Example of an Information Security Threat
A “domain of architecture is an Enterprise Architecture (EA) that represents a whole system and addresses the concerns of different stakeholders” (Antunes, Bakhshandeh, Mayer, Borbinha, & Caetano, 2014, p. 3). Most of these EA frameworks tend to have several domains combined to form a single layer. Such domains of architecture encounter a wide range of information security threats. This is the case because every architecture domain handles confidential information or data. A good example of an information security threat is the one associated with asset protection (Whitman & Mattord, 2011).
For instance, the information assets constituting an entire domain of architecture can be disclosed or lost. This kind of disclosure will affect more stakeholders. As well, some unauthorized parties or users might access the information thus affecting the integrity of the system. Hackers and phishers can also access safeguarded information assets thus resulting in a security breach. This kind of security threat should, therefore, be prevented using powerful technologies, competent human resources, and control measures (Antunes et al., 2014). The ultimate goal is to ensure the EA operates effectively thus delivering the intended results.
Difference between an ‘Information Asset’ and a ‘System’
Companies use systems and information assets whenever supporting their business operations. It should be observed that information assets differ from systems. To begin with, an information asset is “a systematic system that contains knowledge and is usually managed as a single unit” (Deshmukh & Qureshi, 2011, p. 26). Deshmukh and Qureshi (2011) argue that such information assets have significant financial values. This fact explains why every information asset is an important feature of a business. The value of an information asset will decrease or increase depending on its usability. More often than not, companies use powerful classification systems to manage data and information. On the other hand, a system is a set of components usually organized in a specific manner to execute a given function (Whitman & Mattord, 2011).
The term can also be used to refer to different schemes in a single system. A good example is a computer system. For instance, the information asset of an institution can be a feature of its data management system. This discussion shows that a system is usually bigger and should contain several entities to function effectively. The absence or malfunction of one of the units will affect the effectiveness of the entire system.
The Relationship between Threats and Vulnerabilities
According to information technology (IT) experts, many people use the words vulnerability and threat interchangeably (Kim & Solomon, 2013). IT specialists and programmers should be aware of the relationships existing between these two terms. A threat is “a potential agent capable of harming a system or an organization” (Kim & Solomon, 2013, p. 52). On the other hand, vulnerabilities are “flaws within a system or the surrounding environment that can be used by attackers to inflict damage” (Deshmukh & Qureshi, 2011, p. 26). This understanding shows clearly that threats are potential aggressors capable of damaging a system or an organization.
Some common threats include spyware, dissatisfied workers, criminals, and malware. Vulnerabilities can include inappropriate system designs, network configurations, or ineffective business operations. Vulnerabilities, therefore, create new opportunities for threats to hit (Kim & Solomon, 2013). Designers of different computer systems should, therefore, focus on the best strategies to deal with different vulnerabilities. This move will make it easier for them to come up with powerful systems that cannot be breached by different threats. Powerful techniques such as the use of surveillance systems and anti-viruses will ensure every system operates efficiently. Programmers and system designers should focus on the best practices to deal with these vulnerabilities and threats.
Use of a Structured Tool
Managing various IT security issues across a domain of architecture can be a major challenge (Deshmukh & Qureshi, 2011). It is agreeable that many system administrators (SAs) and IT managers encounter numerous challenges whenever promoting the best security measures. The use of structured tools can play a major role in simplifying their roles. This is the case because such structured tools are easy to use, record, and monitor.
They simplify the job of every SA thus delivering the best results. The Information Security Manager’s checklist is a powerful tool that evaluates the security level of an existing system. As well, IT managers can use such tools to outline the best practices and eventually be able to manage the targeted system professionally. The use of such structured tools is something critical for different Information Security Managers. Checklists ensure every aspect of the system works effectively. The checklist makes it easier for the IT manager to identify the existing gaps and address them using the best strategies (Antunes et al., 2014). As well, such checklists are easy to use thus delivering the best outcomes. Organizations and institutions should encourage their Information Security Managers to use such structured tools to ensure every system functions optimally.
Antunes, G., Bakhshandeh, M., Mayer, R., Borbinha, J., & Caetano, A. (2014). Using Ontologies for Enterprise Architecture Integration and Analysis. Complex Systems Informatics and Modeling Quarterly, 1(1), 1-23. Web.
Deshmukh, A., & Qureshi, R. (2011). Transparent Data Encryption: Solution for Security of Database Contents. International Journal of Advanced Computer Science and Applications, 2(3), 25-28. Web.
Kim, D., & Solomon, M. (2013). Fundamentals of Information Systems Security. Burlington, MA: Jones & Bartlett Learning. Web.
Whitman, M., & Mattord, H. (2011). Roadmap to Information Security: For IT and Infosec Managers. Clifton Park, NY: Delmar Cengage Learning. Web.