Network Security Management

Network Security: Protecting Vital Information

Network security is crucial due to the increasing danger of attacks that could result in the loss of vital information and subsequent loss of revenue, as a result of the organization's increased reliance on computers to operate its operations today. Therefore, understanding the organization's security requirements is essential to ensuring that the system is free from attack threat and reducing risk of system compromise. This essay examines the principles of a network security system as well as the procedures needed to assess the organization's requirements and then outline the activities one would take to mitigate a security threat (CISCO, 2017).

Ensuring Confidentiality, Integrity, and Availability

To protect the system’s network, one must put in place the information security triad that encompasses confidentiality, integrity, and availability. The restrictions to access to the data in the network should only be to those allowed to see it while keeping off any other person from accessing the contents of the network. This is the provision of confidentiality of the system. The security triad is the plan to have in place to ensure that there is no unauthorized access to the contents of the network and at the same time, the users of the system do not alter the data inadvertently (Bourgeois, 2016). The integrity requirement for securing a system ensures that those allowed to access the data in the system do not make alterations to it and it remains a true record of what is meant to be. Any misrepresentation of data through malicious tampering must be prevented. The availability requirement for the system security provides that the system’s information can be timeously accessed and modified by an authorized system administrator (Gibson, 2015). The timeframe within which the contents of the system need to be available for modification differs with the company depending on the type of data stored on the network servers. To achieve confidentiality, integrity, and availability of the information in a network, the following tools, as well as measures, can be used as part of the organization’s security policy.

Tools and Measures to Secure the Network

Authentication to access the network should be strong enough to prevent compromise to the identity of the users of the system. User IDs and passwords are the most common form of authentication into the system, but they are easily compromised. Regularly changing the passwords assigned to the users as well as the use of complex passwords can help mitigate the loss of passwords through hacking. Use of multi-factor authentication where a combination of a key-card, biometric identification and a password can make it extremely hard for an unauthorized person to access the system (Shinder, 2010).

The measure to put in place is access control. There are several ways of achieving this, which include access control list and role-based access control. In access control list, the user of the system is assigned specific capabilities such as read, write or full control. Beyond the designated capabilities, the user cannot do any other functions. For the role-based access control, users are assigned roles by the system administrator, and then the roles are assigned access to the resources of the network (Gibson, 2015).

The other tool to use to ensure the security of the system is encryption of data. This involves encoding the data in the system while in storage or transmission so that only the authorized persons can read it. An encryption key is availed to both the sender and the recipients to help the recipient decode the data.

A comprehensive backup is also a requirement for the security of the system. This should include a mechanism to regularly backup the data to an offsite storage facility as well as on the site. Additionally, firewalls that include both software and hardware firewalls should be set in place to filter the flow of activities in the system.

References

Bourgeois, D. T. (2016). Information Systems Security. London: pressbooks.com.

CISCO. (2017, February 21). Secure My Business. Retrieved from Network Security Checklist: https://www.cisco.com/c/en/us/solutions/small-business/resource-center/secure-my-business/network-security-checklist.html

Gibson, D. (2015). Managing Risk in Information Systems. Burlington: Jones & Bartlett Learning.

Shinder, D. (2010, July 16). 10 physical security measures every organization should take. Retrieved from TechRepublic: https://www.techrepublic.com/blog/10-things/10-physical-security-measures-every-organization-should-take/