Information Security - Research Proposal Example

Information Security in Small Business Firms Information Security in Small Business Firms Introduction The explosive growth of internet has added to the efficiency and convenience of modern business operations. However, a wide variety of information security threats, particularly computer hacking raises potential challenges to keeping and transferring information securely over the internet. Even a small business organization needs to deal with huge volume of confidential and sensitive information.

Evidently, unauthorized access to such information would hurt the stakeholder interests and thereby the firm’s reputation. Therefore, advanced information security measures are vital for even the smallest business organizations. Threats and Vulnerabilities Small businesses having limited knowledge of computers, networks, and software are highly vulnerable to a range of serious information security threats. According to the National Institute of Standards and Technology (NIST), major threats include denial of service attack, malicious code, and virus attack.

The growing rate of computer hacking activities is the major factor making small businesses vulnerable to information security threats. Computer hackers include different groups such as experimenters, hacktivists, cyber criminals, and information warriors (NIST). Among them, hacktivists and cyber criminals pose greatest threats to business firms. Hacktivists combine hack and activism to achieve their stated political or organizational goals. In contrast, cyber criminals try to obtain unauthorized access to an organization’s sensitive information and use such information to threaten the sustainability of the organization for personal financial gains.

Evidently, increased threat of hacking would adversely affect the confidentiality and integrity of information. Today businesses maintain advanced systems to improve customer accessibility to information. However, hackers often take unfair advantages of such facilities to crack information security. Hacking activities can have a negative influence on the authenticity of information because hackers can alter or modify information once they gain access to information. McCullagh and Caelli (2000) state that in the sense of information security, non-repudiation refers to a service that provides proof of the origin and integrity of the data.

Certainly, small business organizations cannot promote non-repudiation services unless they are properly informed of computers, network, and software and hence prevent security threats effectively. According to the Computer Security Institute Survey (as cited in National Institutes of Standards and Technology video), nearly 42% small business firms reported laptop theft whereas another 42% reported an insider abuse. Half the participants (50%) reported that they had experienced one or other form of virus attack.

When 21% small businesses indicated a denial of service attack, 20% firms pointed that there system had been made into bots (NIST). Recommendations As Lin and Chiueh (n.d.) describe, a denial of service attack (DOS attack) or distributed denial of service attack (DDOS attack) is an attempt by hackers to cut the availability of a network resource to its intended users. This type of attacks generally involves efforts to interrupt services of a host linked to internet temporarily. Common security solutions like filtering or anomalous packets based rate limiting are not sufficient to prevent DOS attacks.

At present, the most effective way to handle DOS attacks is employing the Turing Test mechanism. Nowadays graphical CAPTCHAs are widely used to deal with this kind of situation. Graphical CAPTCHA “consists of a picture with some degraded or distorted image which will make up a lot of valuable bandwidth especially in the case of the attack.” (Lin & Chiueh, n.d.). The authors add that in case of DOS attacks, graphical CAPTCHAs containing degrades or distorted images are sent from the server to the client for authentication and this technique is capable of preventing such an attack successfully.

According to Lin and Chiueh (n.d.), low bandwidth Turing test is better for preventing DOS attacks more effectively; and text-based question answering is one of the most effective low bandwidth Turing Test mechanisms used today. Expected Impacts or Outcomes Undoubtedly, improved information security mechanisms would assist even small business firms to strengthen the security of their databases and operational efficiency. Hence, the benefits of maintaining such security mechanisms can outweigh their costs.

It is clear that ineffective or nonexistent protection measures would cause information systems to compromise its security, and such a situation in turn may increase the system maintenance costs of the firm. Conclusion In total, even small businesses are vulnerable to many information security threats such as DOS attacks, malicious code, and virus attacks. The growing incidence of computer hacking activities raises serious challenges to the sustainability of small business organizations across the world.

Currently, Turing Test mechanism is an effective strategy to prevent DOS attacks as it improves the information security of businesses. References Lin, S & Chiueh, T. (n.d.). A Survey on Solutions to Distributed Denial of Service Attacks. Retrieved from http://www.ecsl.cs.sunysb.edu/tr/TR201.pdf McCullagh, A & Caelli, W. (2000). Non-Repudiation in the digital environment. First Monday. 5 (8). Retrieved from http://firstmonday.org/ojs/index.php/fm/article/view/778/687 National Institutes of Standards and Technology.

Retrieved from http://csrc.nist.gov/groups/SMA/sbc/library.html#04