Security Audit Complete Strategy of Information Security

Question: Discuss about the Security Audit. Answer: Introduction: Layering Security A layered security approach can be applied at a different level in a complete strategy of information security. A layered security approach can help multiple users from a single computer at home to thousand in an organization; it helps in improving the safety profile (Gandotra et al., 2011). In other words, the basic idea of the layered security is that any only defense can be flawed or mistaken. The most specific way for it is to find multiple errors that can be compromised by any attack. This is why, a series of various defenses must be employed that can also be used to cover any gap for many other protective capacities (Gandotra et al., 2011). Firewalls or intrusion detection systems, auditing of procedures, storage encryption tools, and malware scanners can serve to protect every detail of information technology resources in multiple ways. Security vendors also offer a vertically integrated vendor stack answers for layered security. Following are some of the examples for the same : - A firewall application An anti-spam application An antivirus application Parental controls Privacy controls Corporate vendors that use this security software are in a fascinating place because, to achieve the goals, it is important to try and sell integrated and comprehensive solutions that lock customers into one vendor relationship (Sharma and Ghose, 2011). While on the other hand, it is also important to sell elements of a comprehensive strategy for layered security on personal level specifically for those who do not want to buy their solution and at the same time convince customers that this approach is ideal in a vertically integrated stack. Layered security does not mean that it is referred as multiple implementations of the same basic tool for the safety (Sharma and Ghose, 2011). Like installation of AVG Free or Clam Win on same windows is not a perfect example of this system of protection even if it is helping in achieving some advantages and also making many tools that cover for the failure of others. The term has been used for the information assurance which helps in handling the risks analysis and the risks management. The entire focus has been on the allowing of the materialised risks which will have an effective control to mitigate the threat. The Importance of Security Audit Security Audits are crucial, and it can help in keeping the track of many compliance programs and at the same time also reduced the overall stress of the formal audits. Starting an annual financial audit usually, help in generating a collective groan among all the employees. It also intervenes in the work and at the same time involves an uncomfortable cross-examination (Kayworth and Whitten, 2010). It is important to understand different IT security compliance audits and it can easily engender the similar kind of reaction if it is not handled in a proper manner. However, security audits should not be seen any chore or interruption in the routine network administration. It also helps in fulfilling a crucial role that ensures multiple policies and processes that are being followed and the entire organization is in compliance with some core and relevant standards and the legislations (Kayworth and Whitten, 2010). A good theory or approach is based on conducting multiple self-assessments audits so that the organization is prepared for any formal inspection by an outsider and independent auditor. All these kind of security system assets and also simplifies the overall process and at the same time also reduces those resources that are important to finish more regular kind of audits. To reduce the stress and also the strain of official audits, it is important to conduct self-assessment audits and also perform same standards, so it is important to focus on scope and findings that need to be documented and also reported in a formal manner (Kayworth and Whitten, 2010). All these reports play a major role in making sure any shortcoming in the complete state of security controls and it should in compliance that can change or rectified more multiple times in a year. It is important that organization on continuous basis check the system for vulnerabilities, learning new kind of threats, adjusting the defense as and when required. The security is based on the assessment of the system application which includes the performance of the scanned vulnerability along with the reviewing differ ent applications the operating system controls to access the system changes. The analysis is based on taking hold of the security changes with the established security conducts. The major focus has been to handle the systems which include the personal computers and the networking routers. Open Source vs. Cloud Source Security Open Source and Cloud source security aim to offers reliable software to the end-user. There are multiple users that prefer the backing of big companies like Microsoft and other, and these are expressly has tailored the list of many programs and services (Krutz and Vines, 2010). There are many other who also prefer the flexibility of open source options like Eucalyptus or Open Stack. It isn't matter that an issue can be right or wrong, for few people open source software become a choice which is obvious and those individuals who want more managed answers may cloud source an ideal option (Krutz and Vines, 2010). Normally open source software is free as it does not charge anything. Cloud source or proprietary models may or may not offer free packages initially and ultimately end up costing the customers. There are so many updates for cloud sources software that are a free but important upgrade, and the capacity to add new package often charges a fee (Krutz and Vines, 2010). Charges can also come in the form of per individual fee. There are open sources options that are based more on the overall development of the society, and they accordingly take multiple directions from different demands in the market and also tend to initiate with a small collection of multiple developers and multiple users (Krutz and Vines, 2010). Proprietary or cloud source software affect different vendor lock-ins, and this mean that the whole website or software is used with a proprietary vendor that cannot be taken from another kind of provider. It limits the capacity of the use for other providers with the information to use a specific one. On the other hand, open source services are very flexible by nature, and it allows users to move between different kinds of system freely (Krutz and Vines, 2010). Open source offers a huge range of compatibility among so many products. In typical words, if a cloud source goes out of the business and the end-user is left with a product which cannot be used and with many open source assignments, there is another project that can take off where the previous one is left behind (Krutz and Vines, 2010). Security software from different companies often focus on marketing that advises them to install the product that can solve all the problem related to security at once. However, it is a chall enging job to analyze the exact need of the company (Pangalos et al., 2010,). Reference Gandotra, V., Archana Singhal, A. and Bedi, P., 2011. Layered security architecture for threat management using multi-agent system.ACM SIGSOFT Software Engineering Notes,36(5), pp.1-11. Sharma, K. and Ghose, M.K., 2011. Cross layer security framework for wireless sensor networks.International Journal of Security and Its Applications,5(1), pp.39-52. Krutz, R.L. and Vines, R.D., 2010.Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing. Kayworth, T. and Whitten, D., 2010. Effective information security requires a balance of social and technology factors.MIS Quarterly executive,9(3), pp.2012-52. Pangalos, G., Ilioudis, C. and Pagkalos, I., 2010, June. The importance of corporate forensic readiness in the information security framework. InEnabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), 2010 19th IEEE International Workshop on(pp. 12-16). IEEE.