StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security Risks - Essay Example

Cite this document
Summary
This paper 'Information Security Risks'  objectives are the identification of the information security threat to contemporary global financial organizations. This is a multi-layered threat that can have both direct (e.g., operational) and indirect  impact.Most of the companies are off shoring their operations…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91% of users find it useful
Information Security Risks
Read Text Preview

Extract of sample "Information Security Risks"

Running head: Managing information security risks in global financial s Managing information security risks in global financial institutions [Writer's Name] [Institution's Name] 1-abstract: Objective: The research objectives are the identification of the information security threat to contemporary global financial organisations. This is a multi-layered threat that can have both direct (e.g. operational) and indirect (e.g. reputed) impact. This analysis can bring into light the significance of the establishment of a management framework. An analysis and comparison of the existing framework and potential synergies will follow, in order to showcase what are the tools readily available for corporations to use in managing the risk. Regulatory requirements that have appeared over the last few years have complicated the risk management effort, since these regulations did not stem directly from Information Security but rather from other areas interacting with IT like finances, legal etc. The information security requirements that these frameworks have is going to be researched and an attempt to assign it to the general categories of information security risks will be made, in order to facilitate an easier management Methods: We performed multiple literature searches on several areas of pertinent research and undertaken interviews and survey questionnaire in order to get the most relevant and up to date information. Results: "Achieving information security is extremely complicated and requires the combination of technical resources and management procedures. A specific balance needs to be achieved, which will provide the required protection to counter the various risks facing any online financial institutions and, in general, any Internet-based businesses venture. (Chaturvedi et al.) 2- introduction: With the passing time the importance of information security is increasing multi-fold especially for the financial Institutions. In order to respond to the increasing concerns regarding the information security the regulatory bodies, all over the world are preparing various regulatory initiatives and set of rules. The financial institutions are required to solve the problem at both the fronts of potential security threats and regulations regarding the information securities. With the increasing awareness and concerns from the customers the financial institutions are required to disclose information at higher scale at the same time the security of information is an important concern. Most of the companies are off shoring their operations in order to reduce costs. This not only increases the concerns of the consumer but also increase the need of information provision by the financial institutions in order to open themselves up to customers and partners for revenue growth. The study will provide the suggestion how does an organisation balance its stakeholder demands while managing the cost of security solutions to prevent IT attacks It is not very easy to find the solution for stated problems. This study is an attempt for the financial institutions all over the world, the findings and results may not match the current trend of the financial information security practices but some practical suggestions will be presented. I hope that the readers and the concerned people will find this information useful and that it helps establish organisational direction for a very complex issue. 3- relation to previous research: In setting up a Web server and connecting it to Internet, a company runs the risk of eavesdropping, intrusion, theft of data, even alteration of data. Full responsibility for controlling these threats falls on the company. Compounding the problem is that the culture of the Internet openness, ease of access, lack of controls so easily penetrates the companies connected to Internet (Stallings & Slyke, 1998). According to Stallings & Slyke (1998) the requirements of security are best assessed by examining the various security threats faced by an organisation. These threats can be divided into two main categories. Passive threats include the attempts by an attacker to obtain information relating to a communication. The other category of threats includes a variety of active threats. These involve some modifications of the transmitted data or the creation of false transmissions. In his article Wilson (2003) addresses the technical issues. The technical standards address access, authentication, authorisation, auditing, integrity and the transmission of sensitive data. According to him following questions need to be taken into consideration: Who gets access to data How do you know that those with access are who they say they are Do they have the appropriate level of authorisation Are you keeping track of who does what and when Do you have assurance of data integrity When you transmit data over an electronic communications network, can anyone else get access to it Are other parties (partners and other health organisations with which you share information) in compliance (Wilson, 2003) Researchers at Purdue University have suggested that when a new security policy is put into action, this is not the final stage. Management should assess it, scrutinise it and make sure that every new control has been put into place to ensure that the organisation can react appropriately to any possible unexpected incidents or illegal intrusions. And this assessment should be constantly repeated and the security policy updated in order to maintain protection. (Chaturvedi at el.) The question need to be answered while undertaking the study will be as follows: What is Information security risk What are the regulatory requirements for global financial institutions How does Information security risk affect financial institutions What are the Confidentiality risks What are the Availability risks What are the Integrity risks Regulatory requirements and their impact on information security risk and control for global financial institutions: How can information security risks be managed What are the available Information security risk management frameworks What are the enablers of using some of the established frameworks How does a global financial institution select a framework What are the main difficulties faced by a global Study of information security management framework implementations: What implementation techniques can be applied How can an organisation align its business as usual processes to processes that are information security risk averse 4-proposed methods: The methodology of this study will be based upon the interviews and questionnaires obtained by the author from being able to contact the employees at different financial institutions. First step is to identify the necessary variables that would make up the study. Locale of the Study: The study would be mainly based upon the accessibility of the Internet sites that are available for visiting through the web. In this regard, it would be reasonable enough to refer to the cyber space as the main domain of the study. The web sites providing information regarding the management of information security in financial institutions is the ones to be used for the completion of this research study. Respondents: The respondents for this study are the employees from different financial companies designated at different posts. To be able to reach the respondents, the author of this paper will try to create e-mail messages that will first prompt the providers of the Internet information. The electronic interview forms will be send to the employees and the managers of the financial institutions. The names of the interviewees will be kept hidden for the sake of secrecy and confidentiality. Sampling Procedure: Since the results of the study are merely based upon the results given through e-mail response, the sampling procedure is simply dependent upon the ones who would be able to comply with the survey requirements. Hence, the only sample population involved in this manner are the manager representative. This way the author is able to narrow down the results easier than handling the sample population from a bigger scope of computations. The results are merely based upon the journals done by other researchers and their comparison with the results of this study's completion. The Variables: The questionnaires shall be expected to give exact results regarding the satisfaction that the consumers or the clients receive from the provided services. This way, the variables which includes the satisfaction level of the client and the performance capabilities of the online financial institutions providing the services are to be evaluated through the questionnaire and interview results. Research Design: The design to be used for this research as mentioned earlier would be the utilisation of the survey and interview questions in an electronic form which were sent to the respondents a couple of days before the formal computation of the results. We will conduct cross-sectional design which "entails the collection of data on more than one case and at a single point in time in order to collect a body of quantitative or quantifiable data in connection with two or more variables"(Bryman & Bell 2003:48). The said design of research is indeed applicable for this study and would be able to provide the necessary details for the completion of the research. The reason behind this is the fact that the respondents themselves are capable of giving the necessary answer for the needed data in this case. Hence, the results of the study are expected to give accurate details for the research procedure. Research Instruments: The Questionnaire will include different questions regarding the perceptions of employees for the importance of management of information security in improving the reputation and creditability of financial institutions. 5-reflections: Lack of literature done so far concerning the disclosure of risk in annual reports might represents a major obstacle. Another limitation might be lack of time. The researcher will follow a hybrid approach in data collection, which will include interviews and questionnaires. Collecting data through these methods, analysing and demonstrating them is time consuming and the researcher does not have much time. There might be challenges in convincing to gain access to the relevant information required within the companies I intend to research. Confidentiality has been a barrier before researchers. It is required to reassure the firm that all data and information collected will be treated in the strictest confidence. In order to increase the response rate, personalised covering letter, reminders and some incentives would be used (Yvonne McGivern 2006). Two kinds of errors are generally associated with sampling, a sampling error and a non-sampling error. The sampling error measures the precision of a sample result. It refers to how closely we can reproduce from a sample the results which would be obtained if we had a complete count or a census, using the same method of measurement, questionnaire, interview procedures, type of enumerators, supervision, etc. In other words the sampling error is the difference between a population value (parameter) and the corresponding sample value (statistic). The non-sampling error arises due to faulty questionnaire, error in measurement, confused interviewing, inefficient supervision etc. this error is not measurable but can be controlled by careful design of questionnaire, proper training of interviewers and vigilant supervision. There are other factors that have to be taken into account, for example, the email addresses of the target population; some technical issues like, firewall set up, bandwidth, and operating system. We also have to ensure the layout of the questionnaires, which should look good and be easy to fill in and be easy to be downloaded. 6-conclusion: The proposed study is to examine the role different factors play in managing the information security at financial institutions. The research will underline the overall effects of regulatory bodies policies at the information security of financial institutions. It will also provide analysis of the factors, which lead to the successful implementation of information security at financial institutions. Evidence of decrease in the profit margin of the company and the increased operating costs due to the regulations will also be examined. The study will also present a brief discussion of the financial industry. The risk associated with undertaking transactions on Internet will also be underlined. Importance of a security policy will also be discussed while keeping in consideration the critical factors of security policy implementation. Although the research is in its initial stages in terms of development and testing, the study will be an important contribution towards Information security studies undertaken so far as it will evaluate the information security policies at financial institutions from both regulatory and changing business environment perceptions. time table: The research will be finished in three months starting on 1st April and ending on 1st July. In the following month, you would carry out the plan and you hope that some improvement would be made on Christmas holiday in particular. We think that the earlier the research finishes the better, so that you could take action earlier. Time table Week Tasks 1 Project start meeting , identification of research problem 2 Research design 3 Interview preparation 4 Start interview 5 Interview in process 6 design and agree questionnaires 7 Identify respondents email addresses and send questionnaires 8-9 Analysis of interview data and write up 10-11 Questionnaires analysis 12-13 Prepare final report, informal discussion of findings 13-14 Delivery of summary report and presentation, Follow-up queries references: Bryman A., and Bell. E., (2003) business research methods 1st ed. OXFORD Donald r. Chaturvedi, A., Gupta, M., Mehta, S., Valeri, L., Fighting the Wily Hacker: Modeling Information Security Issues for Online Financial Institutions Using the SEAS Environment, available at http://www.isoc.org/inet2000/cdproceedings/7a/7a_4.htm#s2 McGivern Yvonne, (2006). The Practice of Market and Social Research. 2nd ed. Prentice Hall. Stallings, W. & Slyke, Richard, V., (1998). Business Data Communications. 3rd ed. Prentice Hall Wilson, Marcia J. (2003). How to ensure security compliance with HIPAA, Computerworld, May 01, 2003, available at http://www.computerworld.com/securitytopics/security/story/0,10801,80812,00.html Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Information Security Risks Essay Example | Topics and Well Written Essays - 2000 words”, n.d.)
Information Security Risks Essay Example | Topics and Well Written Essays - 2000 words. Retrieved from https://studentshare.org/technology/1525398-information-security-risks
(Information Security Risks Essay Example | Topics and Well Written Essays - 2000 Words)
Information Security Risks Essay Example | Topics and Well Written Essays - 2000 Words. https://studentshare.org/technology/1525398-information-security-risks.
“Information Security Risks Essay Example | Topics and Well Written Essays - 2000 Words”, n.d. https://studentshare.org/technology/1525398-information-security-risks.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information Security Risks

Common Information Security Threats

Common information security Threats Introduction The purpose of computers and other network systems is to facilitate information exchange; today, organizations are managed using computer network.... At the present, organizations face a number of security threats (Whitman, 2003), this paper explores the information security threats facing Apple Inc.... information security threats According to Grimes (2012), the threats in terms of information security faced by Apple Inc include: The threat on data Attackers today have invented mechanism to alter data, this involves the data the company utilizes internally....
3 Pages (750 words) Essay

Information Security Issues

The management of Information Security Risks and to implement various methodologies to mitigate the security risks is a growing challenge in the filed of Information technology.... The security risks involved with the various information systems need to be addressed in order to better the performance of the organization in the dynamic global market.... The battle is on for finding out the efficient ways and design methodologies that can analyze the security risks and implement the appropriate mitigation solutions....
11 Pages (2750 words) Essay

Risk and Security

Strategies for managing Information Security Risks.... ConclusionIn a nutshell, technology has its own merits and demerits, and for companies to avoid information security breach, it is necessary that risk assessment be done properly (Elky, 2006).... Besides these, the usage of portable Risk and security AFFILIATION: Risk and security The current era is that of fast information flow.... Potential security ThreatsSome of the potential security threats for this company are as follows:Any employee can code significant parts of the management information system or place a password on these and use it to dictate his or her terms....
1 Pages (250 words) Essay

Risk in Information Security

An elaborate analysis of Information Security Risks should reflect the manner in which operations are affected and the manner in which time affects this impact since this is hardly ever a linear function (Kairab, 2005).... Carrying out risk assessment as well as calculating the return of investment in regards to information security is a challenge and IT risks have been defined as the business risks that are linked with using, involvement, ownership as well as adoption of Information Technology in… This therefore means that the management of risks entails making guesses, predictions and assumptions....
1 Pages (250 words) Research Paper

Managing Information Security Risks in Global Financial Institutions

The paper "Managing Information Security Risks in Global Financial Institutions" discusses that the study will present a brief discussion of the financial industry.... The information security requirements that these frameworks have is going to be researched and any attempt to assign it to the general categories of Information Security Risks will be made, in order to facilitate an easier management Results: “Achieving information security is extremely complicated and requires the combination of technical resources and management procedures....
8 Pages (2000 words) Research Proposal

Computer Security and Protecting Its Data and Information: Proper Measures and Strategies

Their main disadvantage is that they are vulnerable to Information Security Risks that may result in loss or damage of important information.... Computer systems face many challenges that make them vulnerable security risks.... hellip; According to Halibozek (2008), the most common risks to computer security include and not limited to computer viruses, hackers, and crackers, vandalism, environment, and depreciation.... To ensure that these risks are controlled the systems, proper measures and strategies should be put in place to protect the systems....
7 Pages (1750 words) Research Paper

Voter Security Authentication for Online Voting

here are systematic approaches to assessing and managing risks in organizations such as OCTAVE.... The OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation) approach identifies assets to be protected, the risks that may occur to the assets and how it would be effective to protect them and the cost it would take to protect the assets.... The paper "Voter security Authentication for Online Voting" states that the voting system requires continuous auditing, multi-prolonged testing for development stages in implementation phases....
7 Pages (1750 words) Essay

The Information Security Risks of Using Mobile Apps for Individuals and Organizations

"The Information Security Risks of Using Mobile Apps for Individuals and Organizations" paper examines the Information Security Risks associated with the use of mobile apps for individuals and organizations.... Information security riskThe three key Information Security Risks that can be identified in current mobile apps security literature include physical risks, malware attacks, and other nonphysical risks, and communication interception.... There is also a need for greater emphasis on policymaking on the information security of mobile apps....
6 Pages (1500 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us