StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information and Systems Security - Assignment Example

Cite this document
Summary
The paper “Information and Systems Security” seeks to evaluate Network Security as one of the most highly debated topics in the present-day world. Network Security has many dimensions. Securing any network is like securing a country's access points with several defense mechanisms…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.6% of users find it useful
Information and Systems Security
Read Text Preview

Extract of sample "Information and Systems Security"

Information and Systems Security Network Security Network Security is one of the most highly debated topics in the present day world. Network Security has many dimensions. Securing any network is like securing a country's access points with several defense mechanisms. Network Security has become a very essential part of each and every network present on this planet- be it the Internet which we use or the LANs (Local Area Networks) and MANs (Metro Area Networks). It deals with stopping attacks on a network from outer entities such as hackers and from non-intentional attacks. As more and more networks are being introduced every single day, the implementation of network security has become very important. The interconnection of networks has made flow of information easier between organizations or individuals (Curtin, 1997). But with this ease of information access comes the issue of security. With the increase of information flow, there has been an increase in the number of attacks on information by hackers. Attacks such as Denial of Service (DoS) Attacks, Spoofs, Sniffing, etc. have increased with the increase in the availability of hacking tools which are free of cost. Valuable information is lost in the process. For example, if a customer buys a product of a particular organization through their web-site and a hacker presents himself as the organization and receives the money from the customer, valuable information such as the ID of the customer, his credit card numbers, his passwords are all stolen by the hacker. Therefore such information has to be transferred securely over the Internet. Encryption is the most common way of securing valuable information while transmitting over the Internet (Rahman, 2003). Networks are secured in a different manner. They are secured using tools called "Firewalls". Whenever transactions or information between a customer and an organization are being carried out, a particular pattern is followed. Firewalls recognize and allow only these transactions or processes to be carried out and block out all the unrecognized patterns. By implementing Firewalls, most of the attacks from the hackers can be kept out. Securing a network just does not happen. There are many issues to be considered when making policies for network security. The three main issues back in the earlier days were Confidentiality, Integrity and Availability. Due to the advances in the technologies, these issues have been mostly resolved. But in the present day Networks, other issues have appeared. These issues will eventually result in the breaching of confidentiality, integrity and availability thereby defeating the cause of coming up with Network Security policies. Security Factors Confidentiality: Confidentiality is ensuring that sensitive information does not fall into the hands of those who are not authorized to have it (Dhillon, 2001). Confidentiality is also known as secrecy or privacy. Integrity: Integrity means that the information is protected against unauthorized changes that are not detectable to authorized users (Kinkus, nd). Authenticity: Authentication means that the parties involved in communication first prove their identity before communication can begin (Tipton & Krause, 2007). Threats Risk to Data Data is the most crucial asset of a company. Remote Data Backups Inc, a leader in data security mentions the following possible reasons for threats to data (RemoteDataBackups.com, 2007): Hard Drive Failures: Hard drives are mechanical magnetic storage devices that are extremely susceptible to failure. Head crashes, circuit board shorts, electrostatic shocks, power surges, etc. can all lead to immediate crash of the hard drives. Viruses: Dangerous viruses can easily wipe out tones of data in matter of seconds. They are designed to affect nearly all parts of an IT system such as Operating Systems, Applications, Networks and Databases. System Changes: Making any inadvertent changes to an IT system may render the system useless. Power Failure: Power surges, sags and failures can damage hard drives and corrupt operating systems, databases and other programs and services that need to be shut down safely. Media Degradation: The media used for data backups must be of excellent quality. Degradation in the storage or backup media can lead to total data loss. Human Errors: The results of human mistakes can be small as well as catastrophic. The cost of lost data due to human error can go beyond mere dollars. Time, productivity, employee morale and customer confidence all get affected. Natural Disasters: Natural Disasters such as fires, earthquakes, floods and lightening can destroy the complete data storage within a second. Risk of Computer Crime A computer crime or an electronic crime is regarding activities that are illegal where a computer or often a network is the one seriously affected for that crime (Jacobson, 2002). Basically all the criminal activities have a detrimental affect to variants in the field of Information Technology and its infrastructure. These include unauthorized access, inception, illegal transmission of data to/from a computer (interruption), damaging, alteration or deletion of data, which is interference which can be both through data and system, forgery, misusing devices and the list goes on. (Ronald, 2002) Risk to a business organization can be of the following type: A business is prone to computer crimes if a computer is used, even if not connected to Internet. Hijacking customer pretending that the criminals are the people running business. Websites and systems being destroyed by hackers. Criminals attacking unprotected Internet connections. An unprotected Internet connection serves as a highway for cyber crimes. Business is prone to thefts of data in PDA's or Laptops. Business sensitive data is lost and that undoubtedly damages the business. (Jacobson, 2002) All this leads to loss of reputation of the business and that ultimately leads to public embarrassment and loss of revenue. This general listing can be categorized as: Theft of data transfer: This happens where the bandwidth used by the business is stolen across many users illegally. Even when the business transactions are off, the intruders can continue using the systems pretending as if it were the employees themselves. Unauthorized Access/Misuse of computer time: Employees using systems for their private purposes without proper authorization. This includes manipulating computer records etc. Theft of Output: Stealing the private information of company for the sake of personal interest. This is commonly done by tracking the systems, mailing lists, customer list, printouts etc. Forging Desktop: Thieves often use desktop publishing programs in order to steal documents, passports, cash receipts etc. (Ronald, 2002) Intentional False Programming: Crackers affect business by using computer programs to manipulate and induce unnecessary changes for data or a network or a personal computer. Apart from these other risks are spamming, spoofing, theft of intellectual property, materials, spreading viruses/worms etc are a few computer crimes (Ronald, 2002) associated with a business organization. Identity Theft: (A Hacker's new Weapon) Identity Theft is not a very new concept. People have been doing it over ages. However, due to advancements in technology, hackers have shifted their interest towards identity theft. Identity theft refers to stealing another person's identity and using it for your own purpose. In IT terms, identity theft refers to posing as a different person whose identity has been stolen. It becomes very difficult to identify the theft and thereby difficult to identify the information stealer. Due to Internet, Identity Theft has become a signature threat in todays digital world (O'Brien, 2000). The number of Identity Thefts are increasing day by day all over the world. Identity Theft has become a very common issue to every organization since they have to protect their customers' information from threats. Identity Thefts occur through different media like the mailboxes, through trojans and spy-ware (Levy & Stone, 2005). Steps to Prevent Identity Theft Identity Theft has left many people in a dilemma as to what and whom to trust. Even though there have been many attempts to remove or completely stop Identity Theft, it could not be completely prevented or stopped. This is mainly due to the fact that Identity Theft consists of not only the technological entities, but also the social entities which are generally not possible to control (Emigh, 2005). However, the risk of Identity Theft can be reduced by applying the following principles: Any malicious activity such as usage of web-site, registration of domains, etc. should be monitored thoroughly to ensure detection and prevention of Identity Theft attacks on computers like the phishing attacks even before the attack could be initiated. All email messages being sent in and out of an organization or on the computer should be authenticated. This helps in restricting any unauthenticated message or email coming in from another source. Detecting the unauthorized use of trademarks, logos and other proprietary imagery. Improving the security patching infrastructure to increase resistance to malware. Authenticating the email directly to the user is a good method of preventing Identity attacks. This can further be improved by personalizing the information and then using it to authenticate the email. The user can be intimated of the reliability of the web-site he is browsing through the use of phishing filters in web browsers. Using a mutual authentication protocol. Establishing a trusted path between the user and a web site to ensure that information can be used only by its intended recipient. Using two-factor authentication. Forcing passwords to be site-specific. Encoding credentials with restrictions on their validity, using public key cryptography. Tools to Implement Information Security There are many tools available for analyzing the strength of the information security of an organization. Many of these tools are open source. The most widely used tool is Nessus. It is widely used to test the vulnerability of UNIX environment. Nessus provides remote and local (authenticated) security checks, a client/server architecture with a GTK graphical interface and an embedded scripting language for writing your own plugins or understanding the existing ones (sectools, 2006). Snort is another widely used tool for analyzing vulnerabilities of the network of an organization and is an intrusion detection tool. Spiceworks is yet another such security tool which helps administrators in monitoring the network security assessment. References Curtin, Matt. (1997), "Introdcution to Network Security", pp: 3-15, http://www.interhack.net/pubs/network-security.pdf Rahman, B. S. Abdul (2003), "Current Issues in Network Security Management", pp: 2-22, http://www.aptsec.org/meetings/2003/nsm/Malaysia-Sem/Session-1_Malaysia-MCMC.ppt Gurpreet Dhillon (2001), "Information Security Management: Global Challenges in the New Millennium", IGI Press, Chapter 1. Jane F. Kinkus, "Science and Technology Resources on the Internet: Computer Security", Purdue University, Found at: http://www.istl.org/02-fall/internet.html. Harold Tipton & Micki Krause (2007), "Information Security Management Handbook", Auerbach Publications, 6th Edition. RemoteDataBackups.com (2007), "Articles on Data Risks and Solutions", Online Web Content Found at: http://www.remotedatabackups.com/why/risks.htm Jacobson, "Computer Crimes", (2002) Vol. 39 American Criminal Law Review, 273. Standler,Ronald B., (2002), "Computer Crime". O'Brien Timothy L. (2000), "Aided by Internet, Identity Theft Soars", Online Article, found at: http://www-personal.si.umich.edu/rfrost/courses/SI110/readings/Privacy/IDtheft.pdf Levy Steven, Stone Brad., (2005), "Grand Theft Identity", Online News Article, found at: http://www.glasshousepartnership.com/viewpoint/downloads/newsweek-grand-theft.pdf Emigh Aaron., (2005), "Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures", Radix Labs, found at: http://www.phishcops.com/librarian.aspdoc=Phishing-dhs-report.pdf sectools., (2006), "Top Hundred Network Security Tools", Online Article, found at: http://sectools.org/ Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Information and Systems Security Assignment Example | Topics and Well Written Essays - 1500 words, n.d.)
Information and Systems Security Assignment Example | Topics and Well Written Essays - 1500 words. Retrieved from https://studentshare.org/information-technology/1518263-information-and-systems-security
(Information and Systems Security Assignment Example | Topics and Well Written Essays - 1500 Words)
Information and Systems Security Assignment Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/information-technology/1518263-information-and-systems-security.
“Information and Systems Security Assignment Example | Topics and Well Written Essays - 1500 Words”. https://studentshare.org/information-technology/1518263-information-and-systems-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information and Systems Security

Information systems security incident

To fulfill this mission the operational framework for security of the software,hardware and data associated with information systems is defined based on ISO 17799.... … CONOP outlines the key players, their roles and responsibilities in the event of information security incident.... The CONOP is defined to control the information & financial loss, for business continuity, security policy review and security awareness program....
8 Pages (2000 words) Essay

Information Systems and Security

The aim of this research is to discuss aspects and issues in the management of information systems security.... This research presents a detailed analysis of the "Information Systems and security".... … At the present time, there are better ways to communicate, transfer data, information retrieval as well as distribution, dealing and especially online business, but all these improvements in the fields of information technology also brought the challenges regarding the security....
8 Pages (2000 words) Essay

Information Systems Security

This report "Information systems security" discusses a database that would include tenants and the building managers.... The company ought to put in place structures that will ensure information security in two main ways, (1) authentication and authorization, and (2) general policies and procedures.... The threat posed by such security menaces may damage a company's reputation or compromise the integrity of its confidential information, causing it to lose clientele as banks would in the case where credit card numbers are leaked....
6 Pages (1500 words) Report

Information Systems Security Survey

As a result… IRS has an information security risk management program that is mainly constructed to balance the company's security duties alongside other business duties.... The company must continue with its operations despite the exposure to The program ensures that all the managers that work in the different centers follow the compulsory security requirements that have been put in place and make their decisions with an aim of reducing the risks....
3 Pages (750 words) Essay

Fundamentals of Information Systems Security

The author of this term paper "Fundamentals of Information systems security" states that information security aims at protecting information from unbiased or unauthorized use, it also protects information from being dislocated or used in a manner that will make it accessible to an authorized user.... Procedural handling controls were put in place where he marked sensitive information and used codes to represent the information he wanted to pass.... hellip; Computer security –it is also referred to as information technology (IT) security....
7 Pages (1750 words) Term Paper

Information System Security Plans

According to research findings of the paper “Information System security Plans”, the greatest impact on the system comes from performances of individuals.... hellip; The desire to have the applications in place has been pushed by the recent attacks that initiated the need to ensure the highest level of information security practices.... The basic document in the security process has been the IT since it defines features and controls of the system security....
5 Pages (1250 words) Coursework

Development of Internet for Communicating and Doing Business

There has been report's from around the world that there are some individuals who are talented enough to attack and gather information and even send out deadly viruses to earn a profit.... Nowadays the software is combined with hardware that has security embedded which also uses a third party Assurance seals to protect sensitive data and to control and make the consumer's aware if the site they are accessing and giving personal information is legitimate and protected....
5 Pages (1250 words) Assignment

Information Technology and Information System Security

… The paper "Information Technology and Information System security" is an engrossing example of coursework on information technology.... The paper "Information Technology and Information System security" is an engrossing example of coursework on information technology.... However, it is quite unfortunate that individuals entrusted with the responsibility to maintain the security posture of their business processes, personal computing systems, and environments are not well-informed that security is changing rapidly....
8 Pages (2000 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us