Information Systems and identity management
167128-671268 - Justin Basagic - Jul 12, 2018 151 PM - ExecutiveSummary_Jbasagic.docx
Running Head: INFORMATION SYSTEM AND IDENTITY MANAGEMENT
INFORMATION SYSTEM AND IDENTITY MANAGEMENT
Information System and Identity Management. (ISIM)
Justin Basagic
UMUC CYT 610
Executive Summary
This technical report is based on the extensive information about a complete information system and the identity management which is considered as the most important part of any kind of organization whereas there are several aspects which necessary to discuss for the better quality of the services of any kind of business. In any enterprise, there are several employees who are working for the company to provide the services also there are other information which are necessary to store on daily basis, in short, it is clear that even in a small organization, the workflow level of information is too high so that there would be a proper system which will be needed for the storage of information. The complete infrastructure of the information system will be discussed in the report so that the requirements of the research will be fulfilled. The management of the organization always spend a lot of amount in the integration of the latest information system because the concern of business stakeholders are always based on the core information about the profit and the loss which takes place in every business. The report will cover the issues about the cyber security that’s how the cyber security will be considered as the helping hand in the latest information system as the information is stored and transmit through the cloud servers now a is considered as a latest database management technique.
Comment by Gbemi: Delete extra space.
The framework about the identity management will also be discussed with the perspective of the business such as in every organization there are authorities and the privileges so the hierarchy of the system can be decided for example a manager will be having the more the access about the system so the managers can manage the sensitive information. Information systems in the business contain the information which can be very critical such as most of the information system contain the information about the financial management and the transaction security which can be considered as the most sensitive information in the premises of the organization. Identity management can be assigned but the managers or the core functional management of the companies or organization normally defines the access to the multiple users and the users can also be sort based on their designation with the company. All the aspects are described in the report for the better quality of the service.
A terminology of cross network identities are also described in the report .Most of the information is normally stored at the online servers but there are several risks and threats which can be affecting the information system. Such as the network attacks which can be made by the hackers to destroy the data of an organization. Cyber security assures the security of the web servers from any kind of network attacks. The information about the cyber security is also discussed in the report and the small configuration about the cyber security is also described. Comment by Gbemi: This describes the layout of your paper. It does not provide a high-level overview or summary of what you will discuss in detail in the paper. Remember, you want your Executives to have a quick understanding of the problem, your findings, and your recommendations so that they can decide how to protect the organization. If they want more details then they will read the technical report.
Introduction
In the field of business administration, there are several factors which are necessary to discuss because in the business forums there are multiple information which are abstract initially, an information system is always needed to store and manage the business information at a specific platform which can be provided by the integrated system. Let’s take an example of Amazon which is considered as the largest e-commerce services in the world, the management of the Amazon use very extensive information system for the data storage and the management. This report will initially discuss about the terminology of the information systems so that the proper overview of the information system can be described for the better quality of the research. The aspects and the advantages of information systems will also be discussed in the report so that it can relate with the business and administration. In the current industry, every forum is using the information system to manage the workflow of the organization and its becoming trend to get the information system for the organizations in the current business industry.
The core aspects of Identity management will also be discussed in the report because Identity management is also considered as the necessary part of the business as there are several members who normally work in an organization so the authorities and the privileges of every member of the organization should be different.
Information System
Information system are basically based on the large embedded system which is used to store the information about the organization such as the information about the daily transaction, invoices, and reports about the profit and loss. On other hand, the employees and the customer details will also be stored in the information system.
Information security is vital to any organization, like the financials, record keeping, and businesses. Use of information will enable organizations in fulfilling customer needs and taking care of their personal data such as personal information. There are various challenges that any given organization might fall into; including the hands of unauthorized person and hackers. So as to reduce any risk- crisis in the organization, effective information systems are used. So as to get the importance of information system, the challenges must be first eradicated. Every organization needs to develop policies that will help in securing information (Von Solms, 2013). Comment by Gbemi: How does this apply to your organization? See Step 1 in the Project overview.
Development of high technology in today’s world requires many organizations to depend on information systems. Many people are of concern of the system’s use particularly in saving their data, information, especially personal information, such as health status. Various threats from hackers and identity theft has also added their concern since there is an increasing number of system hackers. This has led to various organization treating information as one of their internal controls that needs to be protected. Various system threats in organizations have made to the news headlines as many organizations rely on computer information systems. Information raises the competitive advantage of organizations, and there has been increased awareness in identity theft and power of information. Privileged Identity Management generally includes two types of accounts. Attended accounts – Shared accounts used by humans for administrative purposes (as suggested below). The privileged accounts are then managed by a PIM solution which could include rotating the password each time the account/password is checked out. Each mode of account management has its benefits and weaknesses.
Information security refers to the techniques, collection of technologies management practices and policies that are applied to secure information. It is also protection from unauthorized access, to information so as to enable confidentiality, integrity and availability (CIA). Integrity: protecting against improper destruction or modification, including ensuring authenticity and non-dissent. Confidentiality; this is providing authorized access to individuals that are only authorized, thus preventing disclosure and protect privacy. Availability is ensuring that the information is provided when required timely in a reliable way.
In many organizations today, information security has become an integral part, and it is continuing to be a larger factor. The organizations use systems architecture that interconnects the networking systems, internet and the organizations. All these present a security concern that any organization must deal with. The organizations hold sensitive data on individuals, and the organization itself, which provide a challenge to protect it. There are various steps that must be put in place to provide this protection.
Some of the main reasons to keep organizational information safe include;
Customer assurance; secure and stable networks ensure customer satisfaction and assurance that their information is safe. Security breaches in organizations are in terms of money lost. Market sakes, staff productivity, workflow and customer service could be affected by the downtime. The organization can lose customers due to the negative publicity caused by breaches.
Smooth business operations; consistent IT security and maintenance ensures smooth running of business operations. The organizations must maintain a secure and configured network that actively protects from unknown threats.
Insurance companies; these companies are interested in knowing how various organizations keep their information assets safe
To sum up, there are many other benefits of keeping organizations secure. Writing security policies isessential for a secure organization. Everyone needs to understand their role in maintaining security. Creating policies that are clear and easy to comply with is key to information security. Complex policies are not required since it only encourages people to breach them. For these reasons and more, businesses are increasingly opting for a separate CIM solution in their technology stack, to facilitate what Gartner recently termed a “bimodal” approach to digital strategy. The first mode emphasizes stability, accuracy and reliability, while the other is focused on agility, speed and the ability to adapt to unstable processes and react to business moments. CIM bridges both modes by collecting and normalizing disparate data types, consolidating that data into rich user profiles that are highly actionable to line of business stakeholders, and managing compliance and security (Ericsson, 2010). Comment by Gbemi: Spell-check and proof-read the entire document. Comment by Gbemi: Not needed. Or, provide basis and supporting citation. Comment by Gbemi: Spell out acronyms the first time used.
Identity Management
An installment exchange strategy for exchanging reserves from a payer to payee is given, including assigning a payee and determining an installment sum and a record; charging the assets from the record and crediting a first trust account; and recognizing the payee by checking reactions got in light of at least one test reaction questions characterized by the payer. On the off chance that the at least one reactions are confirmed, a second trust record might be charged and a payee account credited with the installment sum. The first and second trust records may then be accommodated. There is likewise given an installment exchange office to exchanging stores. Including an application server for putting away installment information identifying with an exchange of assets and a notice server for giving a notice of the exchange of assets (Abrams, 2008). Comment by Gbemi: Relevance?
Frameworks and strategies for overseeing email are given. A portion of the email might be scrambled utilizing personality based-encryption (IBE) strategies. At the point when an approaching IBE-scrambled message for a beneficiary in an association is gotten by a portal at the association, the door may ask for an IBE private key from an IBE private key generator. The IBE private key generator may create the asked for IBE private key for the entryway. The door may utilize an IBE unscrambling motor to decode the approaching message. The unscrambled message can be checked for infections and spam and conveyed to the beneficiary. Active email messages can likewise be prepared. On the off chance that demonstrated by message properties or data gave by a message sender, an active message can be encoded utilizing an IBE encryption motor and the IBE open key of a coveted beneficiary (Yan, 2012).
Cyber Security
The term cyber security is often used interchangeably with the term information security. This paper argues that, although there is a substantial overlap between cyber security and information security, these two concepts are not totally analogous. Moreover, the paper posits that cyber security goes beyond the boundaries of traditional information security to include not only the protection of information resources, but also that of other assets, including the person him/herself. In information security, reference to the human factor usually relates to the role(s) of humans in the security process. In cyber security this factor has an additional dimension, namely, the humans as potential targets of cyber-attacks or even unknowingly participating in a cyber-attack. This additional dimension has ethical implications for society as a whole, since the protection of certain vulnerable groups, for example children, could be seen as a societal responsibility (Mo, 2012).
30,000 qualified cyber-security specialists in the US Public Sector alone despite being one of the best financially compensated technology-related domains. Against ever evolving cyber-threats the need to graduate students skilled in the concepts and technologies of cyber-security is becoming a critical responsibility of academic institutions in order to help preserve the sovereignty of the US and her allies. This paper discusses the role of cyber-security in an IT education context and explains why IT programs should champion this topic. The relationship between Information Assurance and Security as a currently recognized discipline within IT and advanced cyber-security topics are presented. Recommendations for the placement and structure of a cyber-security emphasis within a curriculum are presented using an adaptable framework that we have named "Prepare, Defend, and Act." We rationalize and discuss this framework along with teaching methods we have found to be effective in helping students maximize their cyber-security learning experience. Finally, four recommendations are proposed that we invite IT program-offering institutions to review.
Literature Review
A technique and mechanical assembly for a completely incorporated Information System (IS) with modules for every business movement, that can be utilized independently or gathered in a suite of modules, every module containing its own particular individual database, and associated through a middleware-like mix gadget, or Enterprise Service Bus, for organize based information synchronization and correspondences, that interface the modules to each other and to existing ERP, CRM, information distribution center and custom inheritance frameworks. Every module in these way demonstrations all the more proficiently since it isn't loaded by the undertakings of interfacing with the equipment stages and working frameworks, which are allotted to the projects in the mix server. These littler and more adaptable modules cooperate and consequently refresh every related application, databases and clients, when information is gone into one. The modules are immediately actualized as they are composed from libraries of center usefulness from existing programming code that were produced for executing comparable business necessities, added to custom code, accordingly rapidly and reasonably executing exact individual business prerequisites, completely incorporated with the current heritage IS condition. The creation is viewed as a cutting edge ERP innovation that can without much of a stretch adjust to new prerequisites as commercial centers and best practices direct. It is called SAIDware and it is particularly suited for the relocation of heritage frameworks to more current stages, encouraging their well-ordered substitution as time and spending plans permit (Cleveland, 2008).
In the wake of inspecting advanced nom de plumes qualifications as fundamental ideas of such a framework, we give a prologue to innovations for multilateral security and portray a design which empowers multilaterally secure correspondence. By methods for various situations we demonstrate prerequisites of a character administration framework, and blueprint an approach in building up a personality administrator and its foundation. At long last, we examine issues and dangers of personality administration frameworks which must be considered when utilizing such a framework (Jajodia, 2011).
Conclusion
The high level of the management will be having the different access of the system as compared to the normal employee so the information system allow the management to classify the employees with respect to their designation as it has been Elaborated in the summary that the managers or the database administrators will always be having the different and more privileges of the system. Last but not the least, the information about the cyber security will be discussed to assure that how the information systems can be protected.
References
Abrams, M. &. (2008). Malicious control system cyber security attack case study–Maroochy Water Services, Australia. McLean, VA: The MITRE Corporation. Cleveland, F. M. (2008). Cyber security issues for advanced metering infrasttructure (ami). In Power and Energy Society General Meeting-Conversion and Delivery of Electrical Energy in the 21st Century. Ericsson, G. N. (2010). Cyber security and power system communication—essential parts of a smart grid infrastructure. . IEEE Transactions on Power Delivery. Jajodia, S. G. (2011). Moving target defense: creating asymmetric uncertainty for cyber threats. Mo, Y. K. (2012). Cyber–physical security of a smart grid infrastructure. Proceedings of the IEEE. Von Solms, R. &. (2013). From information security to cyber security. . computers & security. Yan, Y. Q. (2012). A survey on cyber security for smart grid communications. . IEEE Communications Surveys and tutorials.
2
167128-671268 - Justin Basagic - Jul 12, 2018 151 PM - InformationSystemandIdentityManagement1.pptx
Information System and Identity Management
Justin Basagic
Introduction
In the field of business administration, there are several factors which are necessary to discuss because in the business forums there are multiple information which are abstract initially, an information system is always needed to store and manage the business information at a specific platform which can be provided by the integrated system.
The core aspects of Identity management will also be discussed in the report because Identity management is also considered as the necessary part of the business as there are several members who normally work in an organization so the authorities and the privileges of every member of the organization should be different.
Gbemi (G) - Be succint. Not clear of the intent of the first bullet. It is good practice to highlight salient points in the slide and use the "Notes" to provide additional details.
Introduction(Contd..)
The aspects and the advantages of information systems will also be discussed in the report so that it can relate with the business and administration. In the current industry, every forum is using the information system to manage the workflow of the organization and its becoming trend to get the information system for the organizations in the current business industry.
Information System
Information system are basically based on the large embedded system which is used to store the information about the organization such as the information about the daily transaction, invoices, and reports about the profit and loss. On other hand, the employees and the customer details will also be stored in the information system.
Information system is vital to any organization, like the financials, record keeping, and businesses. Use of information will enable organizations in fulfilling customer needs and taking care of their personal data such as personal information.
Development of high technology in today’s world requires many organizations to depend on information systems.
Gbemi (G) - Provide citations for definitions and descriptions. Provide an overview of your organization and the critical mission systems it has. See Step 1 requirements.
Identity Management
The framework about the identity management will also be discussed with the perspective of the business such as in every organization there are authorities and the privileges so the hierarchy of the system can be decided for example a manager will be having the more the access about the system so the managers can manage the sensitive information.
Information systems in the business contain the information which can be very critical such as most of the information system contain the information about the financial management and the transaction security which can be considered as the most sensitive information in the premises of the organization. Identity management can be assigned but the managers or the core functional management of the companies or organization normally defines the access to the multiple users and the users can also be sort based on their designation with the company.
Cyber Security
Cyber security assures the security of the web servers from any kind of network attacks. The information about the cyber security is also discussed in the report and the small configuration about the cyber security is also described.
The term cyber security is often used interchangeably with the term information security. This paper argues that, although there is a substantial overlap between cyber security and information security, these two concepts are not totally analogous.
Literature Review
The creation is viewed as a cutting edge ERP innovation that can without much of a stretch adjust to new prerequisites as commercial centers and best practices direct. It is called SAIDware and it is particularly suited for the relocation of heritage frameworks to more current stages, encouraging their well-ordered substitution as time and spending plans permit (Cleveland, 2008)
Gbemi (G) - Relevance?
In the wake of inspecting advanced nom de plumes qualifications as fundamental ideas of such a framework, we give a prologue to innovations for multilateral security and portray a design which empowers multilaterally secure correspondence. By methods for various situations we demonstrate prerequisites of a character administration framework, and blueprint an approach in building up a personality administrator and its foundation. At long last, we examine issues and dangers of personality administration frameworks which must be considered when utilizing such a framework (Jajodia, 2011).
Gbemi (G) - Remove template guidance before submission.
Conclusion
The high level of the management will be having the different access of the system as compared to the normal employee so the information system allow the management to classify the employees with respect to their designation as it has been Elaborated in the summary that the managers or the database administrators will always be having the different and more privileges of the system. Last but not the least, the information about the cyber security will be discussed to assure that how the information systems can be protected.
References
Abrams, M. &. (2008). Malicious control system cyber security attack case study–Maroochy Water Services, Australia. McLean, VA: The MITRE Corporation.
Cleveland, F. M. (2008). Cyber security issues for advanced metering infrasttructure (ami). In Power and Energy Society General Meeting-Conversion and Delivery of Electrical Energy in the 21st Century.
Ericsson, G. N. (2010). Cyber security and power system communication—essential parts of a smart grid infrastructure. . IEEE Transactions on Power Delivery.
Jajodia, S. G. (2011). Moving target defense: creating asymmetric uncertainty for cyber threats.
Mo, Y. K. (2012). Cyber–physical security of a smart grid infrastructure. Proceedings of the IEEE.
Von Solms, R. &. (2013). From information security to cyber security. . computers & security.