How Organizations Benefit from IT Security and Control Essay

Exclusively available on Available only on IvyPanda® Made by Human No AI

According to Hawker (151), IT Security and Control include physical, logical, and administrative measures organizations put in place to ensure data integrity, confidentiality, and availability to authorized users. Information system avail data to authorized users through validation and verification procedures.

These procedures are defined an organization’s information system policies. In addition, data integrity standards should be enforced when data is being transmitted to prevent it from unauthorized access, intentional or accidental modifications, and malicious damage.

Comprehensive approaches subject organizations’ information systems to regular security checks and system audits (Peltier 2). Regular system audits ensure that responsible organizational managers are able to track users and establish potential threats and sources of malicious attacks, unauthorized access, eavesdropping, and other security-related measures. These measures are implemented within and outside organizational boundaries.

Organizations benefit from IT Security and Controls by integrating and aligning them to organizational goals and objectives. Peltier (1) argues that organizations have defined standards, policies, and procedures for implementing security measures and controls to prevent data loss or damage. Information can be sold or mined to enable radical decisions to be made.

Peltier (2) argues that users should form informed decisions on system usage when login sessions commence and should be made aware that they are being monitored.

Peltier (11) asserts that security and control measures such as firewalls implemented at different levels, risk analysis, encryption of data using different techniques, e-mail and other communication policies ensure that organizational information is kept confidential and made available only to the intended parties. Firewalls filter outgoing and incoming data to ensure no corrupt data, malicious software or computer programs accesses an organization’s information system.

Organizations impose administrative controls on data, which is a valued asset, at different levels to ensure accountability and responsibility for system users. This may include passwords verifications and access rights’ mechanisms. Data integrity is maintained organization-wise.

Logical controls ensure firewall protection for outbound and inbound data. An organization may not be at risk of loosing sensitive information to the outside when software is installed to control access to information in addition to implementation of access privileges to system users.

Organizations benefit from the use of physical controls by enforcing policies such as the use of cameras and clear definition of duties. Thus organizational activities are monitored to avoid potential incidents and threats to data corruption, espionage, and damage.

Information is a valuable asset to any organization. It should be managed well. Gertz, Guldentops, and Strous (27) asserts that the movement of traffic in both directions enables a system performance evaluator to determine the vulnerability of system components and controls.

Such performance measures can also be evaluated against the policies and objectives of an organization. Deviations from established benchmarks determine the degree to which performance of the information security controls are effective (Gertz, Guldentops, and Strous 57).

Other measures include the use of software tools to evaluate performance standards of networked computer systems in addition to conducting tests to evaluate effectiveness of system security. A performance evaluation plan is developed by an organization and tests conducted against benchmarks to identify security loopholes.

Information security and controls are embedded in an organization’s culture at personal and organizational levels. Tests should be consistent with organizational management security control goals and objectives (Gallegos, Senft, Manson, Daniel and Gonzales, 124). Gertz, Guldentops and Strous (101) argue that data integrity should be consistently maintained in line with an organization’s information security policies. These could ensure that the quality of data remains consistent with overall organizational requirements.

Gertz, Guldentops and Strous (101) argue that “security, integrity, real-time processing” are vital information systems elements that are enforced to ensure that an organization’s data is not compromised. Accurate, consistent, and reliable data are elements integrated in an organization’s approach to data integrity and availability to ensure system processes and contents are reliable.

Different organizations have different approaches to information systems security. They may be on a logical, physical or administrative level. According to Gertz, Guldentops and Strous (98) administrative controls and security policies include legal aspects and regulations by governments and organizational measures. On the other hand logical and physical controls heavily depend on an organization’s information system’s administrative policies.

Logical controls rely on software that provides controlled access to information in addition to the use of other devices such as firewalls to filter incoming and outgoing and data. Other measures include data encryption. Data encryption standards are well specified by an individual organization. Measures are constantly put in place to ensure logical security measures are not violated.

According to Gertz, Guldentops and Strous (98), physical controls envisage controlled access to computer rooms, lock and key, among others. A combination of these measures data integrity. These measures are enforced on applications, the host, and on an organization’s network. They are visualized as being implemented on different levels of an organization’s information systems.

Land O’Lakes International

One of Land O’Lakes International information security policies emphasized on systems users to log in with their ID’s and passwords as a stringent security requirement. Other security measures included controlled access to the server room in addition to maintaining rigid organizational information security policies.

An interview with Land O’Lakes International IT manager revealed that a cost-benefit analysis and an evaluation on the return on investment (ROI) on the IT infrastructure indicated that the current system was compatible with the security needs of the firm. These basic IT security measures and policies ensured that the company’s information system was secure from free from unauthorized access, data modification, information and data disclosure. In addition data integrity, availability, and privacy were maintained (Gertz, Guldentops, and Strous (27).

Research findings indicated that the company was subject to information security threats, including viruses and malwares. A further analysis of the company’s information systems security was adequate to address security requirements.

However, information is a key and sensitive asset to any organization.

Potential threats still existed on the security requirements of the organization’s management information systems. Therefore, the need for an advanced security system was vitally important.

Research findings further indicated incident records and their frequency to monitor security-related issues (session audits).

Delta

Delta IT’s approach to IS security and controls started on the administrative levels of the company. Information Systems security policies were implemented on the Network server and on database access with limited privileges. Access privileges on writing to files, reading files, and updating them on the same folder could not be accessed from a similar server.

A further security measure included firewall implementation to filter outgoing and incoming data to ensure authenticated data and users accessed the network. These included the use of p2p, wireless a/p, and wireless computers which could be accessed remotely.

The company’s approaches to system security included a logical and administrative approach. Legal requirements and information security policies were defined and implemented organization wise. This approach ensured data and application integrity. The company’s network was also protected from unauthorized access and this approach provided an in-depth defense for the company’s information system.

The information systems security manager was always on the edge in updating and implementing new information security and controls that emerged in the market enabling the organization address emerging trends on information systems security and controls.

The report established that the use of USB flash drives by organizational employees had the potential risk of exposing the system to viruses and malware software. In addition, the current IT security systems, policies, and controls were effective based on results from continuous tests and system audits.

The information systems manager affirmed that the organization evaluated system security effectiveness by continuously carrying out system audits by monitoring the server and wireless and network log in relation to security

Comparative Analysis

Land O’Lakes International and Delta

Land O’Lakes International security policies were implemented with special emphasis on user ID and password schemes as validation and verification measures in addition to rigidly enforcing physically implemented security policies On the other hand, Delta implemented information systems security policies on its network such as controlled access to reading, writing to files, and other transactions with associated policy privileges.

Land O’Lakes International emphasized on physical security policies while Delta’s approach to network security policies emphasized an e-approach, thus, data validation, verification, authentication and authorization mechanisms characterized the organization’s management information system.

While the information systems manager of Land O’Lakes International did not see a proactive need to keep the organization’s security updated on a continuous basis, Delta’s information systems manager kept the company on the edge in keeping with emerging trends in information security and controls (Lane 1). Thus, there was need for Land O’Lakes International to improve and update its management information systems in line with current information systems threats and potential risks.

Literature Analysis

Hawker (151) argues that information system should ensure data integrity and implementation on physical, logical, and administrative levels. Land O’Lakes International’s IT manager proactively implemented the organization’s security policies on a logical and administrative levels (Lane 1). However, Delta’s security policies were on a physical approach.

Land O’Lakes International’s were more prone to security threats and risks as no logical security implementation mechanisms were in place as opposed to Delta that ensures logical security controls were enforced (Peltier 11). Delta’s information security controls were on the administrative levels ensuring tighter information security audits and controls contrary to Land O’Lakes International’s security systems (Gallegos, Senft, Manson, Daniel and Gonzales, 124).

Gertz, Guldentops, and Strous (57) argue that organizations should continuously subject their information systems to regular security audits and critically evaluate such systems on their compatibility and compliance to organizational business goals and objectives. Both companies have not clearly outlined strategic plans, alternatives and contingency measures to meet the ever-changing trends in the software industry. On interest was Land O’Lakes International strategic plans and policy documents in implementing newer security measures and tools.

Both IT security managers need to review their policies and make them compatible with emerging trends with information systems security needs in a dynamic environment. These make management and systems users accountable for their actions.

A strong, reliable, and secure information system must provide complete security and in depth defense for an organization’s information system. Overall, security must be on administrative, logical, and physical levels. These measures ensure data and information security are maintained according to organizational policies and procedures.

Logical controls need to be implemented to ensure data and information integrity and authentication mechanisms are sound, while physical controls asset provide security and administrative controls assert an organization’s consistence and enforcement of information systems legal requirements and policy implementation.

These information systems security controls could ensure information integrity, classification, access control, identification, authentication, authorization, and in depth information system defense.

Further still, this approach could enable companies implement information systems security governance to ensure leaders and other systems users are accountable for their actions. Systems audits should be conducted on a continuous basis to ensure users are tracked and are aware that they are continuously monitored. Adequate resources should also be made available to policies are well enforced and no information security lapse or loopholes exist within an organization’s information systems setting.

References

  1. Gallegos, F., Senft, S., Manson, D P., & Gonzales, C 2004. Technology Control and Audit (2nd ed.). Auerbach Publications.
  2. Gertz, M., Guldentops, E., & Strous, L 2001. Web.
  3. Hawker, A 2000. Web. Routledge.
  4. Peltier, T R 2002. Web.
More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2019, April 20). How Organizations Benefit from IT Security and Control. https://ivypanda.com/essays/it-security-and-control-essay/

Work Cited

"How Organizations Benefit from IT Security and Control." IvyPanda, 20 Apr. 2019, ivypanda.com/essays/it-security-and-control-essay/.

References

IvyPanda. (2019) 'How Organizations Benefit from IT Security and Control'. 20 April.

References

IvyPanda. 2019. "How Organizations Benefit from IT Security and Control." April 20, 2019. https://ivypanda.com/essays/it-security-and-control-essay/.

1. IvyPanda. "How Organizations Benefit from IT Security and Control." April 20, 2019. https://ivypanda.com/essays/it-security-and-control-essay/.


Bibliography


IvyPanda. "How Organizations Benefit from IT Security and Control." April 20, 2019. https://ivypanda.com/essays/it-security-and-control-essay/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
Privacy Settings

IvyPanda uses cookies and similar technologies to enhance your experience, enabling functionalities such as:

  • Basic site functions
  • Ensuring secure, safe transactions
  • Secure account login
  • Remembering account, browser, and regional preferences
  • Remembering privacy and security settings
  • Analyzing site traffic and usage
  • Personalized search, content, and recommendations
  • Displaying relevant, targeted ads on and off IvyPanda

Please refer to IvyPanda's Cookies Policy and Privacy Policy for detailed information.

Required Cookies & Technologies
Always active

Certain technologies we use are essential for critical functions such as security and site integrity, account authentication, security and privacy preferences, internal site usage and maintenance data, and ensuring the site operates correctly for browsing and transactions.

Site Customization

Cookies and similar technologies are used to enhance your experience by:

  • Remembering general and regional preferences
  • Personalizing content, search, recommendations, and offers

Some functions, such as personalized recommendations, account preferences, or localization, may not work correctly without these technologies. For more details, please refer to IvyPanda's Cookies Policy.

Personalized Advertising

To enable personalized advertising (such as interest-based ads), we may share your data with our marketing and advertising partners using cookies and other technologies. These partners may have their own information collected about you. Turning off the personalized advertising setting won't stop you from seeing IvyPanda ads, but it may make the ads you see less relevant or more repetitive.

Personalized advertising may be considered a "sale" or "sharing" of the information under California and other state privacy laws, and you may have the right to opt out. Turning off personalized advertising allows you to exercise your right to opt out. Learn more in IvyPanda's Cookies Policy and Privacy Policy.

1 / 1