The Internet Security Alliance (isalliance.org) was formed in April 2001. The alliance is a collaborative endeavor of Carnegie Mellon University’s Software Engineering Institute (SEI); its CERT Coordination Center (CEDRT/CC); the Electronics Industries Alliance (EIA), a federation of trade groups; and other private and pubic member organizations and corporatins. Their goal is to provide information sharing and leadership on information security and to represent its members and regulators.

On September 9, 2002, the alliance released results from a recent security survey conducted jointly with the National Association of Manufactures (NAM) and RedSiren Technologies Inc. (Durkovich, 2002). The survey asked 227 information security specialists worldwide to compare their current attitudes towards information security with their attitudes prior to the 9/11 terrorist attacks. Overall, the results showed that the security specialists view information security as more of an issue now and that they see it as crucial to the survival of their organization or business. However, most answered that they still feel inadequately prepared to meet their current security challenges, and just as importantly, that most lacked senior management commitment to address these challenges.

The following are some of the specific survey findings:

● 91 percent recognize the importance of information security.

● Most of the organizations reported at least one attack in the past year, with approximately 30 percent reporting more than six attacks.

● 48 percent said that the 9/11 attacks made them more concerned about information security, while 48 percent said there had been no change in their attitudes.

● 47 percent said that their organization had increased spending on information security since the attacks.

● 40 percent said that they had improved their physical security, electronic security, network security, and security policies since the attacks.

● 30 percent indicated that their companies are still inadequately prepared to deal with security attacks.

The Internet Security Alliance has identified 10 of the highest priority and most frequently recommended practices necessary for implementation of a successful security process. The parctices encompass policy, process, people, and technology. They include (IS Alliance, 2002):

1. General management. Information security is a normal part of everyone’s responsibilities managers and employees alike. Managers must ensure that there are adequate resources, that security policies are well defined, and that the policies are reviewed regularly.

2. Policy. Security policies must address key areas such as security risk management, identification of of critical assets, physical security, network security, authentication, vulnerability and incident management, privacy, and the like. Policies need to be embedded in standard procedures, practices, training, and architectures.

3. Risk management. The impacts of various risks need to be identified and quantified. A management plan needs to be developed to mitigate those risks with the greatest impact. The plan needs to be reviewed on a regular basis.

4. Security architecture and design. An enterprised-wide security architecture is required to protect critical information assets. High-risk areas (e.g., power supplies) should employ diverse and redundant solutions.

5. User issues. The user community includes general employees, IT staff, partners, suppliers, vendors, and other parties who have access to critical information systems.

6. System and network management. The key lines of defense include access control for all network devices and data, encrypted communications and VPNs where required, and perimeter protection (e.g., firewalls) based on security policies. Any software, files, and directories on the network should be verified on a regular basis. Procedures and mechanisms must be put in place that ensure that software patches are applied to correct existing problems; adequate levels of system logging are deployed; systems changes are analyzed from a security perspective; and vulnerability accessments are performed on a periodic basis. Software and data must also be backed up on a regular schedule.

7. Authentication and authorization. Strict policies must be formulated and implemented for authenticating and authorizing network access. Special attention must be given to those employees accessing the network from home and on the road and to partners, contractors, and services who are accessing the network remotely.

8. Monitor and audit. Security-breaching events and changing conditions must be monitored, and the network must be inspected on a regular basis. Standards should be in place for responding to suspicious or unusual behavior.

9. Physical security. Physical access to key information assets, IT services, and resources should be controlled by two-factor authentication. 10. Continuity planning and disaster recovery. Business continuity and recovery plans need to be implemented and periodically tested to ensure that they are effective

Questions for Minicase 2

1.       Why does the Internet Security Alliance include both private and public members?

2.       2. What is the mission of the Alliance?

3.        3. Why is it beneficial to prioritize issues?

4.       . How would you justify the existence of the Alliance? Who should pay its costs?

Found something interesting ?

• On-time delivery guarantee
• PhD-level professional writers
• Free Plagiarism Report

• 100% money-back guarantee
• Absolute Privacy & Confidentiality
• High Quality custom-written papers

Related Model Questions

Feel free to peruse our college and university model questions. If any our our assignment tasks interests you, click to place your order. Every paper is written by our professional essay writers from scratch to avoid plagiarism. We guarantee highest quality of work besides delivering your paper on time.

Mohammed is a thirty-five year old Somalian man who visits his GP because he is finding it difficult to leave his home. Mohammed is concerned that he has become fearful of leaving his home, experiencing a sense of dread that something terrible will happen. His heart races and he often becomes dizzy. On one occasion he collapsed while he was at the mosque, and consequently has stopped attending services. He describes himself as a ‘nervous person’ but says it has got much worse over the past two years. He is concerned that he will lose his employment benefits because he has stopped attending job interviews. He has few friends, and spends his days reading and looking after his elderly parents, with whom he lives. Mohammed immigrated to Australia when he was seventeen. His family had been persecuted in Somalia, and he escaped to Pakistan before immigrating to Australia. He has many relatives still living in Somalia, and he worries about their safety. He completed an electrical apprenticeship, but has not worked as an electrician since injuring himself at work five years ago. Mohammed separated from his wife shortly after his accident, and has no children.

Read More »

Grab your Discount!

25% Coupon Code: SAVE25
get 25% !!