Information Security, Types of Threats and Modes of Classification - Assignment Example

Information security Introduction: Information security is an important aspect of the commercial and private organizations that deal directly with the customers. Their records are of importance not just to the organizations but also have large value to the customers’ privacy, security and safety. While earlier forms of data were manual, modern time’s data is largely computerized. In modern times almost all segments of working sphere are computer enabled and are largely reliant on them. Businesses, office works, institutes all are dependent upon the technology and computers. However the usage of computer brings along certain pre requisites with itself which need to be fulfilled. These pre requisites include the manner in which the functions are conducted, the security concern, the legality and morality and its possible consequences and advantages. The need for classification: Classification is the protection of all the valuables that can possibly be used in different forms against various individuals. Every individual seeks privacy in their matters, and more so when it comes to their assets. The case becomes an inevitable one in case of banks and other departments that contain their records of nearly everything. Through these records an individual can be traced, their working places, their total assets, their family history, their careers, in short everything can be traced. For this purpose classification is desired. It is being achieved through set of procedures (Whitman & Mattord, 2011). Banks are one of those departments which are totally computerized in modern times and all the information flow is being conducted through dedicated online systems. In such cases, there is absolute need for proper mechanism and working formula which ensures safe and sound proceedings. The second important organization that needs classification of information is that of Defense department. Since it is the main stream organization that keeps the civilians and the country itself from any threats, therefore the classification of importance is the need of the organization. In both the organizations, classification is done so in a methodical approach performing clusters of information and members who can access it and who are to be barred from it. Types of information: Different organizations contain different information about their clients. For example a social welfare organization would contain information about an individual’s past working places, their family background. In case of banks the information could pertain directly to the monitory aspects. In Defense organizations, the information can be in form of the citizens, their belongings and backgrounds. The list of possible offenders who might be on verge of committing any serious felony and other serious crimes which can create panic in different possible ways. Types of threats: The nature of threats is relatively subjective and varies form organization to organization. In banks the threats and target area are mostly the financial zones, leading direct to the cash with drawls and card tracing. Modes of classification: Usually in highly sensitive organizations, the level of classification is a multi tier one. Though all information is strictly protected, yet those which can lead to direct damages are being protected in various layers. Even if a breach occurs in one layer, other layers are sufficiently strong enough to ensure protection of the classified data. Vulnerabilities: The vulnerabilities come in different form. While they can come through the non professional and lose practices by the workers and employees themselves, they can on other side come through the online tracking and hacking procedures. Many a times the networks and entire servers are being attacked by hackers and other infiltrators seeking access into the private data and once the credit card and social security numbers are being accessed; rest of the task is completed without any hurdle or haste. Classification level clustering in banking sector: Different cadre can be created for the information which can be segregated into segments for access. Public data access: Some of the data and information can be of public view nature. This mostly includes the bank annual sales, the relationship costs, supply chain mechanism, investments made, stocks rates and other information which is the right of every member knowing the facts about. Official data access: This section includes the data segment which ought to be accessed only by the official involved in the bank. No client and no outsider member will have the access to this data(Office, 2004). High priority security data access: This is the most special kind of data which cannot be compromised at any case. It involves the assets details of the bank clients, possible locker numbers, the credit card records, transactions, the bank deposit and exit time and other records of extremely sensitive nature. This data can be either in hard form, cash, in digital electronic form, or other physical assets. World Bank’s approach to classification of information: World Bank serves as the best example for many cases where the handling based on professional manners can be seen and learnt from. The methods so adopted in World Bank are very much flexible and transparent, with no chances of breaches. It provides all the details of projects and plans at hand, at the same time takes all the necessary steps vital for protecting the information that ought to be protected. Specific policies are being drawn for this purpose which makes professional tasks performing easier in many ways. The policies regarding various nations and their relations are also clearly chalked out (W.B, 2005). Department of defense working mechanism: D.o.D is specialized in gathering all the essential information and further providing it to the intelligence and law and order implementing agencies. Their function encompasses exposing all the threats that are faced by the country both locally and internationally. Need for classification: Department of Defense’s work needs high degree of classification since most of the work is based on intelligence information. Any leak of information can result in mess of the entire plan and activity. Schematic approach: Different approaches are being adopted for conducting the classification process. With variables being subjective, numerous defense organizations implement various kinds of classification mode techniques. All in all they have one objective in common and that is to protect all the information which could be used against the security and safety of country and its citizens. Clustering of classification: The information so classified is mostly of the foreign policy or the domestic policy pertaining to the law and order insurance along with other strategic decisions that are vital for the nation’s safety and prosperity. The nature of work is conducted mostly in a very silent manner and the objectives are achieved and kept under cover without catching major notice and attention. The following is the broad dissection of classification namely the confidential criteria, followed by secret information upholding and finally the top secret (Anderson, 2010). In the last mentioned criteria, the information is of immense importance and cannot be shared or leaked at any cost. This information is of high value towards the national security, its leaders, its policies and other unavoidable conditions. Further dissection involves the secret information programs body, permission to access section, control units and various others. Based on the clustering of people, they are broadly divided into authorized viewers, the employees, the information sharers and stake holders with whom sharing of information is vital. In case of American Department of Defense, improvements and changes have been introduced in the entire system periodically. The recent changes included the uniformity of the textual documents using the monogram, country specific code, other essential embossments along with the improvements in the processes undertaken for conducting the tasks. Controlled Access Program Coordination Office (CAPCO), and management staff working dossier was part of this classification process (D.o.D, 104,2009). The need for interoperability: Many organizations have distinct and patented patterns of classified operations and functions. This results in non compatibility between various departments. The need is being stressed by many decision making agencies notably the Congress for introducing a compatible and uniform classification system. It ensures smooth working and easy access between various stakeholders. The main advantage of entire compatible platform mechanism is ease of access to the information and combined working over various tasks. Difference in process structure would lead to starting a process from scratch every time. A step in this direction was the constitution of Control Register Marking Group (Jacobson & Boyle, 2003). Control Register marking Group: This process was under taken in a multi layer approach. With first layer looking into the hard form correction and update process, notably the papers, websites assortments, followed by the data bases up gradation and other necessary changes required at the back end for bringing about conformity. The data base would enable identification and segregation of the classified as well as non classified content and its access decision. The distinguishing factor like upper case usage of letters and small case is another aspect of the entire classification process and up gradation of methods. The different stages of classification process under the new system include the following segregations: Classification of information based on data and information collected from within the country This is followed by information from across the border. The information gathering and assortment from other parts which are of some importance to the country and its government, this followed by the dates. The top secret category information may not be revealed with anyone and does not strictly fall under the public access code of law. The unclassified information in defense departments: Defense department does not have to contain information which is strictly confidential; even it contains set of information which is mostly available to the citizens through the website and other means. This comes in form of the unclassified information. Unclassified documents and information section which is in access of every individual. It could be to the nature of working, the purpose and objectives, the success met in terms of the citizens protection, other information of past events that are in no conflict with the national security(D.o.D, 2012). Post project classification: The nature of content in defense department is such that the information might not be shared or disposed off in places where it can be re generated or the strategies of the government and its defense organizations can be comprehended. It must be kept under proper control even after years of the task is being completed. Marking categorization: Marking is done based on the degree of importance. It starts off with the top secret information followed by the joint classification section, leading to the nuclear arsenal related information. Different working units are employed for each of the above functions. Works cited: Anderson, R. J. (2010). Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons. Officer, C. i. (2004). DATA CLASSIFICATION SECURITY POLICY. George Washington University. D.o.D. (2009). Code of Federal Regulations, Title 48, Federal Acquisition Regulations System, Chapter 2 (Pt. 201-299), Revised as of October 1, 2009,. Government Printing Office. D.o.D. (2012). Department of Defense MANUAL. Department of Defense. Jacobson, L. G., & Boyle, M. (2003). Financial Management: Better Controls Essential to Improve the Reliability of Dods Depot Inventory Records. DIANE Publishing. Whitman, M. E., & Mattord, H. J. (2011). Principles of Information Security. Cengage Learning. W.B. (2005). Financial Sector Assessment: A Handboo. World Bank Publications. Read More