Question

Consider the overall team project solution (hardware and software) relative to security. Create and submit a 3–4-page Word document defining your recommendations concerning security. Be sure to articulate reasons for specific choices. Include in your document an explanation about the relationship between the IT security policy and the chosen security mechanisms for your overall solution. Be prepared to discuss your thoughts with the team’s Security Specialist.

Answer 1

IT Security inside of any project is need of the hour.Almost every area of project now-a-days require security.Starting from Requirement analysis to estimation and from software development to management and to delivery,every phase has its own constraints when security is concerned.

Every organisation decides and then abides by certain framework that meets its need of IT security and this framework is codified as Security policy.A security policy is a document,generally prepared by some senior management or by people who are experts in the domain,stating the information values,protection responsibilities and organizational commitment.These policies are the followed by taking specific actions ruled mainly by management control principles and thereby utilizing specific security standards, procedures, and mechanisms.

The need of Information security depends on 3 major requirements:

Confidentiality,

Integrity and

Availability

All these depends strongly on circumstances.

Confidentiality

It is a requirement whose purpose is to keep sensitive information for getting accessed by any unauthorized user.The policy requires systems to be robust when t comes to facing wide variety of attacks.The policies that ensure confidentiality do not explicitly itemize the range of threats that are expected,Instead they propose for operational approach which expresses the policy statement which describes the particular management controls which shall help in achieving confidentiality.Thus they avoid listing threats, which would represent a severe risk in itself, and avoid the risk of poor security design exclusive in taking a fresh approach to each new problem.

Integrity

Integrity is a requirement that helps in ensuring that the information and programs are changeable only by some specified and authorized recipients.It is important for maintaining the consistency in data and allow data to be changed only in an approved manner.The degree of accuracy is measured by this constraint.

Availability

Availability is a requirement that ensures systems to work promptly and service is not denied to authorized users.

From an operational point of view, this requirement refers to adequate response time and a guaranteed bandwidth. From a security point of view, it represents the ability to protect against and recover from a damaging event. The availability of properly functioning computer systems is essential to smoothly carry on the operations of many large enterprises and sometimes preserves lives. Contingency planning is concerned with assessing risks and developing plans for averting or recovering from adverse events that might render a system unavailable.