Need Help

Running head: APPLICATION SECURITY 1

APPLICATION SECURITY 2

Application Security

Name

Affiliate institution

Application Security

Risk Management and Information Security are vital to the success of an organization. However, the two concepts are different yet closely related to each other. Risk Management is critical in containing risks, which occur in various forms. Different mechanisms are employed in risk management, and such includes information security, application security, infrastructure security. Information security aims at protecting data, which is crucial for most entities. Application security aims to build secure applications and infrastructure security stands to provide strong security to protect and avoid the threats. As I interduce as earlier I’m working as a java developer for credit reporting agency named as Equifax. The paper narrows its focus how the application security theoretical and practical knowledge learned from the course (Application Security, ISOL-534) helping me to provide security for data, application and infrastructure.

Application security: Designing and developing the strong applications by following security design patterns, patching the software’s on a interval base to avoid the vulnerabilities, killing un used programs, scanning the application to find the potential vulnerabilities by using third party security tools, implementing multi factor authentication applications, using security certificates while interacting with external systems outside of the organizations. Integrating the security framework with code to make sure of authorization and authentication.

Infrastructure Security: Working with network security team to build the strong firewalls, opening the secure ports to interact with internal and external communication of organization, getting security audit for the work machine on a timely manner, updating the browser settings (Such like proxy settings, restricting the sites, enforcing the browser to use secure sites as default).

Information security: Following string password polices, encrypting the folders and drives with bit locker encryption mechanism, following Identification, authentication and authorization while logging as a user to the work station. Logging remotely to the remote systems and checking the services health and fixing the vulnerabilities, encrypting the data while transferring over the network, setting up secure communication protocols, installing antivirus and anti-spyware software, maintaining a malware free Windows system to prevent the threats from the hackers.

I have learned the various concepts such like and Principle of least privilege, using access control lists, Microsoft Windows access management tools, Scanning and auditing Windows systems, defining and creating Group Policy controls, audit tools and backup the data. Some extent on network security, windows security, windows server administration and security etc.

As a java developer I’m not getting opportunity to explore more of windows and secure administration.

The knowledge and concepts learned from the course gave me the more knowledge of windows security and security administration.

Conclusion

Risk Management and Information Security are vital concepts for an organization. The two largely contributes to the success of an organization given the immensity of what they protect, data, a unique factor to every organization. The two contributes to organizational success through maintaining competitive advantage, data integrity, and confidentiality. Risk Management and Information Security protect an organization against cyber-crime and attacks, the major underlying factors for the ruin of an organization today.