In the era of globalization as well as technological advancement, Google has tried to place their position in the mind of cyber users, like the powerful search engine over the internet and it’s also used widely as the web-based search engine all over the world (Alberts & Dorofee, 2002). It doesn’t matter, whether it’s old or young, Google can always be seen in the conversation about computers or internet (Axelrod, Bayuk & Schutzer, 2009). One can view the history about how the companies enhance from small too big and are also identified all over the world. The core business of Google is to offer the search engine to the cyber user, who is interested in going to their place of interest (Alberts & Dorofee, 2002). The search engine of Google tries to attract various internet users through simple design, but outcomes are quite amazing search outcome (Axelrod, Bayuk & Schutzer, 2009). After the starting stage of the Google setting itself at the global position, it started selling the ads related to the keywords of search. The ads were text-based to increase the loading speed of the page (Alberts & Dorofee, 2002). Most of the revenue of Google depends on the ads, and they had attained success with the support of AdSense and AdWords in the system after attaining experience within the industry (Alberts & Dorofee, 2002).
For developing the expected IT infrastructure, the department of IT try to maintain the balance among the purchasing of products from the outside vendors and try to draw up the software; for instance the organization purchase of the software from Oracle for maintaining the accounts; whereas, when the case of managing the customer relationship management, Google try to develop the software (Alberts & Dorofee, 2002). Through the administration of the company try to create the data, that is made available to every employee, it also tries to make sure that the information is protected from getting misused or either used through the unauthenticated users (Alberts & Dorofee, 2002). Google even try to encourage the use of open source software through applying it. It also initiates the students to work and develop the new software through offering the internship programs. In this manner, the company tries to attain new ideas that can be supportive (Alberts & Dorofee, 2002). Google also seeks to develop the similar applications such as Google Apps that can be applied for the external and internal purpose (Axelrod, Bayuk & Schutzer, 2009). The algorithm search engine is continuously updated, so that retrieval of information could get more relevant (Alberts & Dorofee, 2002). The engineers ensure that the retrieval of information for the internet user get less. Google also adopts the round robin policy, which supports them in load balancing of server load. The servers of Google are categorized in various types, and every server is assigned with a particular function (Axelrod, Bayuk & Schutzer, 2009).
The business nature makes the Google emphasize the aspects of security and try to make it critical for Google (Axelrod, Bayuk & Schutzer, 2009). The master search algorithm of the formula is to keep things secret. Instead of trying to implement the measures of strict policy, the organization ensures about the organization infrastructure as secured (Axelrod, Bayuk & Schutzer, 2009). The focus is placed on the corrective and detective controls. More than 150 engineers are hired for offering the information security as well as for maintaining the organization security infrastructure (Axelrod, Bayuk & Schutzer, 2009). The engineers regularly view the virus-like Spyware, and Google makes use of intrusion detection system for avoiding the breach of security (Axelrod, Bayuk & Schutzer, 2009).
It can be mentioned that, for the type of technology and innovation, Google produce the culture, governance as well as process as perfectly applied for generating the assistance of an idea one another (Axelrod, Bayuk & Schutzer, 2009). The top executives hold instinct for taking the company and agree with them, in case they ask for hostile takeovers to place long-term vision (Axelrod, Bayuk & Schutzer, 2009). The model of media might be right as compared to them, as both of them are reliant on the talent and vision. The culture of creative corporate is fabulous for attracting the Googolplex as the right playground for developing the magic of Google (Axelrod, Bayuk & Schutzer, 2009). The process of organization of permitting the staff for using 20% of the work time in combination with the teamwork style that looks like a right formula for developing the dirty and rough prototype that it explored the value that could create entirely through the alpha to beta (Axelrod, Bayuk & Schutzer, 2009). The only types of limitation that can view the ego possibility in the manner of doing the right work and the company’s size eventually turn the staff and businesses customers (Axelrod, Bayuk & Schutzer, 2009). This could be branding issue for Google in the coming time over how to deal with the increase in huge companies (Axelrod, Bayuk & Schutzer, 2009).
The commitment of Google towards security is outlined through Code of the conduct of Google, along with security philosophy of Google (Eloff, Labuschagne, Solms & Dhillon, 2011). All these policies include the huge array of the security linked with the topics, which includes the necessary policies that each staff should comply with physical security, account, data as well as few specific policies including the systems and internal applications, which are expected by employees to follow (Eloff, Labuschagne, Solms & Dhillon, 2011). All these security policies are reviewed and updated periodically. Staff is also needed to attain continuous security training over the security topics like the safe internet use, how to label, handle the sensitive information, and working through the remote location safety (Axelrod, Bayuk & Schutzer, 2009). Extra training is also provided about the interest policy topics, which includes the areas of emerging technology like safe use of social technologies and mobile devices (Eloff, Labuschagne, Solms & Dhillon, 2011).
The security organization of Google is divided into various teams, which emphasize over the auditing of global security, information security, and compliance, along with physical security for safeguarding the hardware infrastructure of Google (Eloff, Labuschagne, Solms & Dhillon, 2011). Together teamwork addresses the complete international computing environment. In case of Information Security team, Google hires the full-time team of information security, which includes 250 experts in the area of network security, information, and application (Eloff, Labuschagne, Solms & Dhillon, 2011). The team is highly responsible for the maintaining the organization perimeter as well as internal defense systems, creating the process for securing the development as well as security review and constructing the customized security infrastructure (Eloff, Labuschagne, Solms & Dhillon, 2011). It also implies the leading role in the documentation, development and Google security policies implantation policies and standard (Axelrod, Bayuk & Schutzer, 2009).
In the present time, the world is moving towards IT as the required belonging, but the threats around the It world are also rising (Gofbole, 2008). This might lead towards the IT security strategies, which can resolve the IT issues and can even control the threats happening in the technology area (Gofbole, 2008). The Information Technology security professionals manage the responsibility for safeguarding the IT world through increasing problems and threats (Gofbole, 2008).
Whoever takes the responsibility of protecting the infrastructure, networks and computer systems are the system administration, IT security professionals, information security engineers, network security officers, chief information officer, chief security officers, network engineers, information assurance manager, chief information security officer as well as computer operators are among the few that hold fundamental role in IT security professionals (Gofbole, 2008). The IT security professional’s job revolves around IT system protection. It includes the infrastructure, network and all other IT information grounds (Gofbole, 2008).
Customer data, securing the information assets, financial information and various other critical IT information is the main responsibility of the security IT professionals (Hamid, 2007). Their role holds the responsibility to offer access to the information to the users relied on the identity and necessity. Information is provided to people when they are legally eligible for attaining access (Harkins, 2012). Every department of IT security holds particular policies and principles according to the policies of the company and require following the same (Axelrod, Bayuk & Schutzer, 2009). They adopt the specific set of regulations, rules, strategies, and methodologies for protecting the information systems (Harkins, 2012). The IT security professional responsibility is definite as mentioned below:
Above mentioned are the responsibility of each, and every It security professional relied on the role required to meet. Through making sure about the high responsibility can be referred a scaling job (Jacobs, 2015). One needs to get updated with the advanced skills and knowledge along with the particular work within the team towards attaining the information security perfect security (Kim & Solomon, 2010). The analysis is also done about the skills that are required by IT professional, and the same is mentioned below:
Skills required for IT security professionals:
IT security governance is considered as the system through which companies can direct and control the security of IT that is adopted by the ISO 38500 (Kouns & Minoli, 2011). It is noted that IT security governance need not get confused with the security management of IT (Axelrod, Bayuk & Schutzer, 2009). IT security management should be concerned with creating decisions for mitigating the risks; even governance determines the authorization of taking decisions (Kouns & Minoli, 2011). Governance explicitly specifies the accountability framework and offers an outright for making sure about the risks that should be mitigated adequately, while the management makes sure about the controls that are implemented for reducing the risk (Peltier, 2005). Management suggests the security strategies. Governance also makes sure about the security strategies that are aligned with the business regulation and objectives (Peltier, 2005).
NIST explains about the IT governance and mentioned it as the process of setting and maintaining the framework for offering assurance that IT security strategies are connected with the help of business objectives, which are consistent with the relevant laws and regulations by the adherence towards internal control and policies and offer responsibility for managing the risk (Calabrese, 2004). There are many laws and regulations, and from that, few are particular of industries that can impact the information Technology (Axelrod, Bayuk & Schutzer, 2009). Each company should explore the appropriate regulations affecting them and then only they should respond accordingly, and make sure that both the role and responsibilities for analyzing the matters of legal and regulatory are defined correctly for every stakeholder group, so that every group can easily apply the particular expertise in efficient manner (Axelrod, Bayuk & Schutzer, 2009).
The current increase in the regulations that impact the IT use is due to various factors like, laws for protecting the information along with its potential to misuse the electronic form; increase in computer system and network use for undertaking the criminal activities, which also includes hacking, viruses, pornography and money laundering (Solms & Solms, 2008). Increase in the massive contractual relationship with the IT products and services, such as product license, outsourcing, and managed services (Solms & Solms, 2008). It also includes the increase in various types of electronic media as well as the potential for misusing the valuable information assets, which results in the intellectual and copyright property problems concerning with the user and vendors (Axelrod, Bayuk & Schutzer, 2009).
In the rapid-paced international economy, this relies on most of the information, by making sure about the IT asset security to get paramount (Peltier, 2008). Building on the current research through CompTIA, around 28% of the present business list security is considered an important factor, and this number is measured for improving in coming two years (Peltier, 2008). The study also rightly claim that various organizations believe that secure enough is potentially vulnerable to critical security threats that emerge with new technologies (Peltier, 2008). These increasing threats are initiating the business to these growing threats are starting the business to adopt the new methods for examining the changing needs of security. In a survey conducted by Gartner, research shows that the mobile rules for most of the organizations (Peltier, 2008).
Most of the failure of the system happens due to the lack of right patch. Few statistics related to researchers explain the interesting facts related with similar vulnerably faced by the companies (Peltier, 2016). In case the companies help BYOD and then also control over performing the standard maintenance, then in that case issues usually get worse, as they invite attack sources without having any prevention (Axelrod, Bayuk & Schutzer, 2009). To avoid the risk, it is important to ensure the system that is updated, and it also includes the servers inside the laptops, company, mobile device, and desktops (Peltier, 2016). Small mobile devices come through different operating systems, and firmware (Axelrod, Bayuk & Schutzer, 2009). By considering this, companies are expected to permit the mobile devices for patching to get maintained ideally (Peltier, 2016).
Consideration and assessment of governance are necessary for measuring and defining the IT operations operational efficiency and explore the gaps that require getting fixed (Stamp, 2011). Famous research organizations like OWASP and Gartner provides the security matrices for performing the security assessment and explore the maturity level of IT security of an organization (Tipton & Krause, 2009). Information technology scores the famous assessment matrix through Gartner that supports the company is exploring the risk and measuring and analyzing the mobile security program maturity of business (Axelrod, Bayuk & Schutzer, 2009). For instance, in case of Spider chart, it is noted that the chart indicates about the presents core of the company, where else the chart shows the ideal score of an organization (Tipton & Krause, 2009).
It is suggested that the correct application of intrusion prevention as well as intrusion detection system along with firewalls is the primary response (Axelrod, Bayuk & Schutzer, 2009). Through undertaking the real-time analysis of the network traffic like investigating and the security threat inclusion, and individual companies can detect the less sophisticated attack related to the user level (Tipton & Krause, 2009). Huge organizations are suggested to get aware of the network security and vulnerabilities, and they are also expected to work towards securing the advanced threat protection platform properties for the betterment of the endpoint protection and server security protection (Tipton & Krause, 2009). About the government cyber-attacks, the main defense line is to undertake the common front existing between the cyber attackers (Axelrod, Bayuk & Schutzer, 2009). There is no correct time for opening about the dialogue as well as collaboration among the government industries and agencies for taking action against the cyberwarfare (Tipton & Krause, 2009). It is suggested that attacks, which go massive, the interconnected system could be disclosed readily by comparing the information and creating the similar task forces (Axelrod, Bayuk & Schutzer, 2009). Detection and protection are not enough for stopping the attackers each time, but it can also inhibit the future as well as common threats (Tipton & Krause, 2009).
Individuals and organizations might apply to bring your device (BYOD) that look inexpensive solution, but the same might develop certain issues (Vacca, 2017). If one assists the BYOD then, in that case, it is suggested that they should try to enforce the management as well as maintenance (Vacca, 2017). It is again crucial for making sure that the mechanism of device control should safeguard the leakage of information (Axelrod, Bayuk & Schutzer, 2009). It also permits the USB devices for inserting, but rather it will also encrypt the information (Vacca, 2017). When the information is later applied to certain another system in the organizational environment, then in that case information will be encrypted automatically and then it can be decrypted, when it is copied towards the system that holds no device control mechanism, then it will be of no use (Wheeler, 2011).
It’s also recommended that critical infrastructure protection through dividing the intellectual property network through the corporate network and allows having access towards the network by individuals that require access (Javidi, 2006). But it is also crucial to do more than that, documenting and deciding the permits to work towards the network and include physical access towards the location and analyze the network requirement and it should be determined (Javidi, 2006).
Possible improvements/impacts of internal changes/external factors on the 2-3 year horizon
For reducing the interruption of service due to the failure of hardware, natural disaster as well as various another catastrophes, Google try to implement the program of disaster recovery at every data centers (Basin, Schaller & Schläpfer, 2011). This program covers up different elements for reducing the risk of an individual point of failure, which also includes the replication and backup of data (Basin, Schaller & Schläpfer, 2011). In case of backup and data replication, the application information of Google is replicated through various systems applied within the data center and in particular cases, its replicated to different city centers (Basin, Schaller & Schläpfer, 2011).
Google quickly operates geographically distributed data centers set, which are designed for maintaining the continuity of service during disaster events or many another incident in the individual region (Basin, Schaller & Schläpfer, 2011). The connection of high speed among the data centers supports in failover. Data centers management is also divided for offering the location independent and system administration (Basin, Schaller & Schläpfer, 2011). Along with that data redundancy as well as regional disparate data centers, Google tries to hold the business continuity plan in its headquarters (Axelrod, Bayuk & Schutzer, 2009). The method accounts for the key disasters like a seismic event or either the public health crisis, or it also tries to assume that both services and people might not be available for a month (Basin, Schaller & Schläpfer, 2011). This plan was primarily designed for enabling the continued operations of the customer service (Patel, 2008). Google also undertake continuous test about the disaster recovery plan (Axelrod, Bayuk & Schutzer, 2009). For instance, at the time of tests, the geographic location of disaster is also stimulated through conducting the IT system, an operational process in off-line location and permitting the process and system for transferring the fail location that is designated by the disaster recovery plan (Basin, Schaller & Schläpfer, 2011). During the time of the test, it is verified that the operations and business functions can easily operate the off-line failover location and logged through the remediation (Basin, Schaller & Schläpfer, 2011).
Google hires the strategy of multi-layer security, which includes the ten essential elements that are shown in the paper, which help the platform for getting used by the million in the company, covering Google Inc. to run the Google cloud technologies and product business.
Alberts, C. J., & Dorofee, A. J. (2002). Managing Information Security Risks: The OCTAVE Approach. Addison-Wesley Professional
Axelrod, C. W., Bayuk, J. L., & Schutzer, D. (2009). Artech House information security and privacy series. Artech House
Eloff, J., Labuschagne, L., Solms, R., & Dhillon, G. (2011). Advances in Information Security Management & Small Systems Security: IFIP TC11 WG11.1/WG11.2 Eighth Annual Working Conference on Information Security Management & Small Systems Security September 27–28, 2001, Las Vegas, Nevada, USA. Springer
Gofbole, N. (2008). INFORMATION SYSTEMS SECURITY: SECURITY MANAGEMENT, METRICS, FRAMEWORKS AND BEST PRACTICES (With CD). Wiley India Pvt. Limited
Gurpreet, D. (2000). Information Security Management: Global Challenges in the New Millennium: Global Challenges in the New Millennium. Idea Group Inc (IGI)
Hamid, N. (2007). Information Security and Ethics: Concepts, Methodologies, Tools, and Applications: Concepts, Methodologies, Tools, and Applications. IGI Global
Harkins, M. (2012). Managing Risk and Information Security: Protect to Enable Expert’s voice in information technology. Apress
Jacobs, S. (2015). Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance. John Wiley & Sons
Kim, D., & Solomon, M. G. (2010). Fundamentals of Information Systems Security. Jones & Bartlett Learning
Kouns, J., & Minoli, D. (2011). Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management. John Wiley & Sons
Peltier, T. R. (2005). Information Security Risk Analysis, Second Edition. CRC Press
Peltier, T. R. (2008). How to Complete a Risk Assessment in 5 Days or Less. CRC Press
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. CRC Press
Stamp, M. (2011). Information Security: Principles and Practice. John Wiley & Sons
Tipton, H. F., & Krause, M. (2009). Information Security Management Handbook, Sixth Edition, Volume 3. CRC Press
Vacca, J. R. (2017). Computer and Information Security Handbook. Morgan Kaufmann
Wheeler, E. (2011). Security Risk Management: Building an Information Security Risk Management Program from the Ground Up. Elsevier
Javidi, B. (2006). Optical and Digital Techniques for Information Security. Springer Science & Business Media
Basin, D., Schaller, P., & Schläpfer, M. (2011). Applied Information Security: A Hands-on Approach. Springer Science & Business Media
Patel, D. R. (2008). INFORMATION SECURITY: Theory and Practice. PHI Learning Pvt. Ltd.
Solms, S. H., & Solms, R. (2008). Information Security Governance. Springer Science & Business Media
Axelrod, C. W., Bayuk, J. L., & Schutzer, D. (2009). Enterprise Information Security and Privacy. Artech House
Calabrese, T. (2004). Information Security Intelligence: Cryptographic Principles and Applications. Cengage Learning
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more