Assessment of Computer Software
Essay by people • July 23, 2011 • Research Paper • 1,167 Words (5 Pages) • 1,904 Views
Assess of risk in computer database
Given the advanced state of today's technological era, the need to maintain the security of the organization's IT computer system has grown more difficult with each passing day as the need for enhanced and more comprehensive security strives to stay ahead of "yesterday's technology." The need for the IT computer security has never been more important. These needs have caused "headaches" for those charged with maintaining current and future security requirements for the organization's IT computer systems. Security is constantly challenged with "critical" viruses, worms, window patches, and hackers running rampant through the cyber-world and at the same time those charged with the security of the IT computer system are confronted with limited resources with which to combat these threats to the very life of their organization. The organization faces major, if not impossible, issues in "bullet-proofing" the entire IT computer system infrastructure. In this paper the subject to identify is IT computer system security and how to assess risks which may occur to this system throughout the organization.
Computer security is defined as "the protection of the computer access," including data, networks, computer power from unauthorized access, use, alteration, degradation, destruction, and any other threats that may appear either internal or external (Picasso, n.d.). In dealing with additional specific areas of the network's security, system protection takes the form of being able to prevent unauthorized access, modification, misuse, or any harm to the interconnecting groups of computers or the network accessible resources.
Physical and logical are two categories addressed by the IT computer network security. These two categories must be addressed simultaneously and with equal vigor. Often the protection of organizational data is referred to as "information security." Although the differences between the two may appear to be obvious, occasionally they become almost indistinguishable to the organization. The physical part of the security system contains the tangible protection devices, such as the vaults, locks, fences, cables, safes, and any other devices used by the organization. The logical part of the security system deals with the protection of materials non-physical, which would include materials provided by authentication or encryption schemes which might occur throughout the organization or the cyber-world.
When dealing with the security of a computer system it must be remembered that the security is designed not to be mysterious or illegal, but rather about secrecy. As a director of security for a computer software company, which designs specialized programs for specialized companies, the director and all subordinates will be keenly aware that secrets are normally involved. The organization frequently, if not always, deals with confidentiality, authenticity, and integrity. The director of security refers to confidentiality as possessing the power over any distinguishing authorized users from any unauthorized users, and by any level of access that may be in-between the two. The director of security refers to integrity as ensuring that the organizations information is not altered in any undetectable way. Integrity can be associated with making sure what is getting through the computer system remains to be original and true. The director of security refers to authenticity to ensure the users of the computer system are who he or she professes to be. In assess the situation and be certain, the director may elect to establish check-points in any number of locations to ensure information accuracy. The director may also implement a system where in the more privileged employees gain access to, the more privileged parts of the network, and although the lesser privileged employees have access to lesser privileged areas of the information. Of the utmost importance to the director is the issuance of
...
...