Information System Security
{Author Name [first-name middle-name-initials last-name]}
{Institution Affiliation [name of Author’s institute]}
Introduction
The decision by CIO to allow employees to bring smartphones and tablets into workplace to boost productivity is parallel to the industry concept of BYOD (Bring Your Own Device). BYOD is getting large acceptance as organizations are adapting to the concept.
BYOD provides benefits to both the organization and the employees. Organizations enjoy reduced cost with regards to spending on devices, maintenance, and training while employees enjoy flexibility and availability of organization data on their personal devices that boosts their productivity (Ghosh, Gajar, & Rai, 2013, pp. 62-70).
Security Concerns
Although BYOD is gaining wide industry acceptance with much big organization adopting the new strategy. However, it raised security concerns, threats, and challenges. Some concerns are listed below.
- Compromise of credentials in the event of loss of the device.
- The risk of eavesdropping on employee phone data and voice services.
- Malware, Phishing and Spam attacks on the device and thereby on the organization network
- Risk of confidential organization data in the event of compromise of the employee device
Mitigation Strategies
The above concerns are valid, but there are mitigation strategies that can be applied to achieve a balance of employee satisfaction, flexibility and enterprise control. One of the strategies could be to provide employee devices that are leased by the organization so that employee can use it as their own device but organization gets more control over the device configuration, settings and security. Secondly, strong security software must be installed, including firewalls and authentication and authorization measures for allowing access to employee devices. Roles and responsibilities must be defined for each of the allowed devices along with inventory and registry of all the devices. Security policy, settings and patches must be regularly updated on the devices (Ghosh, Gajar, & Rai, 2013, pp. 62-70).
Strategies and Actions after Network Computer Hacking Incident
After a hacking incident on the network computer, it is important to act in an agile manner to analyze the incident and take appropriate actions to minimize impact. The first step is to define an appropriate incident response plan that may include analyzing the existing security policies, possible vulnerabilities, and unsecured areas and analyzing the network logs of the compromised computer. The compromised computer must be removed from the network immediately to stop access to other network resources to the hackers (Maiwald, 2003).
The case of a home computer is as critical in the event of a hacking attack as that of an organization. Appropriate strategies and steps must be taken to secure the home computer. The first step is to quarantine the system, reset the router to factory defaults and disinfect the computer by running some robust anti-virus program. Contact the ISP (Internet Service Provider) to update on the incident and gather as much help as possible including a change of IP address. Patch and update the underlying operating system and upgrade the firewall (Maiwald, 2003).
Computer Imaging
Computer imaging is the process of creating a backup or a copy of the computer hard drive into a one single large file that is compressed and can be saved onto an external hard drive. Computer imaging includes the complete image of the computer at the moment including installed software and configurations. It is an effective way to protect computer data in the event of a hard disk crash or compromise of the computer system (Maiwald, 2003).
Border Firewalls
Border firewalls are those that come in between two networks and protect and control the information that passes between them (Zou, Towsley, & Gong, 2004).
Risks
The problems and risks associated with border firewall include performance, backdoor connections, and weak security. The border firewalls also cost heavy on the organization and with high repair time in the event of damage or disruption (Zou, Towsley, & Gong, 2004).
Security Threat Mitigation
The risks mitigation for border firewalls includes proper monitoring, use of secure protocols, accountability and requirement policing and a prudent use of firewall across the enterprise network (Zou, Towsley, & Gong, 2004).
Reference
Ghosh, A., Gajar, P. K., & Rai, S. (2013). Bring your own device (BYOD): Security risks and
mitigating strategies. Journal of Global Research in Computer Science, 4(4), 62-70.
Maiwald, E. (2003). Fundamentals of network security. Dreamtech press.
Zou, C. C., Towsley, D., & Gong, W. (2004). A firewall network system for worm defense in
enterprise networks. University of Massachusetts, Amherst,
Technical Report TR-04-CSE-01.
