Information Security and Ethics Of Google †MyAssignmenthelp.com

Question: Discuss about the Information Security and Ethics Of Google. Answer: Nature of the business In the era of globalization as well as technological advancement, Google has tried to place their position in the mind of cyber users, like the powerful search engine over the internet and its also used widely as the web-based search engine all over the world (Alberts Dorofee, 2002). It doesnt matter, whether it's old or young, Google can always be seen in the conversation about computers or internet (Axelrod, Bayuk Schutzer, 2009). One can view the history about how the companies enhance from small too big and are also identified all over the world. The core business of Google is to offer the search engine to the cyber user, who is interested in going to their place of interest (Alberts Dorofee, 2002). The search engine of Google tries to attract various internet users through simple design, but outcomes are quite amazing search outcome (Axelrod, Bayuk Schutzer, 2009). After the starting stage of the Google setting itself at the global position, it started selling the ads relate d to the keywords of search. The ads were text-based to increase the loading speed of the page (Alberts Dorofee, 2002). Most of the revenue of Google depends on the ads, and they had attained success with the support of AdSense and AdWords in the system after attaining experience within the industry (Alberts Dorofee, 2002). For developing the expected IT infrastructure, the department of IT try to maintain the balance among the purchasing of products from the outside vendors and try to draw up the software; for instance the organization purchase of the software from Oracle for maintaining the accounts; whereas, when the case of managing the customer relationship management, Google try to develop the software (Alberts Dorofee, 2002). Through the administration of the company try to create the data, that is made available to every employee, it also tries to make sure that the information is protected from getting misused or either used through the unauthenticated users (Alberts Dorofee, 2002). Google even try to encourage the use of open source software through applying it. It also initiates the students to work and develop the new software through offering the internship programs. In this manner, the company tries to attain new ideas that can be supportive (Alberts Dorofee, 2002). Google also seeks to develop the similar applications such as Google Apps that can be applied for the external and internal purpose (Axelrod, Bayuk Schutzer, 2009). The algorithm search engine is continuously updated, so that retrieval of information could get more relevant (Alberts Dorofee, 2002). The engineers ensure that the retrieval of information for the internet user get less. Google also adopts the round robin policy, which supports them in load balancing of server load. The servers of Google are categorized in various types, and every server is assigned with a particular function (Axelrod, Bayuk Schutzer, 2009). The business nature makes the Google emphasize the aspects of security and try to make it critical for Google (Axelrod, Bayuk Schutzer, 2009). The master search algorithm of the formula is to keep things secret. Instead of trying to implement the measures of strict policy, the organization ensures about the organization infrastructure as secured (Axelrod, Bayuk Schutzer, 2009). The focus is placed on the corrective and detective controls. More than 150 engineers are hired for offering the information security as well as for maintaining the organization security infrastructure (Axelrod, Bayuk Schutzer, 2009). The engineers regularly view the virus-like Spyware, and Google makes use of intrusion detection system for avoiding the breach of security (Axelrod, Bayuk Schutzer, 2009). Governance structures, processes, and policies it has in place It can be mentioned that, for the type of technology and innovation, Google produce the culture, governance as well as process as perfectly applied for generating the assistance of an idea one another (Axelrod, Bayuk Schutzer, 2009). The top executives hold instinct for taking the company and agree with them, in case they ask for hostile takeovers to place long-term vision (Axelrod, Bayuk Schutzer, 2009). The model of media might be right as compared to them, as both of them are reliant on the talent and vision. The culture of creative corporate is fabulous for attracting the Googolplex as the right playground for developing the magic of Google (Axelrod, Bayuk Schutzer, 2009). The process of organization of permitting the staff for using 20% of the work time in combination with the teamwork style that looks like a right formula for developing the dirty and rough prototype that it explored the value that could create entirely through the alpha to beta (Axelrod, Bayuk Schutzer, 200 9). The only types of limitation that can view the ego possibility in the manner of doing the right work and the companys size eventually turn the staff and businesses customers (Axelrod, Bayuk Schutzer, 2009). This could be branding issue for Google in the coming time over how to deal with the increase in huge companies (Axelrod, Bayuk Schutzer, 2009). The commitment of Google towards security is outlined through Code of the conduct of Google, along with security philosophy of Google (Eloff, Labuschagne, Solms Dhillon, 2011). All these policies include the huge array of the security linked with the topics, which includes the necessary policies that each staff should comply with physical security, account, data as well as few specific policies including the systems and internal applications, which are expected by employees to follow (Eloff, Labuschagne, Solms Dhillon, 2011). All these security policies are reviewed and updated periodically. Staff is also needed to attain continuous security training over the security topics like the safe internet use, how to label, handle the sensitive information, and working through the remote location safety (Axelrod, Bayuk Schutzer, 2009). Extra training is also provided about the interest policy topics, which includes the areas of emerging technology like safe use of social technologies and mobile devices (Eloff, Labuschagne, Solms Dhillon, 2011). The security organization of Google is divided into various teams, which emphasize over the auditing of global security, information security, and compliance, along with physical security for safeguarding the hardware infrastructure of Google (Eloff, Labuschagne, Solms Dhillon, 2011). Together teamwork addresses the complete international computing environment. In case of Information Security team, Google hires the full-time team of information security, which includes 250 experts in the area of network security, information, and application (Eloff, Labuschagne, Solms Dhillon, 2011). The team is highly responsible for the maintaining the organization perimeter as well as internal defense systems, creating the process for securing the development as well as security review and constructing the customized security infrastructure (Eloff, Labuschagne, Solms Dhillon, 2011). It also implies the leading role in the documentation, development and Google security policies implantation poli cies and standard (Axelrod, Bayuk Schutzer, 2009). Corporate officers and their roles as described in public documentation In the present time, the world is moving towards IT as the required belonging, but the threats around the It world are also rising (Gofbole, 2008). This might lead towards the IT security strategies, which can resolve the IT issues and can even control the threats happening in the technology area (Gofbole, 2008). The Information Technology security professionals manage the responsibility for safeguarding the IT world through increasing problems and threats (Gofbole, 2008). Whoever takes the responsibility of protecting the infrastructure, networks and computer systems are the system administration, IT security professionals, information security engineers, network security officers, chief information officer, chief security officers, network engineers, information assurance manager, chief information security officer as well as computer operators are among the few that hold fundamental role in IT security professionals (Gofbole, 2008). The IT security professionals job revolves around IT system protection. It includes the infrastructure, network and all other IT information grounds (Gofbole, 2008). Customer data, securing the information assets, financial information and various other critical IT information is the main responsibility of the security IT professionals (Hamid, 2007). Their role holds the responsibility to offer access to the information to the users relied on the identity and necessity. Information is provided to people when they are legally eligible for attaining access (Harkins, 2012). Every department of IT security holds particular policies and principles according to the policies of the company and require following the same (Axelrod, Bayuk Schutzer, 2009). They adopt the specific set of regulations, rules, strategies, and methodologies for protecting the information systems (Harkins, 2012). The IT security professional responsibility is definite as mentioned below: Significant IT security professional responsibilities Designing and developing the software and security devices for ensuring the client information and product safety (Harkins, 2012). Measures of measuring the security of IT within the network system Inspections of operating regulation and network process for updates about security (Axelrod, Bayuk Schutzer, 2009). Undertaking the audit process for initiating the safety and security measures and strategies (Harkins, 2012). Customize information access according to necessity and rules Maintaining the standard security information policy, services, and procedure (Harkins, 2012). Above mentioned are the responsibility of each, and every It security professional relied on the role required to meet. Through making sure about the high responsibility can be referred a scaling job (Jacobs, 2015). One needs to get updated with the advanced skills and knowledge along with the particular work within the team towards attaining the information security perfect security (Kim Solomon, 2010). The analysis is also done about the skills that are required by IT professional, and the same is mentioned below: Skills required for IT security professionals: The IT security professionals are expected to be a strategist to make sure about protecting the infrastructure, network as well as computer systems (Kim Solomon, 2010). It is also important that one should be aware of the evolving security controls and measures and should hold ability for implementing the same in the company (Kim Solomon, 2010). Besides that, the security professional in IT need to be strategic, and that should be enough for judging the before as well as after results of the security measure (Kim Solomon, 2010). The IT security professionals need to be adequate management as well as communication skills for making sure about the effective coordination with the clients and team (Axelrod, Bayuk Schutzer, 2009). She and He are requiring communicating with the organizational professionals regarding the IT terms (Kim Solomon, 2010). Similar to that, while handling the client, the measures and principle of security should be taught clearly within the organization (Kim Solomon, 2010). Other skills expected of the IT security professionals are to stay technically competent. It is also important that they should always hold re-skills along with advanced technology skills to become capable of grasping the issues of technical security immediate and solve the same (Kouns Minoli, 2011). These are few of the significance skills needed by the IT security professionals. Whether the governance structures and policies reflect regulatory requirements IT security governance is considered as the system through which companies can direct and control the security of IT that is adopted by the ISO 38500 (Kouns Minoli, 2011). It is noted that IT security governance need not get confused with the security management of IT (Axelrod, Bayuk Schutzer, 2009). IT security management should be concerned with creating decisions for mitigating the risks; even governance determines the authorization of taking decisions (Kouns Minoli, 2011). Governance explicitly specifies the accountability framework and offers an outright for making sure about the risks that should be mitigated adequately, while the management makes sure about the controls that are implemented for reducing the risk (Peltier, 2005). Management suggests the security strategies. Governance also makes sure about the security strategies that are aligned with the business regulation and objectives (Peltier, 2005). NIST explains about the IT governance and mentioned it as the process of setting and maintaining the framework for offering assurance that IT security strategies are connected with the help of business objectives, which are consistent with the relevant laws and regulations by the adherence towards internal control and policies and offer responsibility for managing the risk (Calabrese, 2004). There are many laws and regulations, and from that, few are particular of industries that can impact the information Technology (Axelrod, Bayuk Schutzer, 2009). Each company should explore the appropriate regulations affecting them and then only they should respond accordingly, and make sure that both the role and responsibilities for analyzing the matters of legal and regulatory are defined correctly for every stakeholder group, so that every group can easily apply the particular expertise in efficient manner (Axelrod, Bayuk Schutzer, 2009). The current increase in the regulations that impact the IT use is due to various factors like, laws for protecting the information along with its potential to misuse the electronic form; increase in computer system and network use for undertaking the criminal activities, which also includes hacking, viruses, pornography and money laundering (Solms Solms, 2008). Increase in the massive contractual relationship with the IT products and services, such as product license, outsourcing, and managed services (Solms Solms, 2008). It also includes the increase in various types of electronic media as well as the potential for misusing the valuable information assets, which results in the intellectual and copyright property problems concerning with the user and vendors (Axelrod, Bayuk Schutzer, 2009). How the organization addresses and mitigates risk In the rapid-paced international economy, this relies on most of the information, by making sure about the IT asset security to get paramount (Peltier, 2008). Building on the current research through CompTIA, around 28% of the present business list security is considered an important factor, and this number is measured for improving in coming two years (Peltier, 2008). The study also rightly claim that various organizations believe that secure enough is potentially vulnerable to critical security threats that emerge with new technologies (Peltier, 2008). These increasing threats are initiating the business to these growing threats are starting the business to adopt the new methods for examining the changing needs of security. In a survey conducted by Gartner, research shows that the mobile rules for most of the organizations (Peltier, 2008). Keep system updated Most of the failure of the system happens due to the lack of right patch. Few statistics related to researchers explain the interesting facts related with similar vulnerably faced by the companies (Peltier, 2016). In case the companies help BYOD and then also control over performing the standard maintenance, then in that case issues usually get worse, as they invite attack sources without having any prevention (Axelrod, Bayuk Schutzer, 2009). To avoid the risk, it is important to ensure the system that is updated, and it also includes the servers inside the laptops, company, mobile device, and desktops (Peltier, 2016). Small mobile devices come through different operating systems, and firmware (Axelrod, Bayuk Schutzer, 2009). By considering this, companies are expected to permit the mobile devices for patching to get maintained ideally (Peltier, 2016). Undertake governance review as well as assessment of mobile security Consideration and assessment of governance are necessary for measuring and defining the IT operations operational efficiency and explore the gaps that require getting fixed (Stamp, 2011). Famous research organizations like OWASP and Gartner provides the security matrices for performing the security assessment and explore the maturity level of IT security of an organization (Tipton Krause, 2009). Information technology scores the famous assessment matrix through Gartner that supports the company is exploring the risk and measuring and analyzing the mobile security program maturity of business (Axelrod, Bayuk Schutzer, 2009). For instance, in case of Spider chart, it is noted that the chart indicates about the presents core of the company, where else the chart shows the ideal score of an organization (Tipton Krause, 2009). Cyberwarfare It is suggested that the correct application of intrusion prevention as well as intrusion detection system along with firewalls is the primary response (Axelrod, Bayuk Schutzer, 2009). Through undertaking the real-time analysis of the network traffic like investigating and the security threat inclusion, and individual companies can detect the less sophisticated attack related to the user level (Tipton Krause, 2009). Huge organizations are suggested to get aware of the network security and vulnerabilities, and they are also expected to work towards securing the advanced threat protection platform properties for the betterment of the endpoint protection and server security protection (Tipton Krause, 2009). About the government cyber-attacks, the main defense line is to undertake the common front existing between the cyber attackers (Axelrod, Bayuk Schutzer, 2009). There is no correct time for opening about the dialogue as well as collaboration among the government industries and ag encies for taking action against the cyberwarfare (Tipton Krause, 2009). It is suggested that attacks, which go massive, the interconnected system could be disclosed readily by comparing the information and creating the similar task forces (Axelrod, Bayuk Schutzer, 2009). Detection and protection are not enough for stopping the attackers each time, but it can also inhibit the future as well as common threats (Tipton Krause, 2009). Espionage Individuals and organizations might apply to bring your device (BYOD) that look inexpensive solution, but the same might develop certain issues (Vacca, 2017). If one assists the BYOD then, in that case, it is suggested that they should try to enforce the management as well as maintenance (Vacca, 2017). It is again crucial for making sure that the mechanism of device control should safeguard the leakage of information (Axelrod, Bayuk Schutzer, 2009). It also permits the USB devices for inserting, but rather it will also encrypt the information (Vacca, 2017). When the information is later applied to certain another system in the organizational environment, then in that case information will be encrypted automatically and then it can be decrypted, when it is copied towards the system that holds no device control mechanism, then it will be of no use (Wheeler, 2011). Its also recommended that critical infrastructure protection through dividing the intellectual property network through the corporate network and allows having access towards the network by individuals that require access (Javidi, 2006). But it is also crucial to do more than that, documenting and deciding the permits to work towards the network and include physical access towards the location and analyze the network requirement and it should be determined (Javidi, 2006). Possible improvements/impacts of internal changes/external factors on the 2-3 year horizon For reducing the interruption of service due to the failure of hardware, natural disaster as well as various another catastrophes, Google try to implement the program of disaster recovery at every data centers (Basin, Schaller Schlpfer, 2011). This program covers up different elements for reducing the risk of an individual point of failure, which also includes the replication and backup of data (Basin, Schaller Schlpfer, 2011). In case of backup and data replication, the application information of Google is replicated through various systems applied within the data center and in particular cases, its replicated to different city centers (Basin, Schaller Schlpfer, 2011). Google quickly operates geographically distributed data centers set, which are designed for maintaining the continuity of service during disaster events or many another incident in the individual region (Basin, Schaller Schlpfer, 2011). The connection of high speed among the data centers supports in failover. Data centers management is also divided for offering the location independent and system administration (Basin, Schaller Schlpfer, 2011). Along with that data redundancy as well as regional disparate data centers, Google tries to hold the business continuity plan in its headquarters (Axelrod, Bayuk Schutzer, 2009). The method accounts for the key disasters like a seismic event or either the public health crisis, or it also tries to assume that both services and people might not be available for a month (Basin, Schaller Schlpfer, 2011). This plan was primarily designed for enabling the continued operations of the customer service (Patel, 2008). Google also undertake continuou s test about the disaster recovery plan (Axelrod, Bayuk Schutzer, 2009). For instance, at the time of tests, the geographic location of disaster is also stimulated through conducting the IT system, an operational process in off-line location and permitting the process and system for transferring the fail location that is designated by the disaster recovery plan (Basin, Schaller Schlpfer, 2011). During the time of the test, it is verified that the operations and business functions can easily operate the off-line failover location and logged through the remediation (Basin, Schaller Schlpfer, 2011). Conclusion Google hires the strategy of multi-layer security, which includes the ten essential elements that are shown in the paper, which help the platform for getting used by the million in the company, covering Google Inc. to run the Google cloud technologies and product business. References Alberts, C. J., Dorofee, A. J. (2002). Managing Information Security Risks: The OCTAVE Approach. Addison-Wesley Professional Axelrod, C. W., Bayuk, J. L., Schutzer, D. (2009). Artech House information security and privacy series. Artech House Eloff, J., Labuschagne, L., Solms, R., Dhillon, G. (2011). Advances in Information Security Management Small Systems Security: IFIP TC11 WG11.1/WG11.2 Eighth Annual Working Conference on Information Security Management Small Systems Security September 2728, 2001, Las Vegas, Nevada, USA. Springer Gofbole, N. (2008). INFORMATION SYSTEMS SECURITY: SECURITY MANAGEMENT, METRICS, FRAMEWORKS AND BEST PRACTICES (With CD). Wiley India Pvt. Limited Gurpreet, D. (2000). Information Security Management: Global Challenges in the New Millennium: Global Challenges in the New Millennium. Idea Group Inc (IGI) Hamid, N. (2007). Information Security and Ethics: Concepts, Methodologies, Tools, and Applications: Concepts, Methodologies, Tools, and Applications. IGI Global Harkins, M. (2012). Managing Risk and Information Security: Protect to Enable Expert's voice in information technology. Apress Jacobs, S. (2015). Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance. John Wiley Sons Kim, D., Solomon, M. G. (2010). Fundamentals of Information Systems Security. Jones Bartlett Learning Kouns, J., Minoli, D. (2011). Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management. John Wiley Sons Peltier, T. R. (2005). Information Security Risk Analysis, Second Edition. CRC Press Peltier, T. R. (2008). How to Complete a Risk Assessment in 5 Days or Less. CRC Press Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. CRC Press Stamp, M. (2011). Information Security: Principles and Practice. John Wiley Sons Tipton, H. F., Krause, M. (2009). Information Security Management Handbook, Sixth Edition, Volume 3. CRC Press Vacca, J. R. (2017). Computer and Information Security Handbook. Morgan Kaufmann Wheeler, E. (2011). Security Risk Management: Building an Information Security Risk Management Program from the Ground Up. Elsevier Javidi, B. (2006). Optical and Digital Techniques for Information Security. Springer Science Business Media Basin, D., Schaller, P., Schlpfer, M. (2011). Applied Information Security: A Hands-on Approach. Springer Science Business Media Patel, D. R. (2008). INFORMATION SECURITY: Theory and Practice. PHI Learning Pvt. Ltd. Solms, S. H., Solms, R. (2008). Information Security Governance. Springer Science Business Media Axelrod, C. W., Bayuk, J. L., Schutzer, D. (2009). Enterprise Information Security and Privacy. Artech House Calabrese, T. (2004). Information Security Intelligence: Cryptographic Principles and Applications. Cengage Learning