Information Security

Introduction3

Discussion4

Standards of Due Care In Information Security5

Information Security Standards- Responsibilities and Roles5

User Compliance5

Monitoring of Employee's activities6

Prohibited Activities6

Personally Owned Software and Equipment6

Employee Verification Credential Security7

Difficulty in Estimating the Probability of a Threat or Attack Occurring7

Methods for the Estimating the Probability of a Threat or Attack Occurring7

Security Management System- Compliance Based8

Security Management System- Risk-Based8

Operating Systems Robust In Security9

Security Devices or Services to Prevent the Unauthorized Access to the Organization's Information9

IPSec as a Security Device to Detect and Block the IP10

Reason of Selecting IPSec10

Estimated Price of IPSec10

Support11

Hardware11

Feedback11

IPSec Scope11

Security Considerations for Contract or Temporary Employees as Comparison to the Regular Employees12

Conclusion12

References………………………………………………………………………………………13Information Security

Introduction

The development and progress in the field of technology has brought several changes in the world. The huge development potential of technology based commerce is tempered by several legitimate issues over the integrity and confidentiality of a system that has a huge number of potentially vulnerable features. It is a fact that internet technology has brought several innovations in the business operation but some of the organizations tend to minimize the use of this technology. It is because of the reason that the privacy and confidentiality of the information is usually at high risk on internet. Therefore, it needs special security strategies and technologies, in order to secure the confidential information (Malik, 2003).

Information security is referred as the steps or activities that are related to the security of information and infrastructure of information against several vulnerabilities and risks. These risks may include the risk of misuse, loss, damage or disclosure of information. Information security management systems are considered as the most efficient system which describes several methods of controls that any business or organization requires implementing, within the organization. These systems may help the businesses and organizations in managing and controlling the risks and vulnerabilities to the system. This may also help the organizations and businesses in ensuring the integrity and confidentiality of the information (Carmouche, 2007).

The proceeding paper incorporates the standards of due care in information security. This may help the organization in securing their information system. The discussion also demonstrates the ideas about the difficulties in estimating the probability of a threat or attack occurring along with some methods that can be used to make these estimates. The paper also describes the operating systems robust, which are used in information security systems along with the suitable cost and efficiency. Security services or devices are also incorporated in the paper, in order to block and detect an unauthentic user, who tends to access the confidential information of an organization or business.

Discussion

Information security is considered as the foremost preference for any organization or business. Information security deals with the protection and preservation of the availability, integrity and confidentiality of the information. It is often said that information of any organization is a product, not a product that can be brought easily. The proper and appropriate information management systems are necessary to secure the information of the organization from misuse or disclosure. It is often observed that several companies and organizations ...