CB Hart Law Firm: An Information Security - Report Example

?Running Head: CB HART LAW FIRM: AN INFORMATION SECURITY REPORT CB Hart Law Firm: An Information Security Report Insert Date: CB Hart Law Firm Executive summary The company being a Law firm involves handling of important information on cases that determines the verdicts before the judges. However, such crucial information requires a lot of care to enhance information integrity. However, having acquired three more companies, the CB Hart Law Firm has to increase the level of security. All the branches could be joined through an intranet so ease information sharing. However, the system administration should enhance security and if possible train employees on the data and information handling security procedures to reduce intrusion with or without malice (Keng, 2010, p. 31). In order to cater for the high encryption required in the firm, the firm should include a series of authentication processes depending on the level of information access required by the various users which also depends on their portfolios within the organization. In case of errors, through a process referred to as binding, the user will get the program results designed for the required purpose, this will help to reduce chances of making mistakes being that database contains very crucial information that should objectively guide the user (Zhou, 2005, p. 101). The report is to establish security of information within the CB Hart Law Firm. The Law firm should also identify the problems encountered by users in all departments and branches so that a comprehensive training may be carried out to ensure that they are at par with the required information security regulations. This would reduce chances of compromising information security as However, the integration of Visual basic and structured programming language library, the OLE which is used as a link the user application to the Oracle database. Background information (Present current statistics, facts on information) There are series of both internal and external threats that the company faces in the quest to intensify the organization’s security. Despite the different categories of threats available, there are some situations that would partially compromise the information integrity while other security threats would fully compromise the firm’s information systems (Layton, 2006, p. 16). The change in technology necessitates a series of actions and security provisions to enhance data integrity, through storing information on a computer in an electronic form accessed. For there to be a properly organized system, that achieves the set objectives of the organization, which is the core secret bonding the survival in the business world. Data and information security is very crucial and should be handled through authentication techniques accessed by delegated individuals to handle and manage the confidential information that the survival of the organization depends on (Reeves, 2006, p. 23,). However, this can be done with the aid of a system structured to procedurally collect information (data) stored a s a soft copy within a computer system, database is able to store both large and small information/ records which should be easily accessible with options of adding or removing the information content (Peltier, 2005, P. 107). Only the authorized personnel with the authentication code should do this. For information and database efficiency, the Law Firm need to put in place A DBMS, this is a database management system with ability to manage all the information and queries when in cooperated in the system. However, through both intranet and internet connectivity’s, the Database could be accessed from multipoint within the organization despite t he distance between the branches of the organization. Apart from the above mention features of a database, any database should objectively generate both the ability to recover vanished data lest hardware failure and have high data attributes to securities and information integrity. According to (Rahman, 2007, p.11). the essay is aimed at creating an understanding of a database, the past database systems had limited securities as the rate of intrusion was still low due to inadequate skills applied . Improvement and development of the new system is to objectively overcome the disadvantages of the old system and its special property in the information safekeeping and integrity (Layton, 2006, p. 19). However, the availability of internet connection and SQL has enabled the database users to have the option of remotely connecting to the database without movement to the remote locations, which may be very far away from, the user (Ramon, 2008, p.5,). Through application of fourth generation language and the high-level language a lot of information can be obtained through typing short codes, which when executed gives/ extracts the information requirements from the database (Kiefer, 2004, p. 49). This has even simplified the development platform of the database in that it is needless to get a very powerful machine in order to run a server, or any other system. The fewer the codes the smaller the memory location to be used for storing codes hence, even the inexpensive stand alone server can be used to effectively achieve information security through the database. Apart from the codes and the inter-operability of SQL server, other networks led to successful achievement of the product especially under the client/ server environment (Keng, 2010, p. 20 & Charles, 2008, p. 18). Structured query language being very user friendly enables the database administrator or the program/ system administrator to structurally modify the database, allow more users to have permission to access or deny them the access to the information in the tables and the general database (Charles, 2008, p. 19). The great feature is data storage; however, for most of the users, the ease of retrieving information is the main requirement other than information security. However, the relational database increases the power of adding more queries in terms of request that enables the user to be more accurate when handling information. It directly pull out only the specified information required without having the general information that you will still need to go through the explicitly point out the requirements, also through queries you can easily generate a report given the requirements of the report (Keng, 2010, p. 27). Other external factors that the firm should look into includes: - Damage due to fire, this can be solved through use of removable hard drives and online information storage so that incase of such tragedies, the information would be still recovered from a secondary source for instance hard drives (Zhou, 2005, p. 105). Domain 1 (Data loss) In order to attain information security, the organization should embark into various methods that would completely deny the malicious programs and intruders the opportunity to get through with malice. However, the defense mechanism that would suite the situation would entirely depend on the defense strategy option adopted by the organization (Peltier, 2005, P. 125). There are various attack process and programs that includes but not limited to the following: - Intrusion, viruses, worms, Trojan horse, email and password cracking and packet modification. Intrusion The employees have to adhere to strict rules in regard to information access especially the private and public individuals who require network services for their personal notebooks, PDAs, IPADs and other equipment that require network services in order to operate. Some of the people to come to the organization are intentionally trying to gain access to the system so that they would handle and tamper with the information in the organization. The intruders at times install information memory disks at hidden subnet worked workstations so that all the information accessed within the duration that the gadgets are still intact be stored in the disks. Through the information stored in the disks they are able to access the password details and compromise the information from the company website and intranet (Layton, 2006, p. 09). To some extent the intruders may install malicious gadgets that remotely connect the intruder to the system so that they get updates directly from the site, hence such malicious and unexpected system attackers should be handled skillfully so that the exact people who logs into the system at a time would be known through programs that stores the user information and controls information access so that the delicate information in regard to the organization may not be left to the general users but to specific users with authorization due to their level of understanding and service in the organization (Ramon, 2008, p.16,). Database must not be very large as in the situations of large institutions and government departments where they need to have separate dedicated servers within different branches which are to create more room for information encryption. However, all databases must be stored within a memory location accessible through computer for example a hard disk; this implies that the history of databases came after the invention of storage devices. In order to achieve information security, both the storage devices and the database be protected either under lock and key or through authentication codes respectively (Layton, 2006, p. 13). Any computer works under some logical database to execute a given command to produce a feedback, the earlier computers had crude database management systems that were always problematic; this lowered the level of intrusion which compromised information security and integrity. (Charles, 2008, p. 6). However, during the 1960’s, only the noble group were able to use electromagnetic databases to store information due to the high costs involved in possessing one. Due to technological advancement, by 1970’s, the increase in quality with decrease in price gradually became a routine. The memory capacities of the computers increased leading to the introduction of systems that could handle and manage data, though, at this time intrution and data compromise problems are common triggering the need to have a quick response to curb the vulnerability problems (Keng, 2010, p. 44). Fig 1. Accessed from http://technet.microsoft.com/en-us/library/Cc723506.secstr02_big(en-us,TechNet.10).gif on 25th Nov, 2011. Domain 2 (Viruses) There are people who act with malice just to harm others, such individuals often creates viruses so that computer and information system owners get to pay them In the year 1980, the major computer venders incooperated database management system within their computers to find a solution. Different database management systems were designed for different computers and users, soon after, many competitors and clones got into then market introducing DBMS’ which could fit into any computer regardless of the make (Charles, 2008, p.38). This shift turned following the advent of 1990’s from having a trusted, accurate DBMS, which is easy to maintain due to the spread and creation of information as well as the emergence of large memory capacities sophisticating DBMS administration within the market environment. A Chinese by the name Chen hard proposed an (ER), entity relationship, a model used for database design, which is conceptually a data model (Stamp, 2011, p. 05). During this time, the Relational database systems became the purchasing fuels for business market for data. However, the structured query language, SQL became the IBM standard of database development used by some companies to date. The other database development languages that emerged due to the rise if many database development companies were; Dbase III, FoxBASE, Watcom SQL, Visual FoxPro, Sybase, Oracle, Microsoft based Visual Basics, Excel/ Access (Layton, 2006, p. 24). Apart from the computer based databases, web based databases emerged by late 1990s’, for example the client server database which exponentially grew worldwide. Database systems for example the point of sale (POS), the technology that benefited the supermarkets and other marketing organizations where customers are free to pick the goods they demand. With consistency in technology, programs like front page, dream weaver, java-scripting languages, My SQL, Linux, active server, internet connector’s databases emerged (Keng, 2010, p. 26). As per Keng, 2010, p. 14,), the emergence of improved database applications such as PDAs’ XML, SQL 92, object oriented just to mention, have drastically changed the speed at which information can be transceived throughout the world. However, most of the database management systems look complicated while they are not, this is just the user perception of the system in place (Stamp, 2011, p. 08) Information stored in any database requires backups so that in case of any information loss the system would be able to recover the lost data. This assists in reduction information malpractices that are mostly performed by the same users for their selfish gains (Keng, 2010, p. 45). Regarding user passwords, each user should be able to access the information in the database through their designated passwords which are unique for instance, should not contain information that is related to the user’s name, identification number, age. Also the characters should include both uppercase and lowercase with additional numeric characters so that the intruders would not have easier time in accessing the information on the database (Charles, 2008, p. 22). Domain 3 (Password) Not every new employee should be allocated access rights despite their ranks within the orgqnisation. Other than complying with the company privacy policies, users should embrace the security and access controls integrated by the organization so that the information integrity would be achieved. As a law firm information security is of great importance as it directly affects the victims. However, there should be routine system backups so that the organization would avoid the risks and vulnerabilities (Kiefer, 2004, p. 30). The other security issue is in connection with data access, every employee should be assigned a unique password that access specific information from the system from the specified computer so that when the computer is changed the same employee would not get access, this can be done through mapping the IP address of the specified computer or access point to the servers within the intranet so that all the required security details would be availed for a follow up in case of an authorized user accesses the information(Layton, 2006, p. 28). In case the general users require information that is very sensitive, they should go through the system admin to gain access to the information remotely so that when they are through the system admin would log them out from the administration side without providing them with the control access information which includes password authorization, authentication and implementation as a procedure of handling sensitive information about the organization (Kiefer, 2004, p. 34). Apart from that, the administrator may also change the system settings to increase the information integrity, routinely update the database content and monitor the information in the database through queries. An advantage of the SQL is that it allows everybody to query and get feedback information on the required data. This development language allows integration of a variety the general user interfaces to the advantage of both the user and the administrator due to reduced cased of system misunderstanding (Charles, 2008, p. 18). For example, MS. Access is a personal computer based database management system that is easy to use, as the user is required to enter data manually, likewise to the personal oracle-7, which is also another user friendly general user interface tool used on large databases in the cooperate companies worldwide (Ramon, 2008, p.10,). The law firm for instance has relation derived from the availability of the table connected to a database, they would require many tables organized to cover all their requirements, and e.g., there can be client information (name, address, contacts, customer number. Another table can have the relation from the previous orders (Keng, 2010, p. 14 & Charles, 2008, p. 8), i.e. for example (animal product bought, item number, payment method, amount paid). All the tables should have primary keys to ease unique identification of records. Through a program interface referred to as structured query language (SQL). This program connects different tables relating the information content through the primary keys that uniquely identify the features of each table, extracts only the required data to process a command. The programming skills gradually developed until now we can use the graphical user interface (GUI) on any type of computer for example; MS windows, UNIX- X window system, Apple, Macintosh, IBM just to mention (Stamp, 2011, p. 27). Conclusion In every organization, information security is a key factor to assist in establishing the integrity of information. As a law firm, it is important to handle any security issue with a lot of care to completely avoid compromising data and information to secure the crucial information about the organization. The organization should consider both human and natural factors that compromise data integrity for instance intrusion, fire, earthquake and other factors that would compromise the information security and integrity including but not limited to virus and weak authentication process. Through developing and integrating a database to collect and incorporate information into a program; software that can sorts, store and display the content when demanded. Depending on the database sight owners requirements, the database in order software displayed in a number of styles. With attributes like primary and secondary keys, the chances of data redundancy are reduced enabling systematic data storage. However, the independency of the table on the database system platform and programming language together with the ability to integrate more than one table into a master table helps in the information retrieval and reduces storage space that in turn increases the processing speed of the computer/ server. Nevertheless, in the process of reducing the risks, the organization is supposed to restrict data access and train the users on how to ensure that the information security is implemented. Through simulation of the various ways through which the organization implements its security strategy, some of the security concerns which are caused by ignorance and poor data handling including misplacing security details as well as placing the password and user names in conspicuous places where the malicious and ill minded individuals taking advantage of the opportunity to access information and transfer virus and within the offices. For the security of the stored information, authentication details like the password, user name and other information access features of the trusted individual delegated to handle the information should be availed. Such people allowed to key in their authentication details alone so that when the information leaked they should be able to bear the burden solely. Appendix Fig 1. Accessed from http://technet.microsoft.com/en-us/library/Cc723506.secstr02_big(en-us,TechNet.10).gif on 25th Nov, 2011. References Atiar, Rahman. (2007). Modern Database Panorama: http://www.articlesbase.com/education-articles/modern-database-panorama. USA Charles, P. (2008), Database Security: http://www.accessscience.com.library. Keng S. (2010). Toward a Unified Model of Information Systems Development Success: Database Management.21. Lincoln- USA. Kiefer, Kimberly. (2004). Information security: a legal, business, and technical handbook. New York: American Bar Association. Layton, P. Timothy. (2006). Information security: design, implementation, measurement, and compliance. UoM- Michigan- USA. newcastle.edu.au/content. Aspx?searchStr=database. New castle-USA Peltier, R. Thomas. (2005). 2nd Edi. Information security risk analysis. London- UK: Auerbach Publications. Ramon A. (2008). Database Management System: Management system. http://www.accessscience.com.library.newcastle.edu.au/content.aspx?searchStr=Database.New castle-USA. Reeves S. (2006). How database development can make your life easier: http://www.articlesbase.com/web-hosting-articles/how-database-development-can-make-your-life-easier. New castle- USA (Peltier, 2005, P. 107)Stamp, Mark. (2011). Information Security: Principles and Practice. London- UK: John Wiley and Sons. Zhou, Jianying. (2005). Information security: 8th international conference, ISC 2005, Singapore, September 20-23, 2005: proceedings. Nanjing- China: Birkhauser. Read More