Information Technology: Cyber Security and Information Assurance - Research Paper Example

?Running head: Cyber Security Cyber Security Introduction Over the past few years, the use of the internet and the World Wide Web has advanced. Most of the activities are performed online ranging from communication, entertainment, shopping, banking and studying. Data and valuable information is being stored in the servers and this makes them susceptible to hacking. People and organizations thus take strict measures in safeguarding their information. In spite of these measures, hackers and crackers still have their ways of accessing private information without authority from the legitimate owners. Their motives are divergent, with some being political while others are just for malicious purposes. This has prompted various government and security agencies to intervene in order to rescue the situation. This paper will analyze cyber security, those likely to be involved in network hacking and the role of the government in protecting infrastructures vulnerable to cyber attacks. Difference between information assurance and cyber security There is a distinct difference between information assurance and cyber security. On one hand, information assurance entails putting in place measures that protect information and information systems, which ensures their availability, reliability, non-repudiation and discretion (Westfall, 2011). The information may either be electronic or general information within an organization. While dealing with electronic information, the system must be able to address the confidentiality concerns, by either introducing passwords or physically protecting the hardware. Likewise, the information system must be in a position to monitor all the information and direct it to the legitimate users (The national Technical Authority for Information Assurance, 2011). Broadly, information assurance aims at ensuring that information moves to the right person at the right time and place. On the other hand, cyber security involves the effort of the organization or individuals to protect valuable information through preventing, detecting and even responding to prevailing threats. In cyber security, most of the attacks are online, since the process involves the use of the internet, although physical safety is necessary due to the protection of hardware involved in the transmission of information. Some of the threats involved are more serious, although this is subject to the ability of the organization to deal with them (McDowell & Householder, 2009). There are two broad categories of cyber attacks. One is when an attacker studies the security of the system and develops malicious programs to destroy the servers. The other attack is the zero-day attack, in which case the attacker bombards the system even before implementing the security measures (Fujiwara, 2006). Potential hackers and their motives Hackers have varied reasons for hacking into a cyber network. It is important to note that anyone can qualify to be a hacker, as long as there is an intention to access private information without permission. The leading cyber threat involves the financial sector, in which case the hackers engage in a number of ways. The first case is account takeover whereby criminals exploit financial and online systems, taking over the functions of the account holders. The aim of this crime is to pose as the legitimate owner, as this gives the criminals access to the accounts. Eventually, the criminals transfer all the cash to their accounts or withdraw the cash for their personal use. Another group of hackers consists of those criminals who engage in the third party payment processor breaches. In this case, hackers target large multinational companies, which have a large network of payment processors. By compromising the personal identifiable information of the employees of such companies, the hackers go ahead to seek payment or other financial benefits from the employer. Their aim is to siphon as much cash as possible before the organization realizes it is not dealing with the real employees (Snow, 2011). Securities and money markets are other potential areas for cyber hackers. They manipulate the market and trade in unauthorized stocks. The aim of these hackers is to control the money market through illegitimate trading and earn unwarranted cash. Cyber hackers have also affected the banking industry. Their main aim is to get personal information about customers and withdraw cash from the accounts of such customers. ATM skimming and point of sale schemes are the most prevalent methods used by the hackers. The skimmers device ways of stealing personal information about the ATM cards and use this information to make identical cards, which they eventually use to withdraw cash from the compromised accounts. Lastly, hackers are disrupting the telecommunication systems, which are of great help to businesses. As a result, they take advantage of the time lapse when the businesses are in the dark to alter the market operations (Snow, 2011). Another group of people, who would want to hack into a cyber network, is the hobbyists or the hactivists. These people do the hacking in order to send a message to the elites of the company and computer gurus. They do it for fun or because of the thrill of the challenge. They do not have malicious motives for their activities and will immediately dispose the obtained information once they have succeeded. In most cases, they leave the hacking once they relay their message and the authority recognizes their efforts. Although these kinds of hackers may seem to be less harmful, they are lethal, as they cannot give up until they quench their urge. At the same time, there is no guarantee that the hacked information will not end up in the wrong hands (Tulloch, 2011). White hat hackers engage in hacking with a good motive. Most of these types of hackers have permission from the organization to carry out the hacking and test the reliability of the system. System auditors for example, may hack into the system of an organization to test its ability to function. They deliberately try to access confidential information of a company though backdoor methods. Their aim is not to vandalize information but to identify problematic areas that are entry points for the hackers. After identifying such areas, they use their special skills to train and educate co-workers or the employees of a company. This assists the workers to detect hackers and potential rooters (Orfano, 2009). Company employees are also potential hackers, mostly because of their positions. Malicious employees may take advantage of insecure communication within the organization to access unwarranted information. Although the mistake may arise from the management, it is from the nature of their positions that employees take advantage of the situation. Equally, failure of the information and communication technology department to restrict URL access may endanger the information of a given company. This is because some of the hackers are novices and only perform their functions when an opportunity is availed. In some cases, the employees may not intend to hack, but may opt to do so if they realize that some of the sites are not restricted (Hacking-Gurus, 2009). The role of the government in securing and protecting infrastructures from cyber attacks and damages Each government has a role, either direct or indirect in safeguarding vital infrastructure from cyber attack and damages. To effectively deal with the menace, every government needs to devote significant amounts of resources towards the effort. This may be in form of material resources, legislations or even facilitation of the fight against cyber attack. First, governments need to realize that the internet has no borders, thus any single crime could be an international crime. In view of this, governments need to work together in the fight against cyber crimes. This means that if a country is investigating an online crime committed in another country, the other country should be willing to assist. This would not only discourage hackers from hiding in remote areas but also offer an avenue for reaching the perpetrators (Tulloch, 2011). The government can also set up special units to deal with the crime. The unit may work independently or in collaboration with other government agencies such as the FBI in the United States. It is advisable to link such units with academicians who are proficient in information and communication technology, in order to detect any hacking and offer solutions for the same. In a recent development, a special unit formed within the FBI was able to investigate fraudulent activities within the United States banks. The intelligence drafted and sent circulations to banks headquarters alerting them on how to protect themselves from online fraudsters (Snow, 2011). The other way the government can combat hacking and protect critical infrastructures from attack is by educating the masses on the advantages of secure servers. People need to understand that sometimes the fines imposed on cyber criminals are not commensurate to the damage suffered by the organization. Consequently, organizations should avoid losses other than rejoice about the compensation granted from a lawsuit. Additionally, it is also important for the government to support software developers whose aim is to upgrade systems and make it hard for cyber criminals to hack. In extreme cases, the government may promote the development of great firewalls like in China, which would prevent any unauthorized user to access private information (Albrecht, 2005). Lastly, the government in collaboration with other organizations may develop a voluntary security program that lays down measures for dealing with cyber hackers. In this case, members of the public would be encouraged to report any form of hacking or give information regarding potential hackers. Using this information, the government then goes further to investigate the authenticity of the information offered and take the necessary legal steps. Where necessary, the government may collaborate with the courts in order to fine the perpetrators or seize their tools of operation (Tulloch, 2011). Conclusion The security of the internet is of great importance, not only to individuals and companies but also to governments. It entails protecting valuable information trough prevention, detection and responding to any prevailing threats. It is thus the mandate of every stakeholder to ensure that hackers do not have any opportunity to harass the public. One way of doing this is by identifying potential hackers, understanding their motives and then acting fast before they make their moves. This is because while some hackers are ill motivated, other do it for the benefit of the organization. Lastly, governments need to come up with strict rules for the prosecution of cyber criminals. References Albrecht, T. (2005). Combating Computer Crime. Retrieved from http://www.crime-research.org/articles/trenton1/ Fujiwara, B. (2006). Cyber Security “Threats and Countermeasures”. Retrieved from http://www.gbd-e.org/ig/cs/CyberSecurityRecommendation_Nov06.pdf Hacking-Gurus. (2009). 10 Reasons Websites get hacked. Retrieved from http://www.hacking-gurus.net/2009/04/15/10-reasons-websites-get-hacked/ McDowell, M., & Householder, A. (2009). Why is Cyber Security a Problem? Retrieved from http://www.us-cert.gov/cas/tips/ST04-001.html Orfano, F. (2009). Reasons for Hacking the Home Computer. Retrieved from http://www.brighthub.com/internet/security-privacy/articles/8647.aspx Snow, G. M. (2011). The Cyber Threat to the Financial Sector. Retrieved from http://www.fbi.gov/news/testimony/cyber-security-threats-to-the-financial-sector The national Technical Authority for Information Assurance. (2011). What is Information Assurance (IA)? Retrieved from http://www.cesg.gov.uk/about_us/whatisia.shtml Tulloch, J. (2011). End of the Web As We Know It? Retrieved from http://knowledge.allianz.com/?1564/cyber-war-cybersecurity-cybercrime-internet&mcg=2162331292_6763320892&kwg=Exact_2162331292_cyber+security Westfall, L. (2011). What Is Information Assurance (IA)? Retrieved from http://www.selfgrowth.com/articles/Westfall1.html Read More