Third-party access security

Describe about the Telecommunications And Networking Strategy?

This assignment deals with the strategy of information technology and networking of ABCD University. An information resource security policy has been set in this assignment by considering the objective of risk reduction, law and regulation, information integrity and confidentiality of the information. This university provides world class infrastructure for the students. Students and staffs strength of ABCD University is 19000 and this institution provides 3000 computers those are accessed by the students and the staffs of this particular institution (Anadiotis et al. 2014).

However, this University is focusing upon the more innovative as well as productive strategy of networking and information technology service. This University has focused upon giving the world class phenomenon of innovative strategy of networking and information technology. Various types of aspects of ethical as well as unethical practices have to be stopped for the safety and security of the computers and the users. Privacy of the data should be considered by the University. Therefore, this University has focused upon the innovative design of networking and information technology.  These activities should be taken in order to mitigate the risks of the data.

As stated by, Bar and Leiponen (2014) third party access policy is very important policy for assessing the risk at the time of access of third parties to the information system of the university. It also helps to ensure effective security of information. In order to achieve third party access security some important elements have to be considered by the authority.

According to Hillston et al. (2004), the quantity of outside parties, service providers, vendors should be known by the authority. The authority should know the access system of the third parties. For this task, it is quite difficult to know the accurate system of access. Therefore, the information technology department of University should provide same and particular solution to access the network. Therefore, third parties have to use the remote access tool in order to get the access of the network of the University. By acquiring the Third Party access Security University can have the control over the networking and security of its own.  

On the other hand, Katsigiannis (2012) stated that, if the IT department of the University chooses a remote access tool, any unauthorized remote tool should not be allowed by the authority. Access tool that has been based on the web should be blocked by the university in order to protect from the hackers and third party vendors.

Several third party vendors demands for accessing the network system of the University. The information technology department should not provide access to all type of machines of networking of the University. If an employee or vendor wants to access the network the support system will require permission. This support system will help the department in order to restrict the third parties and control over the networking system. This system helps to monitor and restrict the accessing capacity of the vendors and employees. Process of permission is the important element in order to strongly control over the networking system of University. The authority also can change the permission setting (Khan et al. 2014). 

Classification of assets and control

According to Lokshina and Bartolacci (2014), the process of asset classification is a very important task of information technology. The location of assets and the respective values of the asset should be known by the respective authority. By knowing the assets the authority would be able to know the required time and money in order to take the necessary steps for protecting the assets. Various types of assets are discussed as follows:

Information assets: This refers to the several types of University related information. The information have been gathered from the genuine sources and classified as well as arranged and stored in different forms. Therefore those forms are discussed as follows:

Database: several types of financial information are gathered as the form of database. Database contains all the necessary as well as important information of customers, suppliers, vendors, sales, productions, marketing etc.

Information Archive: Legal information has been stored in the information archive.

Data files: Different types of transaction related data with proper dates have been stored as data files.

Backup and continuity: The information should be kept and maintained for any sudden situation. Relevant information should be kept with proper manner.

Software assets: Various types of application software and system software are used as the storage of information.

Physical assets: Various types of tangible assets, like desktop, laptop, hard drive, hard disk, modems, other technical equipments, power suppliers, air conditioners are being considered as the physical assets of the organization.

However, Meghanathan (2014) stated that, establishing an asset accountability is involved in the control process of various types of assets of University. Fixed asset register should be used by the authority in order to maintain the fixed record of the asset.

As stated by, Powell (2009), the information has been classified by two methods. Information can be classified by the characteristics of information and by its application. The characteristics of information can be three types. Decision making information can be of three types, one that is related to the strategy other that is related to the tactics and other that is related to the operations. On the other hand, the information can be classified by its application. Planning information, controlling information, organizational information, knowledge information, operational information and database information are involved in the classification of information.

The authority should provide adequate knowledge in order to train the teacher, staffs and students. Basic knowledge about information technology, software, hardware and operating system should be provided by the authority for enhancing their practical and theoretical knowledge. The university should implement a trained and experienced teacher in order to provide basic knowledge about information technology, networking and security issues of information technology. This will be helpful for the future practice of security and networking among the working procedures of the university. Proper training will help the user to work with proper manner. Proper trained user would never damage the system (Sanyal and Prasad,2014).

System of networking or computer should be protected from various types of unauthorized sources or access. Various types of security issues can be solved by the available antivirus within the market. Viruses, worms, Trojans and spyware can cause damage to the computer system. Besides taking this activity, machine firewalls should be kept on at the time of data transfer. Trained and experienced team of information technology has the ability to recognize the malfunction within the system.  

Information classification

Figure: An efficient architecture of Network Security

(Source:  Shakhakarmi, 2014, pp- 26)

As stated by, Tosti and Umiliaco (2014) the University should be able to prevent any sort of unauthorized access within the critical and important areas of access. Server rooms and other rooms those are stored with valuable as well as important documents and data that should be protected by the authority. On the other hand, cash and more valuable assets are stored in the rooms those are should be kept with strong security. This security measure should be taken in order to prevent major damage of these physical properties. On the other hand, Tropina (2015) stated that, the authority should make security perimeters for restricting the entry for the sensitive areas those can hold various types of facilities of holding important information. Apart from these, fire alarms, CCTVs, alarmed locks, motion alarms, audio surveillance are involved in the system those can be used by the authority. Biometric authentication device can also be installed by the authority in order to control any sort of unauthorized entry (WANG et al. 2014).

These are the important measures for protecting the physical damage of various types of equipments. Besides taking these initiatives, accurate as well as efficient protection should be used by the authority in order to protect these equipments from natural disasters, like cyclone, earthquakes, floods etc. On the other hand, the authority should check that any equipment should not harm the environment of that place. Environment should be clean and pollution free. Several types of equipments of information technology and networking often cause danger for the birds. Mobile wave and other wave can be harmful for the birds and creature of the environment. These waves have become the cause of death of many birds. Therefore, it causes the environmental imbalances. Therefore, the authority should consider the ecology of the environment. They should not use those type of equipments those are harmful for the environment (Wytra et al. 2014).

However, Anadiotis et al. (2014) stated that, in order to control the access various types of control system can be implemented by the authority. As discussed by, Fodor and Dan (2007), access control is the most important part within the field of physical as well as information security. This is a system of selection that ensures a selective and particular access to a resource or place of information. Permission to an accurate access is called as authorization of the access for the resource.

Therefore Huang et al. (2012), stated that, ABCD University can implement an effective control system that is attribute based.  Attribute based access control system is therefore granted on the basis of the attributes of the users. Before getting access to the control engine the particular user should provide as well as prove some few and necessary details in order to get the access of the control engine. Here an example is given to clear the fact that, a claim has been done in the form of Team IT, therefore, the user should prove this claim. After proving the claim, the user should be able to get access of the control engine. For attribute based access control system, XACML is the standard system of access control (Michaelis, 2012).

Process of user training

As stated by Reddish et al. (2012), cryptographic deals with various types of guidelines, integrity of data, user authentication, confidentiality etc. In order to maintain the security of networking and various types of elements of information technology cryptographic control should be implemented by the University. Cryptographic control includes identification and credentials for authentication within the storage transit. Various types of important information those are related to the wireless communication should be stored by considering cryptographic control. On the other hand, Michaelis (2012) argued that, in order to transfer important and sensitive data through internet cryptographic control should be used by the authority.

According to Powell (2009), university should implement the Compliance audit system. The system of compliance audit should be adopted by the many educational as well as other organizations. This is a very popular and effective technique for the institution. This system has been kept for monitoring the rules and regulations of the organization. Compliance system should be analyzed by the personnel of information technology in order to make a concrete compliance plans. On the other hand, Lokshina and Bartolacci (2014) argued that, several types of policies those are related to the access control of the user, security of the system, risk management techniques should be reviewed by the auditor. Necessary information should be backed up and protected for the future with the help of Disaster Recovery Infrastructure.

Conclusions:

Every organization needs to implement information technology for giving better service to the target audiences.  Within the competitive sector of the market digitalization and automation are very important in order to achieve the competition of the market. Proper educational service needs the innovative as well as developed technology by the institution. It is mandatory for all organizations to use the system of computers. Information technology should be acquired by every institution for providing better service to the students and other staffs of the organization.

Effective and innovative design should be taken by the authority. The people of the institution should well equipped with proper knowledge and training. The authority should implement the important mechanism in order to prevent the data that has been kept confidential in the storage of computer.

Reference lists

Tropina, T. (2015) Book Review Telecommunications Policy

Anadiotis, A., Patrikakis, C. and Murat Tekalp, A. (2014). Information-centric networking for multimedia, social and peer-to-peer communications. Trans. Emerging Tel. Tech., 25(4), pp.383-391.

Bar, T. and Leiponen, A. (2014). Committee Composition and Networking in Standard Setting: The Case of Wireless Telecommunications. Journal of Economics & Management Strategy, 23(1), pp.1-23.

Hillston, J., Kloul, L. and Mokhtari, A. (2004). Towards a Feasible Active Networking Scenario. Telecommunication Systems, 27(2-4), pp.413-438.

Katsigiannis, M. (2012). Mobile Network Offloading. International Journal of Interdisciplinary Telecommunications and Networking, 4(3), pp.40-53.

Khan, J., Chen, D. and Hulin, O. (2014). Enabling technologies for effective deployment of Internet of Things (IoT) systems: A communication networking perspective. ajTDE, 2(4).

Lokshina, I. and Bartolacci, M. (2014). Thinking eHealth:. International Journal of Interdisciplinary Telecommunications and Networking, 6(3), pp.27-36.

Meghanathan, N. (2014). Centrality-Based Connected Dominating Sets for Complex Network Graphs. International Journal of Interdisciplinary Telecommunications and Networking, 6(2), pp.1-24.

Powell, S. (2009). Interdisciplinarity in Telecommunications and Networking. International Journal of Interdisciplinary Telecommunications and Networking, 1(1), pp.1-8.

Sanyal, R. and Prasad, R. (2014). Enabling Cellular Device to Device Data Exchange on Sarkar, N. and Nisar, K. (2012). Performance of VoIP in Wired-Cum-Wireless Ethernet Network. International Journal of Interdisciplinary Telecommunications and Networking, 4(4), pp.1-25.

Shakhakarmi, N. (2014). Next Generation Wearable Devices:. International Journal of Interdisciplinary Telecommunications and Networking, 6(2), pp.25-51.

Tosti, F. and Umiliaco, A. (2014). FDTD Simulation of the GPR Signal for Preventing the Risk of Accidents due to Pavement Damages. International Journal of Interdisciplinary Telecommunications and Networking, 6(1), pp.1-9.

WANG, G., HUANG, T., LIU, J., XIE, R. and LIU, Y. (2014). In-network caching for energy efficiency in content-centric networking. The Journal of China Universities of Posts and Telecommunications, 21(4), pp.25-31.

Wytrębowicz, J., Ries, T., Dinh, K. and Kukliński, S. (2014). SDN Controller Mechanisms for Flexible and Customized Networking. International Journal of Electronics and Telecommunications, 60(4).

Anadiotis, A., Patrikakis, C. and Murat Tekalp, A. (2014) Information-centric networking for multimedia, social and peer-to-peer communications Trans. Emerging Tel. Tech., 25(4), pp.383-391

Fodor, V. and Dan, G. (2007) Resilience in live peer-to-peer streaming [Peer-to-Peer Multimedia Streaming]. IEEE Communications Magazine, 45(6), pp.116-123

Huang, Y., Obaidat, M., Kato, N. and Deng, D. (2012) Multimedia P2P networking: Protocols, solutions and future directions. Peer-to-Peer Netw. Appl., 5(4), pp.309-311

Michaelis, C. (2012). Considerations for Implementing OGC WMS and WFS Specifications in a Desktop GIS JGIS, 04(02), pp.161-167

Reddish, T., Sullivan, M., Hammond, P., Thorn, P. and Arora, G. (2012) Stable operating conditions for a passive desktop sized electrostatic storage ring. J. Phys.: Conf. Ser., 388(14), p.142013