Abstract
Information security is a major domain of analysis for enhancing the security of sensitive detained business organizations. These days, attackers are advancing themselves by applying highly advanced technological solutions such as artificially intelligent malicious codes, advanced phishing methods and many others to acquire sensitive and critical data from businesses. This paper presents a novel model framework to analyze the requirements of information security for a more robust information system and its assets in organizations. The framework of this model is designed in such a fashion that both new and legacy organizations can adopt it to define the requirement of security that will ensure confidentiality, integrity and availability of information systems and their components - including sensitive domain business and private data that is critical to the organization. There are two different model frameworks which are proposed here. The first one provides specifications of the security requirements and the second provides for the audit of the access logs to capture any unethical practices and violations by internal users. The proposed model for security requirements provides the roadmap to analyze and build proper security requirements to secure business sensitive data. Stepwise processes which are needed to analyze and define security requirements are the key factors of this security model, as they help in clear definitions of security frameworks and infrastructure for an organization. The Audit Model provides the framework for defining information auditing requirements, thus enabling the capture of unethical and unauthorized access to the information system components of the organization.
Highlights
Recent developments and advancements in information technology have shifted various systems onto the online platform
Protection of vital information such as business-related sensitive data, users’ personal data, users’ transaction data etc. is vital In recent times, cybercriminals have become highly sophisticated with new-generation hacking methods and tools, making security and protection of vital information a significant challenge to business entities and users
There are various sources of information, and these include the operating environment, management, databases, network infrastructure and the Internet. Securing all these artifacts associated with the information technology and systems is highly challenging both directly and indirectly as they are heterogeneous in nature and in their functions
Summary
Recent developments and advancements in information technology have shifted various systems onto the online platform. While some studies show that cryptography can provide the security to information and its related agents which are used to process, store, and transmit data, it may not be so This is because the existing cryptographic algorithms may fail to secure the vital information once the decryption key is discovered [1]. It is simple to design a social tool that can effectively launch a social engineering attack and secure vital information such as access identities and passwords from victims This indicates that a purely technical security framework is not adequate for securing vital information [2][3]. Risk analysis and Vulnerability analysis are the primary processes through which security requirements are analyzed This helps to identify, manage, and create countermeasures for securing critical information, information system assets and the components vulnerable to security threats. This research article proposes the use of an Analytical Framework for Security Effectiveness that can be applied to critical business data associated with information systems
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
