This is a case study in preparing for analysis purposes, to study on Security of information in commercial or business organizations.
This is a general approach, with no specific size of organization or industry type.
5 topics to cover:
(1) Definitions of human, technical and physical information assets at potential risk in commercial or business organizations.
(2) Definitions and descriptions of the terms, 'integrity', 'availability' and 'confidentiality' in relation to the security protection of information assets in commercial or business organizations, i.e. what is it about these assets that must be protected?
(3) Risks inherent in commercial or business organizations: for example, malware and Trojan horses, hackers, insider risks (social engineering) and threats, physical weaknesses
(4) Implications of the threats that put commercial or business organizations at risk.
(5) Suggested counter-measures for commercial or business organizations, namely:
- technical counter-measures
- physical counter-measures
- personnel counter-measures
Each topic should contain an introduction of what each topic means, definitions if required, and detailed explanation, possibly some examples that can aid in understanding the topic better.
This analysis must be based on the work of credible and relevant authors (not personal opinions about information security management). Hence please list in bullet points, the URLs, title/author of book, journal, etc.