Order Now Order Now
Login / SignUp
Order Now

Home Free Essays

>>

All Subjects

>>

IT

>>

Project 5

Project 5

Download



Project 5

Josephus West

School or Institution Name (University at Place or Town, State)

Introduction:

State governments hold personally identifiable information about citizens including social security numbers, tax payer's information, and driving license details, etc. Protection of such data against digital darks is the responsibility of state departments processing such type of information. State governments are responsible for ensuring the confidentiality, integrity availability, and non-repudiation of the data. Most of the state departments have their designated information security policies that include rules and regulations regarding data processing under various conditions. Storing of personally identifiable information records with state departments have become a potential target for cybercriminals ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"DZ5qUcyj","properties":{"formattedCitation":"(Graves, Acquisti, & Christin, 2016)","plainCitation":"(Graves, Acquisti, & Christin, 2016)","noteIndex":0},"citationItems":[{"id":116,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/A2P4BESK"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/A2P4BESK"],"itemData":{"id":116,"type":"article-journal","title":"Big data and bad data: on the sensitivity of security policy to imperfect information","container-title":"U. Chi. L. Rev.","page":"117","volume":"83","author":[{"family":"Graves","given":"James T."},{"family":"Acquisti","given":"Alessandro"},{"family":"Christin","given":"Nicolas"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Graves, Acquisti, & Christin, 2016). Therefore, it is the responsibility of the state governments to maintain public trust and security of data. Information security policies of Colorado-office of information security and Florida-Agency for health care administration are compared below for their strengths and weaknesses.

Similarities:

Both of the state agencies have policies regarding the protection of critical information technology infrastructure and data owned by the agencies. Data can be collected via various sources such as it may be required by some services to obtain personally identifiable information from the general public. Florida agency of health care administration requires the data to be encrypted using advanced encryption standards. Data cannot be transmitted by the healthcare facilities on in-secure channels without applying appropriate ciphertexts and encryption algorithms. In some specific facilities use of block, ciphers are also required. Personal health information cannot be disclosed to any third parties without written or prior permissions of the owner of the health record information ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"TkSiAklZ","properties":{"formattedCitation":"(Goodman, Straub, & Baskerville, 2016)","plainCitation":"(Goodman, Straub, & Baskerville, 2016)","noteIndex":0},"citationItems":[{"id":117,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/8HLJQNSR"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/8HLJQNSR"],"itemData":{"id":117,"type":"book","title":"Information security: policy, processes, and practices","publisher":"Routledge","ISBN":"1-315-28868-0","author":[{"family":"Goodman","given":"Seymour"},{"family":"Straub","given":"Detmar W."},{"family":"Baskerville","given":"Richard"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Goodman, Straub, & Baskerville, 2016). Access to health care facilities is only restricted to authorized personnel. The data processing infrastructure must be compliant with the framework of the national institute of standards and technology. It is essential to ensure the availability of the data to authorized health care professionals when required. Having a standardized infrastructure of data processing will make it easier to troubleshoot any data corruption.

Office of information security of Colorado has information security policies for various departments that help the organizations and state departments to ensure confidentiality integrity, availability and non-repudiation of data. Data encryption is mandatory where information is to be sent on wireless channels because wireless channels are highly unpredictable. Data sent on wireless channels is prone to eavesdropping like the man in the middle attacks in which messages sent without encryption can be intercepted by third parties ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"aXdpFcNC","properties":{"formattedCitation":"(Ortmeier, 2017)","plainCitation":"(Ortmeier, 2017)","noteIndex":0},"citationItems":[{"id":118,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/HM7LGXDX"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/HM7LGXDX"],"itemData":{"id":118,"type":"book","title":"Introduction to security","publisher":"Pearson","ISBN":"0-13-455892-8","author":[{"family":"Ortmeier","given":"Patrick J."}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Ortmeier, 2017). As personally identifiable information can be used for targeted attacks protecting such information is crucial to maintaining public trust in State-owned organizations and their operations. These two requirements are shared by both the state policies. They require the data to be appropriately encrypted before its transfer over the internet.

Differences:

Bot the state agencies have strict rules and policies that are capable of protecting the data owned by state agencies against cyber-attacks. However, the Office of information security of Colorado requires the data to be encrypted using advanced encryption standard with keys of 256 bits in length. This strong encryption is considered to be the most secure in modern data encryption standards. Asymmetric nature of the encryption enforced by the policy is hard to break because different keys are used to encrypt and decrypt the data ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"5b8GHnu8","properties":{"formattedCitation":"(White, 2015)","plainCitation":"(White, 2015)","noteIndex":0},"citationItems":[{"id":119,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/M78VB8CU"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/M78VB8CU"],"itemData":{"id":119,"type":"book","title":"Managing information in the public sector","publisher":"Routledge","ISBN":"1-317-46550-4","author":[{"family":"White","given":"Jay D."}],"issued":{"date-parts":[["2015"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (White, 2015). Florida-agency of health care administration differs in terms of access protection regulations as compared with the office of information security. It requires access to the infrastructure of health care facilities by two-factor authentication and essential public infrastructure. All the facilities of the health care infrastructure must be protected with logical measures.

Recommendations:

Almost all of the state departments outline the requirements of data protection in their information security policies. However physical security of critical infrastructure is crucial as well because all of the logical measures can be breached if there are no physical access restrictions. If hackers are able to physically compromise the system, then logical measure can be bypassed as well ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"uIEE1MXK","properties":{"formattedCitation":"(Da Veiga, 2016)","plainCitation":"(Da Veiga, 2016)","noteIndex":0},"citationItems":[{"id":120,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/Q7KFL9SU"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/Q7KFL9SU"],"itemData":{"id":120,"type":"article-journal","title":"Comparing the information security culture of employees who had read the information security policy and those who had not: Illustrated through an empirical study","container-title":"Information & Computer Security","page":"139-151","volume":"24","issue":"2","author":[{"family":"Da Veiga","given":"Adéle"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Da Veiga, 2016). Physical access restrictions like geo-fencing and digital surveillance must be deployed at state departments having critical information technology infrastructure. Moreover, information security strategic plans must be part of the business plans of the organizations that have to deal with personally identifiable information. Information security investments can be hard for organizations when there are no apparent benefits for the business, but the critical infrastructure cannot be left unprotected just because the probability of targeted attack is low. As long as there are threats for a system, there must be sufficient protection systems as well. As there is no single bullet to halt all of the digital darks all the state departments must have information security policies.

Conclusion:

Information security is crucial in every information processing system. Especially for state departments that require to store and process personally identifiable information to have their information security policies expertly laid out and enforced as well. All the state departments must have their customized information security policies as per the type of data they are handling. State departments must have their own infrastructure as the personal identity of information cannot be risked for protection by third party vendors.

References

ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Da Veiga, A. (2016). Comparing the information security culture of employees who had read the information security policy and those who had not: Illustrated through an empirical study. Information & Computer Security, 24(2), 139–151.

Goodman, S., Straub, D. W., & Baskerville, R. (2016). Information security: policy, processes, and practices. Routledge.

Graves, J. T., Acquisti, A., & Christin, N. (2016). Big data and bad data: on the sensitivity of security policy to imperfect information. U. Chi. L. Rev., 83, 117.

Ortmeier, P. J. (2017). Introduction to security. Pearson.

White, J. D. (2015). Managing information in the public sector. Routledge.

More Subjects

Education

(5614)

English

(2294)

Business And Management

(1760)

Healthcare And Nursing

(1684)

Psychology

(929)

History And Anthropology

(743)

Sociology

(572)

IT

(446)

Education

(429)

Finance, Accounting And Banking

(419)

Philosophy

(347)

Political Science

(310)

Law And International Law

(308)

HRM

(300)

Economics

(288)

Biology And Life Sciences

(267)

Literature

(249)

Marketing And PR

(238)

Culture

(140)

Environmental Science

(109)

Geography

(92)

Statistics

(64)

Maths

(53)

International Relations

(44)

Physics

(30)

Chemistry

(25)

Capstone

(8)

Project Management

(8)

Reflective Thinking

(7)

Critical Review

(3)

Linguistics

(3)

Critical Appraisal

(2)

BUS 2090

(2)

English 12 Drama

(1)

Business Information Technology

(1)

Operational Plan

(1)

Corporate Finance

(1)

L2 Photography And Design

(1)

Food Nutrition

(1)

Leadership

(1)

Nursing

(1)

MBA

(1)

Social Enterprise Project

(1)

Government

(1)

Our tools

Essay typer Grammar Checker Plagiarism Checker Citation Generator

Useful Links

Free Essays About Blog

Contact me

info@freeessaywriter.net

If you have any queries please write to us

Join our mailing list

Invalid Email Address!
Thank you for joining our mailing list

Please note that some of the content on our website is generated using AI and it is thoroughly reviewed and verified by our team of experienced editors. The essays and papers we provide are intended for learning purposes only and should not be submitted as original work.

@ All Rights Reserved 2023 info@freeessaywriter.net

Privacy Policy Terms of Service Use Contact
Back to top