementation and innovation of technology. By gaining the full control of the changes of an organization, they are able to enhance communication, the quality of services and also make sure that everyone adheres to the set rules and regulations.
Firewall Analysis tool
Firewall analysis tool is used in the filtering of network traffic for enhanced security, to enable connectivity that is required for the effective operations of the organization’s application. They help in streamlining the security operations, ensuring continuous compliance, delivering a tighter security policy and maximizing application availability.
This is a computer program that is applied in the proactive identification of computer system threats in a network. They use software that identifies and handles security breaches based on a database, and compile a report to be used by an organization for improving the security of its network (Whitman & Mattord, 2012).
They are used by the computer network administrators of an organization for monitoring and analysis of network. Besides, they can also be used in troubleshooting network traffic. Using the information that is collected b y packet sniffer, an administrator can identify the unwanted packets and utilize the data in spotting bottlenecks and helping in the sustenance of competent data transmission (Whitman & Mattord, 2012).
Whitman, M. E., & Mattord, H. J. (2012). Principles of information security. Boston, MA: Course Technology.