Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

You are a networking intern at Richman Investments, a mid-level financial invest

ID: 3747451 • Letter: Y

Question

You are a networking intern at Richman Investments, a mid-level financial investment and consulting firm. The Richman corporate headquarters is located in Phoenix, Arizona, and the company has eight branch offices spread across the United States. Richman has a total of 5,000 employees who use desktops, mobile computers, and wireless devices.

Your supervisor has asked you to draft a brief report that describes an “Internal Use Only” data classification standard for Richman Investments. Write this report addressing at three Richman IT infrastructure domains that are affected by the standard and how they are affected. Your report will become part of an executive summary to senior management.

Self-Assessment Checklist

I identified at least three IT infrastructure domains affected by the “Internal Use Only” data classification standard.

I detailed how those domains are affected.

I demonstrated adequate independent research for the report.

Explanation / Answer

The Richman corporate headquarters is located in Phoenix, Arizona, and the company has eight branch offices spread across the United States. Richman has a total of 5,000 employees who use desktops, mobile computers, and wireless devices.

The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them.
These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.
Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers.
Should confidential information about a business' customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement.
For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures.
The field of information security has grown and evolved significantly in recent years. There are many ways of gaining entry into the field as a career. It offers many areas for specialization including: securing network(s) and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics science, etc.
This article presents a general overview of information security and its core concepts.
Contents [hide]
1 History
2 Basic principles
2.1 Key concepts
2.1.1 Confidentiality
2.1.2 Integrity
2.1.3 Availability
2.1.4 Authenticity
2.1.5 Non-repudiation
3 Risk management
3.1 Controls
3.1.1 Administrative
3.1.2 Logical
3.1.3 Physical
3.2 Defense in depth
3.3 Security classification for information
3.4 Access control
3.5 Cryptography
4 Process
4.1 Security governance
4.2 Incident response plans
4.3 Change management
5 Business continuity
5.1 Disaster recovery planning
6 Laws and regulations
7 Sources of standards
8 Professionalism
9 Conclusion
10 See also
11 Scholars working in the field
12 Further reading
13 Notes and references
13.1 External links
13.2 Bibliography
[edit]History

Since the early days of writing, heads of state and military commanders understood that it was necessary to provide some mechanism to protect the confidentiality of written correspondence and to have some means of detecting tampering.
Julius Caesar is credited with the invention of the Caesar cipher ca. 50 B.C., which was created in order to prevent his secret messages from being read should a message fall into the wrong hands.
World War II brought about many advancements in information security and marked the beginning of the professional field of information security.
The end of the 20th century and early years of the 21st century saw rapid advancements in telecommunications, computing hardware and software, and data encryption. The availability of smaller, more powerful and less expensive computing equipment made electronic data processing within the reach of small business and the home user. These computers quickly became interconnected through a network generically called the Internet.
The rapid growth and widespread use of electronic data processing and electronic business conducted through the Internet, along with numerous occurrences of international terrorism, fueled the need for better methods of protecting the computers and the information they store, process and transmit. The academic disciplines of computer security, information security and information assurance emerged along with numerous professional organizations – all sharing the common goals of ensuring the security and reliability of information systems.
[edit]Basic principles

[edit]Key concepts
For over twenty years, information security has held confidentiality, integrity and availability (known as the CIA triad) to be the core principles of information security.[citation needed]
There is continuous debate about extending this classic trio.[citation needed] Other principles such as Accountability[2] have sometimes been proposed for addition – it has been pointed out[citation needed] that issues such as Non-Repudiation do not fit well within the three core concepts, and as regulation of computer systems has increased (particularly amongst the Western nations) Legality is becoming a key consideration for practical security installations.[citation needed]
In 1992 and revised in 2002 the OECD's Guidelines for the Security of Information Systems and Networks[3] proposed the nine generally accepted principles: Awareness, Responsibility, Response, Ethics, Democracy, Risk Assessment, Security Design and Implementation, Security Management, and Reassessment. Building upon those, in 2004 the NIST's Engineering Principles for Information Technology Security[4] proposed 33 principles. From each of these derived guidelines and practices.
In 2002, Donn Parker proposed an alternative model for the classic CIA triad that he called the six atomic elements of information. The elements are confidentiality, possession, integrity, authenticity, availability, and utility. The merits of the Parkerian hexad are a subject of debate amongst security professionals.[citation needed]
[edit]Confidentiality
Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred.
Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at your computer screen while you have confidential data displayed on it could be a breach of confidentiality. If a laptop computer containing sensitive information about a company's employees is stolen or sold, it could result in a breach of confidentiality. Giving out confidential information over the telephone is a breach of confidentiality if the caller is not authorized to have the information.
Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds.[citation needed]
[edit]Integrity
In information security, integrity means that data cannot be modified undetectably.[citation needed] This is not the same thing as referential integrity in databases, although it can be viewed as a special case of Consistency as understood in the classic ACID model of transaction processing. Integrity is violated when a message is actively modified in transit. Information security systems typically provide message integrity in addition to data confidentiality.
[edit]Availability
For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks.
[edit]Authenticity
In computing, e-Business, and information security, it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine. It is also important for authenticity to validate that both parties involved are who they claim they are.
[edit]Non-repudiation
In law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.
Electronic commerce uses technology such as digital signatures and public key encryption to establish authenticity and non-repudiation.
[edit]Risk management

Related Questions

You are a member of an alpine rescue team and must get a box of supplies, with m
Question #1989888
You are a member of an alpine rescue team and must get a box of supplies, with m
Question #2060391
You are a member of an alpine rescue team and must get a box of supplies, with m
Question #2280890
You are a member of an alpine rescue team and must project a box of supplies, wi
Question #1693757
You are a member of an alpine rescue team and must project a box of supplies, wi
Question #2196505
You are a member of an alpine resue team and must get a box of supplies, with a
Question #1320929
You are a member of an architectural firm that has been hired by a school distri
Question #3137801
You are a member of an oceanographic group that is studying living on the ocean
Question #726157

Navigate

Previous
You are a network support technician for Farm Kettle Foods, a specialty food sup
Next
You are a networking intern at Richman Investments. An employee of the company u

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.