In today’s technologically advanced world, companies are resorting to electronic means of protecting their information and related systems (Rhodes-Ousley, 2013). Information security has become very important with regards to the operations of modern organizations. It is a means through which an entity restricts access to its systems from unauthorized persons. The same is necessitated by the increase in cyber crime. Rhodes-Ousley (2013) points out that information security is made up of two elements. The first dimension of this phenomenon is the technological protection of data contained in computers. The second aspect involves ensuring that a company does not lose important data in the event of an attack or a disaster.
The current essay provides a brief discussion of information security system used at the National Aeronautics and Space Administration (herein referred to as NASA). The various elements of the system are analyzed. They include its strategic fit, breadth of coverage, shortcomings, and associated costs. Harkins (2012) points out that the design of such a system should be beneficial to the company in the long term. NASA’s information security framework is discussed against this backdrop.
Strategic Fit
According to the 2011 NASA Strategic Plan, the organization’s vision is to “reveal that which is not known” (National Aeronautic and Space Administration [NASA], 2011, p. 4). The administration achieves this by making efforts to obtain relevant information for the benefit of the public. The operations of NASA are funded by the federal government. As a result, the information gathered by the agency is considered as classified until the research is complete. As a result of this, it is important to ensure that the information contained in the organization’s system is protected from cyber criminals.
On its website, NASA indicates that its information security system guarantees the safety of the data held there (Porterfield, 2013). In addition, the system is automated to identify and implement control measures, which appear to be risk based. To assure the public and other stakeholders, the agency has designed the information system such that it is capable of tracking security metrics to determine levels of compliance and effectiveness (Porterfield, 2013). The information framework is essential as it ensures that the research carried out by NASA does not suffer from external interferences.
Harkins (2012) is of the opinion that a given information security structure is beneficial to an organization only if it is in line with the company’s goals and objectives. A look at NASA’s mission and vision reveals that the research conducted within the precincts of this agency entails the collection of a lot of data. In such cases, efficiency is attained with the help of a security system that is fast and reliable. The automated system used by NASA is designed to respond to this need. By focusing on information that is risk based, the security system helps to prevent loss of sensitive data.
Breadth and Coverage of the Security System
Information security models are expected to cover the personnel and processes that take place in an organization (Harkins 2012). At NASA, the security system covers contractors involved in data analysis. In addition, the framework covers the astronauts and the equipment involved in carrying out research related to aerospace technology (Porterfield, 2013). In general, the security model is structured to ensure that the private information of personnel and other stakeholders is protected. In addition, the system ensures that restrictions are put in place such that only authorized personnel can access specified areas and information. Restricted access averts incidences of breach of security from external elements.
The information security scheme at NASA ensures that the activities of researchers and astronauts are not interfered with by unauthorized agents (Porterfield, 2013). The ability of the structure to gauge compliance with security protocols enhances the operations of the organization. As a result, the effectiveness of the processes is guaranteed. It is important to note that the automated nature of the security system requires the organization to invest in research and development to update its technological resources (Harkins, 2012). For example, NASA has to come up with high security computers and other machines.
NASA’s Security System: Vulnerabilities
According to a report by the United States Government Accountability Office (2009), NASA’s security system is not as impermeable as the authorities would like it to appear. The accountability agency notes that the system is vulnerable. The vulnerabilities need to be addressed given the important role of the organization in national security. The report suggests that the information security regime put in place by NASA has various flaws, especially in relation to access protocols.
The flawed nature of the system reduces its ability to support the various directorates that fall in the organization’s jurisdiction. Some of the vulnerabilities associated with NASA’s information security structure include its inability to identify users in the system. The failure to establish the identity of such individuals means that the system cannot authenticate them. In addition, the system is unable to encrypt a number of network services. In some instances, the security regime has failed to encrypt data (United States Government Accountability Office, 2009).
The report provided by the government’s accountability office further indicates that NASA’s information security system is unable to restrict certain users from accessing the system (United States Government Accountability Office, 2009). Such shortcomings pose serious challenges to the organization’s overall security. The reason is that the activities of the agency attract a lot of attention from members of the public, including hackers. The failure to restrict users is a security loophole that can be exploited by hackers to gain entry into the system. Given the nature and size of the organization, the risk of corporate espionage is a reality that cannot be ignored.
Costs and Benefits of NASA’s Information Security System
According to Harkins (2012), the process of putting up an information security system can be regarded as a costly affair. The need to improve security protocols on a regular basis increases the expenses further. According to Porterfield (2013), NASA is a giant research organization. The government has invested millions of dollars in the agency’s security systems (Porterfield, 2013). A lot of public money is spent in upgrading the security protocols of the regime, including put in place state-of-the-art algorithms to restrict access by unauthorized parties. The security framework has a number of benefits. For example, it reduces cyber crime and protects the identity of researchers involved in sensitive missions.
Conclusion
In the modern society, data is one of the most valued items in a company. As a result, companies are expected to develop security systems to protect their information. Designers of such protocols should ensure that they are in agreement with the goals of an organization. Such an alignment will maximize the benefits of the security system.
References
Harkins, M. (2012). Managing risk and information security: Protect to enable. New York: Apress. Web.
National Aeronautics and Space Administration. (2011). 2011 NASA strategic plan. Web.
Porterfield, M. (2013). NASA: IT security division. Web.
Rhodes-Ousley, M. (2013). Information security: The complete reference. New York: McGraw Hill. Web.
United States Government Accountability Office. (2009). Information security: NASA needs to remedy vulnerabilities in key networks. Web.