Information security is one of the components that system administrators deal with in trying to ensure that information is secured. However, with the increasing technological skills, information systems cannot be infallible to threats and attacks. It is always said that the only secure computer is the one that is switched off. Even those information systems that work offline are vulnerable to threats and attacks. Thus, there is need to analyze the threats posed on an information system in an effort to enhance security of information. Home component systems are thought to be secure given the fact that most of them function in an offload mode most of the time. Nevertheless, the components that make up these systems are fully protected since they can be attacked or even changed through the configurations.

An information system is made of various distinct but interactive components that work together to ensure that storage and accession of information is executed accordingly. Some of the components that make up an information system are tangible and controlling how they function can be mechanical and thus easy to streamline. However, others are software whose implementation and control depends on the level of skills of the user.

Components of an Information System

Computer hardware is a composition of physical elements that make up a computer system. In essence, these physical parts enable the input and output of information into the system. Thus, hardware is the entry point into an information system and having secure hardware enhances the security of information that is stored in the system (Cesare & Lycett &  Macredie, 2006). Some hardware are removable, which means that they can be removed from the main system and therefore poses the risk of transferring security threats to the system if they are contaminated with viruses.

Software on the other hand, is the programs that control the operations in an information system and exist are ideas, concepts, and symbols. Some of the software that are on my information system include Application software such as my email address, operations software such as; Microsoft Windows® Vista SP2, Internet Web Browsers (IE and Google Chrome) and Antivirus programs such as Sophos Anti-Virus.

Similarly, data contained in the system is composed of either processed or unprocessed data, which can help in making a decision, by the user. Data includes; statistics, pictures, and other forms of information that is stored on the information system and that which can be retrieved and modified by the user (Whitman &  Mattord 2011). Unauthorized user can delete or destruct data stored in form of files. Procedures represent the protocols that the system administrator may assign for users of the system. They include the use of usernames and passwords to access the information on the information system. Procedures are the basic control measures against threats to the information on the information system.

People that use the information system form an important component of the system especially if they have log in rights. As such, the possibility of changing the setting or even deleting files and documents in the system is very high if the user has no authorized access (Whitman&  Mattord 2011). Limiting the access rights of people helps in guarding the confidentiality and integrity of the information on the system but people interacting with the system cannot completely be done away with. Some of the components of my information system are:

Course Project Phase I

Hardware:

1- My laptop Sony VGN-z690

2-Wireless Router LTE-ZZ Broadband 4G Version 2.064

3- iPhone 3gs Version 5.0.1 Firmware 06.15.00.

Software:

1- Application software my email alroyhli@gmail.com. 

2- Internet Web Browsers (IE and Google Chrome)

3- Microsoft Windows® Vista SP2 runs on my laptop.

4- Antivirus program (Sophos Anti-Virus) for Window.

Data: 

1-Information stored in my laptop. (Personal information and pictures)

Procedures:

1- A computer security protocol for logging to my laptop

People:

1- My wife (khadejah) using my laptop frequently.

The above components are faced with threats that must be addressed by the information security administrator and avert the effects on the functioning of the information system. Below I list twenty threats and the components to which the threat appertains:

Course Project Phase II

Components

Threats

1-My laptop Sony VGN-z690

Loss of or cooling my notebook

2-Wireless Router LTE-ZZ Broadband 4G Version 2.064

Earthquakes, tornadoes, fires, 

and flood

3-IPhone 3gs Version 5.0.1 Firmware 06.15.00

IPhone stolen by a theft

4-Application software my email alroyhli@gmail.com 

Phishing: attempt to steal valuable information via email address

5-Internet Web Browsers (IE and Google Chrome)

Social Networking Sites by allow user to post a lot of personal information.

6-Microsoft Windows® Vista SP2 runs on my laptop

Viruses, Trojan, Horses, and Worms

7-Antivirus program (Sophos Anti-Virus) for Window

Failure to update

8-Information stored in my laptop. (Personal information and pictures)

Spyware and keystroke loggers pose a threat to personal data.

9-A computer security protocol for logging to my laptop

Anyone can log into my laptop and steal sensitive information or deleting files.

10-My wife (khadejah) using my laptop frequently

Dumpster diving, deleting files

11- Application software Microsoft enterprise suit

Possibility of crushing

12- Media player application

Failure to respond due to attack by virus

13- Automatic updates from Microsoft

Failure to update leading crushing of the system

14- Temporary files from the Internet downloads

Overloading of hard drive leading to slow performance of the computer

15- Hardware, screen, hard drive

Risk of crashing from fall while being used by my wife (khadejah)

16- Storage space

Reduced storage space risk making the PC slow

Course Project Phase III

Knowing the amount of risk posed on each of these components helps in enhancing the security control measures. Each component faces risks on a different scale and knowledge of this scale will help in having effective control measures for that component. Below are the various components and the threats that they face. Calculation of risk is done using a Method for Quantitative Risk Analysis by James W. Meritt and Quantitative Risk Analysis Step-By-Step by Ding Tan.

Course Project Phase IV

Having identified the threat and the risk posed, the next step is to identify point of control and the action to be taken to avert the threat. In this phase, I identify the control points to the threats and suggest the action to be taken.

Component

Threat

Type of control

Action

Information stored in my laptop. (Personal information and pictures)

Spyware and keystroke loggers pose a threat to personal data.

Administrative

Routine security audits can detect unauthorized or harmful software on my laptop.

My wife (khadejah) using my laptop frequently

Deleting files

Administrative

Technical

Using need to know rule.

Applying need to know, I  give my wife access only to the data she

Needs to do her job.

Using access control rule of least privilege. Local users (my wife), have fewer privileges. She is only able to use some programs or applications. She can’t add, modify, or even delete.

Microsoft Windows® Vista SP2 runs on my laptop.

Viruses, Trojan, Horses, and Worms

Viruses, Trojan, Horses, and Worms

Update my anti-virus program once a week. Also turn on automatic updating for Microsoft Windows

My laptop Sony VGN-z690

Loss of cooling my notebook

Technical

Appropriate heating, cooling, backup system

IPhone 3gs Version 5.0.1 Firmware 06.15.00

IPhone stolen by a theft

Physical

A mantrap set 2 doors to enter my office.

The first door (apartment door) required a physical key. The second door (the office door) required an identification number scan by a card reader.

Conclusion

From the analysis above, it is evident that information security involves a number of measures that ensure the confidentiality, integrity, and availability of information to the owner. Enhancing the security of information thus includes; protecting information from unauthorized access by other people, misuse, disclosure, or disruption. Information security should also ensure that other people do not do modification, perusal, or inspection. Similarly, it also includes protecting the information from outside attacks such as viruses and worms. This will ensure that the information is not destructed or corrupted.

Order now

Related essays