Importance Of Organization Security Essay

Question:

Discuss about the Organizational Secruity.

Answer:

Introduction

Security is one of the most significant aspects for the business organizations in the current times. It is necessary for the organizations to make sure that they include the latest security mechanisms and protocols in their architecture and the operational activities. It is because of the reason that there are newer forms of security risks and attacks that are being created with each passing day. These security occurrences are usually in the form of information security attacks with the use of various threat agents such as networks, devices, databases, human resources etc. The use of web-based solutions cannot be discontinued in the business organizations of the present era. As a result, the malicious entities make use of the access points and other web security vulnerabilities to cause damage to the systems and services of an organization. The report covers the step that an organization, iPixel Creative may take to enhance its security architecture.

Organization Overview

iPixel Creative is a Singapore based organization that provides web design and development solutions to its clients. The organization is formed of a small team of creative and highly-skilled professionals that have expertise in the areas of web and graphic designing along with web development. The company set its roots in the year 2007 and has been expanding in Singapore and beyond since its inception (iPixel, 2017).

Current Security Architecture of the Organization

iPixel Creative is an organization that works in the area of web based solutions and services. The security architecture and framework that is currently followed in the organization comprises of three pillars to security as Business security, Information security and Technical Security.

The business security policies include the security mechanisms that are used to keep the business activities and decisions protected from security attacks. There are numerous clients, employees and third-parties that are associated with the organization. The policies and protocols that are followed to maintain business ethics and protect the privacy and security of the business operations come under business security.


Information security covers the security of the information that is transmitted, shared and stored in association with the organization. The steps that are taken under this pillar include network security, physical security and database security (Wang and Tai, 2003).

The third component is the technical security that includes the security of various technical tools and equipment used in the organization. Installation of updates, security patching, along with the maintenance of the security profile of the technical components is included under this pillar of organizational security.

Steps to Improve the Organization Security

The security profile and architecture of iPixel Creative can be enhanced by making use of latest mechanisms and policies in the three areas as business security, information security and technical security.

With the use and adoption of the latest security practices, the overall security of the organization will improve and will provide better results for the organization in terms of revenues, market share and customer satisfaction.

Business Security

There are a number of administrative controls that may be used and applied to improve the security of the business activities and operations.

Security Gap Analysis

It is necessary to first understand and analyze the gaps and loopholes in the security of the organization to develop the mechanisms that must be followed for its improvement.

The security gap analysis shall be carried out in iPixel Creative at regular intervals to highlight the areas that demand enhancement from the security point of view. Chief Information Security Officer (CIO), Security Manager, Security Auditor and the other associates of the security team must participate in the process. The team must come up with a comparison between the current security and the required future security state. The measures that shall be adopted shall be highlighted in the next step (Teneyuca, 2001).

In case of iPixel Creative, the gaps that have been found are in terms of the technical and logical controls that are used, employee trainings, review and inspection processes and security audits.

Separation of Duties

There are a number of security occurrences that have been recorded and observed in case of iPixel Creative due to the malicious nature of activities carried out deliberately or accidentally by the staff members of the organization.

The business processes that are carried out in the organization shall be classified in the form of discrete tasks and activities. There shall be roles identified and assigned to each of these tasks. The process of administrative monitoring and control will become easy to execute. In case of an attempt by an employee to cause damage or to carry out unauthorized and illegal activities, an immediate alert will be generated and the tracking process will also become simplified (Choo, 2013).

Disaster Recovery Planning and Testing

One of the most significant processes that shall be included in iPixel Creative to maintain the business security is the disaster recovery planning and testing.

In spite of the security controls that are created and implemented in the organization, there may be a security occurrence that may be executed by the attackers. It would be necessary to have the measures to recover from such occurrences and cause minimal damage. The downtime involved in the recovery process shall also be kept as low as possible. All of these points will be covered in the development and implementation of a disaster recovery plan (Rieley, 2014).

The disaster recovery plan for iPixel Creative must focus upon the services that the organization provides such as internet hosting, internet based marketing, web and graphic designs, web development solutions and so on. The possible risks and the measures to prevent and control the risks in association with each of these categories shall be created.

There shall also be practical security drills executed to understand the behavior of the systems in case of a real scenario.

Security Reviews and Audits

One of the areas where iPixel Creative lacks in terms of business security is the frequency of monitoring and control processes such as reviews, inspections and audits by the security team.

The security policies and protocols cannot be kept stagnant for a longer period of time. It is necessary to install updates in each of these areas to make sure that none of the security events may occur. The processes such as security reviews and security audits shall be carried out by the security team to highlight the areas that are lacking and the ones that need enhancement (Ruef, 2003).

In these processes, the adherence and compliance to the security standards shall also be reviewed and a formal report shall be presented to understand the security status and security needs of the organization. There may be certain intentional loopholes in security that may be present which will be overcome with the aid of these processes.

Secure Hiring and Termination

The employees that are associated with any of the organization keep on changing. The new resources may join the team of iPixel Creative and the existing ones may leave the organization and join somewhere else.

The employees of the organization have complete information regarding the business activities that are carried out in the organization, business practices that are followed and business protocols and policies that are involved. It is, therefore, necessary to ensure that security hiring and secure termination is followed in iPixel Creative to enhance the business security and the security of the organization (Langley, 2007).

At the time of hiring, the new joiners must be provided with the training on the security tools and policies that they must follow. They must also be informed about the legal and regulatory policies that are associated with the organization along with the ethical code of conduct. The new employees must be provided with the adequate set of accesses and privileges as well. Similarly, at the time of termination, the accesses and privileges that are provided to the employee shall be deactivated completely.

Information Security

Defense-in-depth

Defense-in-depth is the process that shall be carried out in iPixel Creative to form enhanced information security architecture in the organization. The process will result in the formation of the defensive layers to security which will result in the easy detection, prevention and control of the security occurrences.

The process shall cover the technical, logical and administrative controls that shall be developed and installed in iPixel Creative to enhance the information and data security (Bronk, 2008).

There are many layers that are present in the networking model of the organization which must be covered in the process to develop specific protocols for the enhancement of the security of the organization.

Network Security

Most of the security risks and attacks that may occur in iPixel Creative may be in the form of the network security risks and occurrences. There are currently measures that are taken to keep the network protected in iPixel Creative and to avoid the associated threats.

However, it is required to add latest network security tools and measures to ensure that none of the network security attacks are executed.

The organization must make use of the latest anti-denial and anti-malware tools to avoid the network related security attacks such as denial of service, distributed denial of service and launch of malware through the networks. These are the automated tools that must be acquired and installed in all the network access points that are used in the systems of the organization. As a result, the occurrence of the security events will be controlled (Zheng, 2007).

Another set of tools that must be used is the network based intrusion detection and prevention systems. The organization is making use of such systems; however, with the change in technology, there are newer intrusion based detection and prevention systems that have been created. In the latest set of such tools, there is an application of data analytics and mining that is also integrated. Such tools not only detect and prevent any of the network intruders from entering the system but also analyze the patterns and trends that are associated with the same. As a result, the organization gets to know about the behavior of the attacker and the countermeasures to put a check on the intentions and activities may be created (Salem, 2012).

The same shall be followed in case of iPixel Creative to not only prevent and detect the attacks but to eliminate them completely. There are also network auditing tools that have been developed that shall be used by the networking management and security teams to analyze the network related activities and keep a log of the same. These logs are of great help in case of the security attacks for disaster recovery and damage control (Ristov, 2012).

Database Security

The databases that are used in iPixel Creative are protected using the standard set of tools and policies. There are advanced mechanisms that have been developed to improve the state of database security in the organizations.

There are usually cloud databases that are used in IPixel Creative for information storage and management. NoSQL databases must also be used as these provide an enhanced form of security and are also easier to update and maintain.

The access control that is implemented in these databases of the organization must also be changed to role based access control that shall include the security policies and practices on the basis of the user roles and responsibilities.

The databases must also be updated on a regular basis to include the latest security patches in the databases to make sure that version specific attacks are not executed.

Two-Factor Authentication

The attackers violate the authentication methods that are used in the organizations to break into the security and cause damage to the information and data that is associated with the organization.

The same may happen in case of iPixel Creative as well. The organization must make use of two-factor authentication as a result as it would allow the strengthening of the information security of iPixel Creative (Supriyanto, 2012).

The two-factor authentication process must make use of two different methods to grant access only to the authentic users. Methods such as one-time passwords and biometrics shall be used to provide access only to the authentic users. In such a manner, the attackers will not be able to succeed in their malicious attempts to cause damage to the security and privacy of the information that is present in the organizations.

Information Encryption

Encryption of the information is a process in which the information is converted to a protected form that is termed as cipher text which requires a security key to be used to access the protected data.

In case of iPixel Creative, the information in-transit and at-rest is encrypted. However, there is a lot of information that comes from the third-parties that are external to the organization. The encryption protocols used by these third-parties may not be as effective to secure the information from the attacks by the malevolent entities. There shall be a standard policy that shall be formed to inform all the third-parties to follow advanced encryption standard and hashing protocols so that the information that is shared is always protected.

Technical Security

Device Security

There are a number of devices that are used in iPixel Creative. The organization also supports the idea of Bring Your Own Devices (BYOD) at work that further enhances the likelihood of the device related threats and attacks.

The devices that are associated with iPixel Creative shall be protected in terms of the device protection and the protection of the contents in the device. There shall be a tracking protocol installed in each of these devices to keep a track of the same in case of theft. Also, the contents of the device shall be protected with passwords and other authentication measures so that the attackers may not succeed in accessing the same.

Technical Updates

It is required for each of the devices that are used to be updated in terms of the latest system and security updates. This practice will not only keep the devices updated in terms of the latest measures but will also allow them to have latest security patches to avoid the newer forms of security risks and attacks.

Other Measures

Risk management and control is one of the significant areas that must be covered in the organization security of iPixel Creative. The process that is used and followed in the organization must be cascaded in a series of phases such as risk identification, risk analysis and assessment, risk evaluation, risk treatment, monitoring and control.

The use of automated tools for each of these phases must be acquired and implemented in the organization to make sure that the risks associated with the organization are avoided. These tools will not only provide a latest picture of the risks that are involved but will also make the process easier for the employees associated with the organization.

The employees of the organization must also be provided with the security trainings at regular intervals to make sure that the security occurrences do not take place.

Conclusion

With the use of web in the business activities and operations, there are many security threats and attacks that have become common to the organizations of the modern era. iPixel Creative is one such organization that has a complete dependence of its business activities on the web. The organization provides web based solutions and services to its customers all across the globe. Because of the nature of the operations that the organization deals with and the presence of increased number of security risks and attacks, there are many security occurrences that may take place in iPixel Creative. As a result, the organization must make use of latest security practices and protocols to avoid the security threats and attacks.

These security practices must be created and updated in three different areas as business security, information security and technical security. Business security shall be enhanced by making use of measures such as execution of gap analysis, segregation of duties and responsibilities, use of secure processes in hiring and termination of the employees, formation of disaster recovery plans and execution of security reviews and audits. Information security shall also be improved by using latest measures in terms of network security, database security and other associated areas. A defense-in-depth process must be carried out to develop the measures for overall security. Access control and authentication processes must also be improved. Technical security measures must focus upon the latest developments in the areas of device security and protection along with the updates of the devices that are used.

The overall security of iPixel Creative shall be formed by making use of these latest protocols along with the updates in the areas of security architecture as a whole.

References

Bronk, C. (2008). Hacking the Nation-State: Security, Information Technology and Policies of Assurance??—. Information Security Journal: A Global Perspective, 17(3), pp.132-142.

Choo, C. (2013). Information culture and organizational effectiveness. International Journal of Information Management, 33(5), pp.775-779.

iPixelCreative (2017). iPixel Creative | Web Design & Development Company Singapore. [online] Ipixel.com.sg. Available at: [Accessed 18 Aug. 2017].

Langley, A. (2007). Process thinking in strategic organization. Strategic Organization, 5(3), pp.271-282.

Rieley, J. (2014). Building Alignment to Improve Organizational Effectiveness. Global Business and Organizational Excellence, 33(5), pp.6-16.

Ristov, S. (2012). Cloud Computing Security in Business Information Systems. International Journal of Network Security & Its Applications, 4(2), pp.75-93.

Ruef, M. (2003). A Sociological Perspective on Strategic Organization. Strategic Organization, 1(2), pp.241-251.

Salem, M. (2012). Mining Techniques in Network Security to Enhance Intrusion Detection Systems. International Journal of Network Security & Its Applications, 4(6), pp.51-66.

Supriyanto (2012). Review on IPv6 Security Vulnerability Issues and Mitigation Methods. International Journal of Network Security & Its Applications, 4(6), pp.173-185.

Teneyuca, D. (2001). Organizational Leader?€™s Use Of Risk Management for Information Technology. Information Security Technical Report, 6(3), pp.54-59.

Wang, E. and Tai, J. (2003). Factors affecting information systems planning effectiveness: organizational contexts and planning systems dimensions. Information & Management, 40(4), pp.287-303.

Zheng, L. (2007). Dynamic security labels and static information flow control. International Journal of Information Security, 6(2-3), pp.67-84.

How to cite this essay: