Information Technology Security - Report Example

? INFORMATION TECHNOLOGY SECURITY (Computer Sciences) of (affiliation) of Submission: Estimated word count: 1,937 Introduction The human experience today continues to be benefited and expanding at a very fast rate because of computer-related technologies which contribute greatly to modern conveniences. In the daily experience, people expect their lives to be safer, smoother, and easier due to computer technologies which if considered in the context of history, are a fairly recent phenomenon. It has contributed to the rapid expansion of data sets, new information, great incredible knowledge acquisition and hopefully, the enhancement of human wisdom. Computers had literally made the task of computing very fast and ultra accurate; people expect results within minutes or seconds. Scientific, medical, and technological progress had been achieved with the use of all the computer technologies currently available, accelerating human advancement by several degrees if compared to the prior centuries and millennia before the advent of computers. Other areas of human endeavors have likewise benefited from this computer-related development such as in the business and industry sectors, in the telecommunications, banking, trading and commerce sectors as well as in almost all aspects of human life. Today, there is no escaping the fact of interacting with computer-related equipment as people go along their lives in their daily activities. Computers are used in various ways wherein people may not be aware of, like in a building with a computer-controlled air conditioning system, using an elevator or an escalator, trying to get in touch with their friends, acquaintances, and relatives through social media sites, to buy a product or service on-line through electronic commerce (e-commerce), and get the news or entertainment from the Internet. This paper focuses on one such aspect, which is the human-computer interface (HCI) that is at the basic level by which people interact with computers. Discussion The field of study concerning the use of computers by humans is called as the human-computer interface (HCI) or also called alternatively as human-computer interactions (HCI). The basic premise of HCI is to study the optimal design of the interaction between people (the users) and the computers or machines they are using in order to give the maximum benefit and likewise avoid unexpected problems between man and machine. HCI is a multidisciplinary approach that utilizes several fields such as engineering design, architecture, computer graphics, the operating systems, and the software programming (confidentiality, integrity, and availability or CIA). It is supplemented by the human side of this knowledge such as linguistics, communication theories, cognitive psychology, the social sciences, and human factors like logic, ease of use, user satisfaction, memory recall, attention span, and user experience that contribute to desired results. There are a good number of engineering designs to observe as a guide when designing a human-computer interface (HCI) but it can be reduced to the basic principles which are a focus on the user, emphasis on the task to be performed, and actually measuring the real uses of this interface based on several or repeated simulations to detect any deficiencies and eliminate these. The designer or engineer of the HCI must firstly determine who will be the eventual users of the HCI, so that the final design will be suited for them. Secondly, the designer must know the tasks to be performed using the computer interface, specifically defining these tasks in detail, and also how often these tasks are to be performed within the day, or during a certain work period. This will hopefully help establish the parameters to be used in the HCI design, using empirical ways or methods to determine the required benchmarks or performance levels (Sarmento, 2005). In order to be able to properly analyze the design issues of the new cash register system implemented by the fast-food chain of Arge, it is necessary to first know the basic principles of a good HCI which have the following eight consecutive steps to be followed in the right sequence but which can be reduced to just six major steps in the overall system of the design process, which are the following basic or inherent steps which cannot be skipped (Brown, 1999). knowing the users (establish who will use the HCI system as the only valid users) defining the tasks to be performed (these tasks are described in great detail to be exact) incorporating design guidelines (only the desired objectives will be adopted) developing user-interface tools (the software programs must be suitable to the tasks) prototyping and user testing (this can be done in repeated simulations to approximate the actual conditions under which the final HCI system will be operating by using feedback) designing by iterative refinement (test and analyze results, and then improve further) Furthermore, in addition to the foregoing discussion, it is also necessary to reiterate how important it is not to lose sight of the ultimate objectives of designing the optimal HCI system that satisfies both the security concerns and usability properties of a good interactive computer technology. In other words, a good HCI design must balance correctly security and usability to be considered as an ideal or optimal design that achieves its stated purpose or objectives. A good design must not sacrifice security in favor of usability, nor the other way around. Any imbalance will probably result in unsatisfactory consequences or even worse, cause unforeseen problems. A key consideration is the combination phrase “usable security” for it (Cranor & Garfinkel, 2008). It is imperative that a right balance can be found without compromising either property. Based from the previous discussions, the following design issues can be observed with the new touch-screen cash register system currently being implemented and tried by Arge. The user ID and the password can follow a standard convention, such as a user ID that has the name of Arge at the end of it; this will eliminate the excessive flexibility in the naming of a user ID. The same convention (standardized nomenclature) can be used in the making up of passwords; this will make it easier for each individual cashier to recall. The 3-minute period allotted when the screen is left untouched and wherein the register will lock automatically is probably too short a time period by which it can be left idle. A longer time period of perhaps between 5-10 minutes can be tried, because it seems to be a more reasonable time gap in which the screen is not touched without locking by itself. It will minimize the number of times or occasions when the store manager is required to unlock it using a key card. A restaurant cannot be expected to have a steady, continuous stream of clients within that original 3-minute allowance allotted for it to stay unlocked. Enlarge the screen buttons to make these more visible to avoid mistakes in keying-in the password and maybe utilize some back light so the keys can be seen even in the dark. Use new material for the plastic film sheet covering the screen that is grease-resistant so buttons are responsive if touched, easy to clean, and eliminate fingers slipping on screen. Eliminate the need for a system re-boot if cashiers failed to log out properly. This is an unnecessary and excessive security option which will not compromise overall security. The new design plan that will address all the issues mentioned earlier will be utilizing a six-step process with the estimated time to completion and the expected benefits afterward. Task to be performed Estimated time to complete Expected benefits Conduct a seminar for cashiers on how to use the new system properly and solicit suggestions 1-2 weeks if done on a chain-wide basis but preferably done in a store-by-store progression Cashiers will now be made more aware of the intricacies of the new touch-screen system Re-program the software used on the touch-screen registers to allow for longer time periods of beyond 3 minutes to the new 5-10 minutes as suggested earlier 1-2 days if the computer system programmer is fairly adept at changing the software protocols because this involves only a relatively minor change Store managers will be freed up to do other important tasks and eliminates the need for them to constantly unlock the screens as it is an unnecessary security Change the material used on the register screen to utilize a new grease-resistant film that will not allow accumulation of grease and material that is easy to clean This will depend on the supplier of the touch-screen registers to Arge on how soon they can be made to replace said screens by contacting hardware vendors Mistakes in typing passwords will be minimized or eliminated as new material will not be slippery and the fingers of cashiers will no longer slide over the screen Re-program the software to not include a system re-boot if ever a cashier fails to log out properly as this consumes so much time of about 3-5 minutes for it finish 1-2 days if the computer system programmer knows his job and tweaks just a few modules inside the software program as it is just changing the protocol process Security will still be observed as this system re-boot is really not necessary, considering that the screen register had been locked already. It will speed up things Analyze the results of all changes and ask for honest feedback or opinions, suggestions, and ideas from valid users (store managers and cashiers) as they are the ones who are most affected if ever there will again be defects 2-4 weeks if Arge has an efficient communications system between its branches and its head office. The time allocated includes the time period necessary to contact all venders and programmers to change whatever is necessary The benefit will be in maximizing the new system without entirely junking it altogether as it is costly to look for another hardware vendor and to train again all the managers and cashiers. It will be time consuming to do so again Iteration of the entire 5-step process as a system-wide test 1-2 months if circumstances are favorable or even longer if not Repetition will eliminate all the bugs, deficiencies, or complaints Based on the expected benefits of adopting the recommended changes and alterations to the new touch-screen system, then it is expected a more correct balance of security and usability will be attained within the time period envisioned. Actually, there are seven major principles in human-computer interface design, which are then grouped into either security and usability. a. Security – included under security are the features of tolerance, structure, feedback, and consistency which will enable an HCI system to achieve its stated objectives in terms of the enhancement of the human experience in its encounter with computer-enabled technologies. The key words for all these experiences can be reduced to confidentiality, integrity and availability. b. Usability – grouped under usability are the general features of simplicity, visibility and affordance (the quality of the computer system to allow people to perform a certain function) which leads to the conveniences in modern life today; affordance is an enabling instrument. Conclusion Modern societies rely extensively on computer technology and the wonderful computer technologies are maximized only when the HCI systems are designed properly. Usability in this context refers to a system that is user-friendly even nontechies can understand and use it while in another perspective, security features of an HCI system pertain to the authentication processes to allow access while simultaneously preventing unauthorized access (Jacko, 2011). Simplicity and visibility being incorporated into the HCI design will allow people to use more often any system using computers for their own benefit because it eliminates common mistakes such as oversight of already embedded system-security features (Radke, Boyd, Brereton & Nieto, 2010). Six Tasks to be implemented to improve Arge’s new touch screen register HCI system. References Brown, C. (1999). Human-computer interface design guidelines. Bristol, UK: Intellect Books. Cranor, L. F. & Garfinkel, S. (2008). Security and usability: Designing secure systems that people can use. Sebastopol, CA, USA: O'Reilly Media, Incorporated. Jacko, J. A. (2011). Human-computer interaction: Design and development approaches. New York, NY, USA: Springer Books. Radke, K., Boyd, C., Brereton, M. & Nieto, J. G. (2010). “How HCI Design Influences Web Security Decisions.” OZCHI 2010, November 22-26, pp. 252-255. Sarmento, A. (2005). Issues of human-computer interaction. Hershey, PA, USA: IRM Press Read More