In of the most important data for the


In
today’s era of Internet of Things, all organizations depend on their information
security. With the new, high technology these days, information security is
absolutely important and necessary in order to preserve profits, protect data,
records, threats, and identify fraud. Furthermore, it is vital to protect University
of Michigan’s bank transactions and credit card details of the students and/or
guests because this is one of the most important data for the university. If
any of the above information was lost or stolen, it would become very damaging
for University of Michigan. Without information, the business cannot function because
protection of the sensitive information is a critical task for the modern
organization. This is why information security plan is extremely critical to
enhance the security of the campus.

This
data within the University is usually created and used by employees at the
university. The private data of the students and guests is only accessed by the
staff of the university such as accounts department and financial department.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

The rest of the employees, guests, and students do not have access to this
sensitive data. Each and every person at the university has to login with
his/her own username and password to access the information within the
university’s system. Even though Internet at the university is considered as an
external use, mostly all things are blocked within the login. Students and
employees are only allowed to access certain websites; the rest have been
blocked to ensure no virus can attack the system and no hackers can try to
enter the university’s system. Identifying and classifying these threats is
extremely critical for the university. The university needs to prioritize these
risks and have a plan in case if attackers attack the system. The very first
solution would be to have a backup of the sensitive data.

In
this era of Internet of Things, it is important to keep a backup when a breach
occurs by installing Web Application Firewall for the company’s website. The
installation of firewall will help protect the company against a DDoS attack.

If an attack were to happen, the firewall will help re-install the customer
data into a new system. This will help the company prevent from having any
loses within the organization. Furthermore, it is essential to keep record of
who has been using the computer system called audit logs. The name of the user,
the time the user accessed the computer or logged in, and the files that the
user accessed during the login should be recorded. Keeping service level
agreements (SLAs) also help determine a security standard.

Risk
management is necessary at University of Michigan and can be a huge issue that
can be solved by having many rules to be followed by all employees. The rules
play a fair chance in reducing some risks that could severely damage a
company’s reputation. Universities often face challenges when managing the
risks related to crucial choices. The following are the threats a university
faces: internal risks (risks that can be prevented), and external risks. The
internal risks can be avoided if necessary steps are taken. There is a high
risk if employees and managers take a part in “inappropriate, unauthorized,
illegal, unethical, and incorrect actions” which can lead to severe damage to
University of Michigan’s reputation and diminish the University’s value
(Kaplan, Mikes, 2012). This is why it is critical for companies to seek and
eliminate any potential threats and risks beforehand.

External
risks usually arise from the outside events that are beyond control for the
University. Although external risks cannot be prevented, it is vital for
University of Michigan to focus and identify these risks. More types of threats
University of Michigan can face are natural disasters that can lead to loss of
systems and data, and technical failures that can lead to failure of hardware
and software, crash of a hard disk drive, and bugs in a computer program. This
is where management support comes in. It is vital for managers to focus and
determine whether all employees are following the security procedures and rules
within the University.

            Employee error is a massive threat
faced by universities. Shoulder surfing is extremely common these days. This is
very common in public/common areas such as the library of the campus and the
computer labs. This can be prevented by fixing a sophisticated display on the
computers which darkens the display of the computers. Moreover, employees often
show carelessness by misplacing or losing laptops and storage devices which may
causes a malware to be placed in the university’s network. This can be
prevented, by rules, if employees start to log off of their computers/laptops
whenever the employees move away from the devices. Another rule that should be
created and taught to employees is to use a chain cable lock and attach it to
the laptops. This will avoid anyone from taking the laptop and accessing
sensitive information. Fishing emails is another problem faced by universities.

Furthermore,
employees often are not given a training which causes them to open unknown
emails or clicking on links embedded in emails. This can result in careless
Internet surfing which can cause malware or virus to be fixed in the
university’s network. The solution is to provide a training session to all
employees which can lead them to identify suspected phishing emails, keep the
operating systems and web browsers updated, and check the source information.

Moreover, employees should be trained to have a strong password. The university
should also create a rule which asks the employees to change their password
every 90 days. Also, employees should be trained on completely erasing the
memory on old computer, digital, and cell phone devices. The above are the risk
controlling rules that should be created to prevent threats to the university.

Having
policies within the university is vital and necessary to address all potential information
security issues. The three major policies that need to be addressed by the
university are enterprise information security policies (EISP), issue-specific
security policies (ISSP), and systems-specific security policies (SysSP). The
EISP is necessary in the university because it supports the mission and the
vision of the university. This security policy assigns computer security responsibilities
for implementation to address any security issues.

With
the rapid attacks of malware, Internet is extremely unsecure. This is why
antivirus software is important to install on the university’s systems. Once a
virus enters, it can not only take the information, but can also cost he
university thousands of dollars to have it fixed. To avoid this, adding an
antivirus software would be helpful. This software can eliminate 99.99 percent
of the viruses on the system. It can also protect from spyware that tends to
steal payment information online. There are students and guests who make a
payment online for classes or tuition which is why it is vital to install
antivirus software so the university can avoid the credit card information from
being stolen. This is where identity theft is at risk. Furthermore, antivirus
software can be used to shield spam emails and advertisements. There is a high
chance for viruses to attack the university’s system if students or employees,
unknowingly, click on emails or advertisements. These are few examples why
antivirus software is needed to protect the university’s system from viruses
and spam emails and advertisements.

As
per managerial perspective, it would be beneficial to create a special committee
which would integrate security into business processes. The committee would be
helpful when making decisions that involves university’s policies and
objectives that will help the university stay consistent with the
organizational culture. The university will further get support from the
management and all departments in each matter needed. The committee will
further help with the changes in the environment of the university, ensure the
university’s objectives are successfully met, and take care of the security
threats to ensure that best practices and legal requirements are taken into
account. It will also ensure that the university has created and followed
specific goals when security is in question. The committee will also focus on the
responsibilities of correctly implementing information security to confirm
whether the university’s information is completely secure, review and monitor
security related incidents, modify information security policies if needed, and
perform IT management related activities.

Furthermore,
it is highly important to get support from the university’s campus
administration. The administration of the campus maintains documentation of all
student records. Additionally, it helps communicate issues to appropriate
departments, one of them being security. Moreover, it collects and analyzes
necessary data to keep everything running smoothly. It also ensures that best
practices and university’s objectives are being followed by all employees,
students, and guests at the university. It also helps with the training of all
employees to ensure that all policies are being followed.

As
per the behavioral perspective, it is vital for the university to have a
security awareness program so the employees and students can avoid those
actions that could lead to potential security incidents such as disclosure of
sensitive information of the university. The awareness program will inform
everyone the risks of leaking or mishandling the university’s sensitive
information and the risks of accessing sensitive information without following
proper procedures and policies. Through this awareness program, students and
employees will be able to monitor phishing emails and inform the appropriate
department if someone attempts to acquire the university’s sensitive
information such as credit card details, usernames, and passwords through
email. With the program, only some of the employees will get privileged access
and rights of some of the information and programs to ensure that there will be
no harm to the university’s sensitive information. 

x

Hi!
I'm William!

Would you like to get a custom essay? How about receiving a customized one?

Check it out