Illegal Physical or Internet Intrusion - Essay Example

? Illegal Physical or Internet Intrusion. Submitted to, Submitted By, of the Submitted on, [August 11, ABSTRACT: The security of data concerned with the everyday processing of an organization is the key element of its success. The proper storage, handling and retrieval of data in a run time environment are the need of the day. Databases are incorporated within organizations in order to facilitate the storage and manipulation of data. The security of these databases from physical or non-physical threats is unavoidable as without it the sanctity of the data cannot be ensured. This paper discusses why data security is of importance to an organization. Furthermore it throws light upon what might be the physical or internet based threats to an organization’s database and lastly converges with a few suggestions that can be embedded in order to strengthen database security. WHY IT IS IMPORTANT TO SECURE AN ORGANIZATION’S DATA? An organization’s data is of imperative importance to it. The success of any setup is directly proportional to the security and integrity of that environment. This study is aimed at discussing the scope of threats that an organization faces with respect to its data. It highlights what measures could be taken in order to keep the data within the database of an organization secure from any kinds of physical and internet intrusions. The Deputy Commissioner and internal control officer of the Massachusetts Department of Revenue John Mynihan is said to have quoted as follows about the threats to the data of an organization: “Any organization that collects data has to acknowledge that people are abusing it because they have access to it ... It's human nature.” (Mynihan, 2007) Database security is of inevitable importance because any malfunctioning done with the data in it, whether physical or virtual, if not corrected in a timely manner can result in the loss of system or data integrity. This, in turn can have severe consequences on the business processes themselves. The continued usage of corrupted data and thus the corrupted database system can result in the outcome of fraudulent and inappropriate decisions. In addition to this, unintentional and unauthorized disclosure of any sensitive data pertaining to the organization and its stakeholders can result in the loss of confidence of the organization’s stakeholders with it. Moreover, it can even lead to severe legal issues and stern embarrassment against the organization. TRUSTING INDIVIDUALS? A renowned fact that spreads widely within business circles is that individuals should never be trusted such that an organization’s critical should be left at their disposal. This task of storing critical data and enabling it’s readily and convenient access is assigned to databases. Database stores all the critical data of an organizational setup. Since they hold so very much importance, their security is also a key concern for the organization. Senior director of security for Oracle, Wynn White mentions his observations about database security in the following words: “According to one recent Forrester study, 80 percent of data security breaches involve insiders, employees or those with internal access to an organization, putting information at risk. The big challenge for companies today – particularly as email and the Internet make sharing and distributing corporate information easier than ever - is to strike the right balance between providing workers with appropriate access and protecting sensitive information as much as possible.” (White) The following text evaluates what a database’s security is and what are the potential threats faced by it. THE POTENTIAL THREATS The potential threats that are faced by a database with respect to its security can be summarized as follows: PHYSICAL INTRUSION/THREAT: This involves dangers such as theft fire/flood, power outage, earthquake or malicious damage. HUMAN ERROR: Mistake on the part of the authorized personnel manipulating the database. This may be an erroneous action and may involve incorrect information processing or incorrect input of data. VIRTUAL INTRUSION: This may refer to intentional barging in to the database. This unauthorized access may be via the internet or the local network of the organization. Hacking, as it may well be referred to, needs to be dealt with serious security preventive measures WHAT SHOULD BE DONE? Among he first few steps that should be taken into consideration in order to safeguard the database of an organization are narrated as follows: Database INTEGRITY: Database integrity refers to the provision that only authorized users should be permitted to make modifications in the database. This is intended to prevent the database from improper modification. Modification of data includes the changes being made at the design level of the database. For example, the structural changes in a database such as the creation, deletion, modification of database tables and queries etc. Database integrity becomes void if unauthorized changes are made at the design level of the database. In order to preserve the data integrity of any database only permitted and authorized users should be allowed to make design level and other structural changes. AVAILABILITY: The interface of the database should be made readily available to authorized users who wish to make any modifications. SECRECY: Privacy should be a main concern of any database design. Any authorized user or program must not be denied access. In order to implement the above mentioned steps in the practical scenario, strict security policy should be formulated. These policies are destined to narrate the details in which the required security measures are to be taken. Security measures need to be taken at all levels within a database. Physical intrusion may be limited by securing access to the organization’s information systems’ hardware. Moreover, it is essential that discrimination should be made regarding which type of data is to be made visible to which user and which is not. Alarms or monitoring systems should be installed within the office environment and the data centre. General public should not be given access to the computer hardware of an organization. Internet Access within the organizational setup should be available only to authorized personnel. Internet Security and Anti Malware software should be embedded and should be kept active and up to date. The constant and daily update of these software keeps them updated with the latest virus, spam ware and Trojan horse definitions and installs patches in the security systems that enable it to secure the database against any potential internet attacks. The Operating System running on the computer systems should be up to date with all the security patches installed in it. This increases efficiency of the security systems embedded and ensures optimal performance. Intrusion from the internet can be fought by implementing Intrusion Detection Technology. The entire database should physically be backed up by a sustainable power supply and back up resources such as inverters and automatically triggered generators. MOBILE COMPUTING - A THREAT? The use of mobile phones and hand held computers has become very common nowadays. Most of the organizations practice telecommuting. For this purpose they permit access to the company’s data network via wireless connecting devices. The data passing over these non physical means may however be insecure. This is a serious threat to the data integrity and security of an organization. The hand held Smartphone is also prone to theft. It is therefore essential that the following steps be carried out in order to make certain that the data being transferred to and from the wireless connected devices would be secure: 1. The password protection of the hand held device should be automated and should get activated as soon as the interface is left unused even for a small amount of time. 2. The data transfer to and from the hand held phone should be backed up on an external removable source on a regular basis. It is also advisable that multiple copies of the backed up data should be made. 3. The Smartphone should be safeguarded physically in order to save it from any physical damage. This involves protecting it via a protective covering and keeping it away from excessive heat and radiation. CONCLUSIVELY, it can be said that the security of an organization’s database is just as important as the existence of the organization itself. Steps such as security and implementation of malware detection systems are required to be implemented in order to safeguard the database against any physical or virtual threats. REFERENCES: Savage, M. (2007). Database authentication, encryption getting priority in some businesses. Retrieved from http://searchsecurity.techtarget.com/news/1255955/Database-authentication-encryption-getting-priority-in-some-businesses White, W. (2011). Database Security, A Fine Balance Between Roles and Rights. Retrieved from http://databases.about.com/od/security/a/databaseroles.htm Spam Laws. (2009). Why data security is of paramount importance. Retrieved from: http://www.spamlaws.com/data-security-importance.html Read More