Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Name:
Student number:
Course:
Institution:
Instructor:
Date:
Samsung strategic information security 2
ABSTRACT
conducts its operations across the world. The following research paper focuses on Samsung
private information from use, access, obliteration or inspection by unauthorized personnel. Lack
information security policy (EISP) ensures that various users have the necessary information
while protecting confidential information from unauthorized access (Bateson, 2010). The paper
also features substantial background information of Samsung’s security elements and provides
guidelines on how to raise the standards of the enterprise information security policy.
Running Head: SAMSUNG STRATEGIC INFORMATION SECURITY 3
Introduction
In the twenty-first century, technological advancement has enhanced the way enterprises carry
out their day to day business activities. Samsung, as one of the leading players in offering
technological appliances and services, has played a vital role in this advancement. To achieve
this level of success, all the stakeholders ought to have a close business relationship with
consulting on ways to achieve better results. With operations all over the world, the risk of
having the enterprise's private information susceptible to tampering is high. This is because of
the broad scope of both the internal and external environments that the business operations take
place. This security risk has to be mitigated for Samsung to maintain a competitive edge in the
market. Competition comes with industry players trying to win a bigger clientele base (Kim,
2010). This may prompt Samsung safeguarding confidential information from competitors who
may try to access it. To ensure the enterprise retains trust and aspires for growth, strategic
decisions need to be made to avoid information leak (Parsons, 2002). Vital information to
customers as well as to the employees should be readily available. To achieve this, EISP must be
Company profile
Samsung is a multinational conglomerate based in Samsung town, South Korea. Under the
Samsung brand, it has affiliated businesses making it the largest business corporation in South
Korea. Lee Byung-chul started the corporation as a trading company in 1938. The group
specialized in areas including food processing, securities, insurance, and textile. Today Samsung
and mobile phones as the primary source of income. Samsung influences the media, politics and
economic development.
Samsung affiliate companies include Samsung Engineering, Samsung Electronics, and Samsung
C &T. There are fifty-nine unlisted and nineteen listed Samsung affiliate companies in Korea
stock exchange.
There are three main types of information security that organizations like Samsung should put
emphasis; Physical, communications and network security. Samsung has allocated substantial
Physical security is the protection of human resources, hardware programs and data from
potential loss or an event that may cause damage (Hoboken, 2007). Damage may result from fire,
natural disaster, theft or terrorism. Installation of surveillance and an alarm system in the
Company help to mitigate the above risks. Security lights, intrusion detectors, surveillance
Sensor shelving and movement is part of physical security system that uses light and movement
to detect burglary. Upon the sensors detecting movement and the impulse of the thief, the LED
light triggers an activity which sends signals that alert security. Visual intelligent software used
together with the shelving system has also enhanced monitoring from a central point (Peltier,
2005). Security personnel from a surveillance room can concentrate on many outlets at the same
Contingency plan
from internal and external environments. A contingent plan enables the organization to prepare
in advance on ways to handle an emergency (Probst, Insider threats in cyber security, 2010).
Contingency plans can also be viewed as strategies that are implemented when the actual event
does not happen. A contingency plan requires the active participation of the employees. The
following key processes should be followed to ensure continued existence of the business.
identification of the benefits and risks. The leadership of the company is at a better place
Conduct the business impact analysis (BIA). The analysis helps the management in
deciding when a contingent action should be taken. This is because a risk has been
identified; for example, if there is a power shortage at Samsung a power generator should
be used as an alternative.
Identify preventive controls. The controls should be set in a way that Samsung core
activities run as usual. In case a particular production machine is faulty, there should be a
technical team with mechanical skills to rectify the machine back to operation. This team
Create contingency strategies. The strategic plan should be economical. During adverse
events, costs of operations are expected to escalate; thus managers should prepare for
Develop an information system contingency plan. This step requires the enterprise to
estimate how the contingency will capitalize on mitigation of the associated situation.
Samsung strategic information security 6
Ensure plan testing, training, and exercises Available lead time allows the organization to
develop an advanced action plan. The step should include different measures since
specific early warning signals may not necessarily result in the right decision making.
the intended recipients in the concerned operation sector (Kim, 2010). Communication
made.
avoiding unauthorized interception of information transfer between the clients. Samsung has
secure servers that store data that has been uploaded into the corporation servers. Only highly
skilled personnel who have gone through rigorous recruitment process access the servers. This is
to ensure that there is no unauthorized access which may lead to alteration or misuse of
identify the device in which the communication emanates, Samsung uses cookies. These cookies
create a means to facilitate the collection of data on how the website is being used. Web
Network security involves taking preventive software and physical measures aimed at protecting
the given networking infrastructure from alteration, unauthorized access, misuse, improper
disclosure or destruction (Kim, 2010). Network security works by combining multiple layers of
defenses in the network and at the edge. Layers of network security implement the policies and
controls.
This creates a secure environment for Samsung programs to run the hardware and network users.
The network administrator controls access to data to users with assigned identifications and
Samsung strategic information security 7
password only. Samsung users who need to access this information are required to create
accounts that capture bio data that is necessary for creating an identity.
Samsung customer Information Security Solution consists of two groups of features that provide
SecuThru™ Lite, a server-less authentication and pull printing solution with card
authentication, access, and security-based print release functionality that holds print jobs
(Samsung.com)
CIA triad (CISO 2015) is one of the security models adopted by Samsung. Ideally, it is
designed to enhance information security within Samsung. The main components of the
The integrity principle involves having an accurate data which trustworthiness and consistency is
stable in the given time of use (Rabasa, 2010). The process of relyia alteration. Erroneous change
by authorized user can be a source of risk. This should be mitigated by ensuring there are user
access controls to reduce cases of data tampering. Backups should be set in place to ensure lost
data can be restored in the event of situations like a server crash. A service provider should
ensuring no unauthorized accesses. Depending on the level of risk associated with a given data,
the standard of strictness varies. Highly confidential data requires a higher investment in
Samsung strategic information security 8
security. Unauthorized access may lead to increased cost of regaining trust to a point where it
One of the data confidentiality techniques involves having employees trained on handling risk
prone data. With sensitized personnel handling risk prone data, the probability of mishandling is
reduced. Trainees should also have knowledge on how to deal with unfavorable events. A secure
password to access information is a key factor in best practice procedure. Strong passwords
include the use of unique names, a combination of letters and numbers (Ballad B. , 2012).
There are two known ways of ensuring online transaction confidentiality. First is the use of data
encryption and an account number data. There is a set procedure that involves the use of
passwords and ID. Confidentiality methods like tokens, key fobs, and biometrics are also used.
Samsung encourages its customers to ensure personal information or passwords are kept within
reach of only the authorized user. Mobile phones, for example, ought to have passwords only
Availability principle on information retrieval should be timely and available whenever required.
Samsung on a routine conducts hardware maintenance. Faulty machines are also repaired and
new ones brought to replace completely worn out ones. Installation of proxy servers helps to
2010).
Samsung, with mobile phones as a major line of enterprise source of income, adopts a mobile
security model. Having forged a partnership with Booz Allen Hamilton is provided with a
comprehensive mobile risk assessment. Mobile security models have seven fundamentals.
Samsung strategic information security 9
Business Management and Governance: This domain concerns policy and is focused on the
organization’s goals and the comprehensive business strategy that runs the company. The
domain seeks to discover the threats that organizations face and relating them to business
requirements, such as what devices the organization uses, the sources of the devices, and
deciding on trusted sources and locations. Using this information, the organization has a better
grip on handling business risk, establishing the most suitable mobile policies and refining capital
investment towards efficient and secure application of mobile tools and services.
Legal Policies and Regulatory Requirements: The next area of focus is legal policies and
guidelines and standards for the field in which the organization operates. It pays attention to the
established regulations for dealing with prerequisites that are particular to the field of operation
Mobile applications: The fourth are domain centers on mobility applications, including apps
for tablets. This is a critical component, since two in five enterprises are affected by dangerous
mobile apps from rogue marketplaces. It is critical to know how apps are developed for specific
devices and how to understand the threat model that applies to each. This understanding must
underpin how apps are developed and managed in order to ensure their integrity. Finding out
whether to build own app store or use someone else’s matters. How to assess the security of the
applications one develops, as well as the ones used from third parties, and how they connect to
back-end systems and services is a point to note. While this ties back to infrastructure, the focus
Data protection is a core factor of mobile security models (Probst, 2010). This domain aids in
understanding the life cycle management of data in the mobile environment. The protection of
data and its integrity validation especially when in transit. Protection in performing access
control checks and using tools such as data loss prevention (DLP) to detect malicious activity. In
addition to destroying data at the end of its useful life or when it’s no longer needed or required.
This domain enables a user to understand what data is being moved on and off of devices, what
mechanisms are being used to protect data at rest or in transit, and who or what has access to the
destroyed in line with specific regulations and requirements. Data destruction is one area in
which many companies perform poorly (Rabasa, 2010). In industries such as financial services,
healthcare and government agencies, there is a life cycle associated with data. The cycle
mandates that data must be destroyed after a certain amount of time or when it is no longer
needed, reducing the opportunity for abuse. The Data Protection domain will help one
understand the risks to data and what actions should be taken to protect it hence meeting ones’
Mobility End Points. Understanding the abilities of mobile devices and tying these capabilities
back to the business–based security requests is key to success. This domain helps users
understand what devices are appropriate for which purposes within the business. The use cases
require device-level encryption at rest and in transit, the access controls suitable to meet ones’
needs. One requires a life cycle management policy that ensures devices are configured correctly
when initially deployed and throughout their life cycle (Chang, 2011). Required also is a
decommissioning process that takes into account the need to remove evidence of the applications
Risk and Threat Management: Finally, the mobile security assessments consider risk and threat
management, looking at incident management and threat response for mobility environments.
Identify how this fits with the overall risk management program and legacy infrastructure. There
is a lot involved, including vulnerability assessments, paper exercises, and pen testing, all of
which are mainly focused around legacy infrastructure, not mobility. A mobile threat program
should be in place or leverage one from a partner (Parsons, 2002). Also have in place a device
loss prevention strategy. Find out whether one can locate and erase data or even brick a device
By undertaking such an extensive security assessment, the organization will have peace of mind
that users can embrace mobility. This gives them the improved productivity and flexibility that
they require, in a secure manner that reflects the particular business requirements.
Conclusion
In conclusion, Samsung like many businesses today face information security challenges. This is
because the running of a business is largely dependent on information systems that are under the
threat of unauthorized information access. If information is tampered with, there is a risk that the
business may fail. Due to Samsung broad nature of business environment, there has been
continuous improvements on its information security. This aids to ensure that Samsung systems
References
Ballad, B., Ballad, T., & Banks, E. (2011). Access control, authentication, and public key
infrastructure. Sudbury, Mass.: Jones & Bartlett Learning.
Chang, K. & Wang, C. (2010). Information systems resources and information security.
Information
Dhillon, G. (2007). Principles of information systems security. Hoboken, NJ: John Wiley &
Sons.
Kim, D. & Solomon, M. (2012). Fundamentals of information systems security. Sudbury, Mass.:
Jones & Bartlett Learning.
Original Security Bank (London, E., 2000. Plan of the Original Security Bank, established in
Norfolk Street, Strand: London. London: Printed by J. Bateson.
Pachova, N. I., Nakayama, M. & Jansky, L., 2008. International water security : domestic
threats and opportunities. Tokyo ; New York: Tokyo ; New York United Nations University
Press.
Parsons, T. N. & Lingard, J. R., 2002. Lingard's bank security documents. London : LexisNexis
Butterworths.
Peltier, T., Peltier, J. and Blackley, J. (2005). Information security fundamentals. Boca Raton,
Fla.: Auerbach Publications, pp.12-20.
Probst, C. W., 2010. Insider threats in cyber security. New York: Springer.
Rabasa, A., 2010. Money in the bank : lessons learned from past counterinsurgency (COIN)
operations. Santa Monica: Rand Corp.
Rashvand, H., Salah, K., Calero, J. and Harn, L. (2010). Distributed security for multi-agent
systems – review and applications. IET Inf. Secur., 4(4), pp.188.