Sign In
Not register? Register Now!
Essay Available:
Pages:
6 pages/β‰ˆ1650 words
Sources:
8 Sources
Style:
APA
Subject:
Technology
Type:
Essay
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 32.4
Topic:

ITM431 Module 4: How a Company's Data, Information and Knowledge Be Protected in the Event of a Disaster

Essay Instructions:

Module 4 - Case
WEB SECURITY AND EMERGENCY PLANNING
Assignment Overview
Several common issues in web security must be considered. A survey data in the following article show the relative frequency for a certain web security breach to occur. The article also provides the detailed explanation of different potential web security breaches.
Heilmann C. (2010). Web Security: Are you part of the Problem?
Google Code University provides even more detailed explanations in sets of presentation slides. They even have exercises to test your skills. You are not required to do these exercises. But you are encouraged to give it a try. Please from the general overview of web security, select three issues to study in depth. And selectively learn from the appropriate sets of presentation below:
Google (2012). What every web programmer needs to know about security. http://www(dot)reddit(dot)com/r/webdev/comments/i8xgw/what_every_web_programmer_needs_to_know_about/
As far business continuity planning to prepare for data recovery and protection, there is increasing consensus that is really a policy issue or a management priority as far as security planning. The first article discusses the basic disaster recovery planning for data protection:
Tech Target (2011). Disaster recovery security: The importance of addressing data security issues in DR plans. Retrieved from http://searchdisasterrecovery(dot)techtarget(dot)com/feature/Disaster-recovery-security-The-importance-of-addressing-data-security-issues-in-DR-plans
In the DIKW model (Data, Information, Knowledge, and Wisdom), knowledge is one level above information. Tactics in disaster recovery of data and information may not be sufficient for disaster recovery of knowledge; however, if a company has already had a planning for knowledge recovery in case emergencies happen, it may imply that the company must have good data and information recovery plan. The following articles reflect the diversity of approaches being taken to thinking about emergency recovery in terms of knowledge management
O’Sullivan, K. (2010). Knowledge continuity: Strategies, approaches, and tools. Star Knowledge. Retrieved from https://knowledgecompass(dot)wordpress(dot)com/2010/09/21/knowledge-mapping-approach-methodology/
Beazley, H. (2003) Knowledge continuity: The new competitive advantage. ASAE. Retrieved from http://www(dot)asaecenter(dot)org/PublicationsResources/EUArticle.cfm?ItemNumber=11836
Kaieteur Institute For Knowledge Management. (2005). Vital knowledge assets protection planning service. Retrieved from http://www(dot)kikm(dot)org/assetplanning.pdf
Field, A. (2003) Thanks for the (Corporate) memories. HBS: Working Knowledge. Retrieved from http://hbsworkingknowledge(dot)hbs(dot)edu/pubitem.jhtml?id=3465&t=entrepreneurship
In addition, there is material in the background information bearing on these questions, and you may wish to do further research yourself by following up some of the links or other references.
Case Assignment
Review reading materials, and think about the issues involved, please prepare a 6-9 page paper addressing the questions.
Web Security Issues and Solutions"
"How can a company's data, information and knowledge be protected in the event of a disaster?"
Assignment Expectations
Use information from the modular background readings as well as any good quality resource you can find. Please cite all sources and provide a reference list at the end of your paper.
The following items will be assessed in particular:
Your overview of web security, among which you identify three of them to discuss in depth.
Your understanding of selected web security issues.
Your understanding of current solutions to selected web security issues.
Your understanding of what is considered to be a disaster in the context of information security. Please provide at least two examples and measures taken by organizations in dealing with the disaster.
Your understanding how to protect a company's data, information and knowledge in the event of a disaster.

Essay Sample Content Preview:

How a Company's Data, Information and Knowledge Be Protected in the Event of a Disaster
Name
Institution
Date

How a Company's Data, Information and Knowledge Be Protected in the Event of a Disaster
Introduction
The emergence of web 2.0 has seen many organizations adopt the web as a means of doing business and service delivery. Sharing information through social networking increases threats to security and privacy as websites become targets for malicious attacks. Tech Target (2011) states that many managers assume that basic data security measures such as firewall, backups, and strong user account passwords are enough. However, they have no idea how well their organizations are protected until they take a look from a malicious attacker’s perspective. Therefore, this paper discusses major web security issues and the measures some organizations have taken in dealing with them.
Web Security Issues and Solutions
Google (2012) states that security is holistic, and it involves physical security, which involves the protection against information leakage and document theft, technological security that mitigates malicious traffic, policies, and procedures, which require employees to be aware and vigilant. According to Hassanien (2009), new technology has seen companies store their data in a ubiquitous database for it to be accessed from any location, any time. New issues about privacy and information security have been addressed as a result of decentralization of information. To reduce web security issues, companies must understand the potential disasters and the necessary response. From the web content such as games, travel information, music, and stocks among others can be found as well as personal information that is required for web services. Most of this information is sensitive, and the risk for leakage is continually increasing. Web service experts must, therefore, find latest security solution updates to curb the threat. Sullivan & Liu (2011) listed the OWASP top ten lists of the most critical web application security risks. Three of these web security issues namely; SQL injection, cross-site scripting, and insufficient transport layer protection, are discussed in depth.
SQL Injection
This is whereby the attacker accesses an organizations database by sending an SQL command to its server via the URI. The URI is the address of a given file on the internet (Heilmann, 2010). According to Sullivan & Liu (2011), the attacker tries to find a way of running his code on the organizations web server. If he succeeds, he can access valuable confidential information in the database such as usernames, passwords, names, addresses, phone numbers, and credit card details. In other words, the attacker becomes the database server administrator with the ability to tamper with the existing information, void transactions and destroy data or make it unavailable. Hassanien (2009) states that an SQL injection attack is caused by inadequate input validation on user interface and it increases with the use of technologies designed to offer new working environment especially in e-commerce, healthcare system, e-government among others. A significant number of researches have been done to detect and prevent these attack...
Updated on
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Order

πŸ‘€ Other Visitors are Viewing These APA Essay Samples:

HIRE A WRITER FROM $11.95 / PAGE
ORDER WITH 15% DISCOUNT!
Order Now