Internet Security in the Concept of Globalization - Case Study Example

Internet Security Roll No: Teacher: 17th November 2009 Internet Security Internet is employed in businesses, educational institutes, governmental institutes, social institutes, researching and many other places because it keeps the capability of allowing a communication path that is easier, wider, faster and user friendly. Internet plays a crucial role in the concept of globalization because it is because of internet that the world has become a globe where people can correspond with one another in a very less time. With every beneficial invention, there are also disadvantageous aspects. Because of internet, there are many internet security concerns. Internet security is a concern for all the world because due to internet, where people have gained many benefits, there are also many disadvantages such as internet fraud, loss of security and privacy, virus attacks, spamming, threat to data protection and computer misuse. Internet is accessed daily all over the world and is employed for multiple purposes is under threat. The companies, organizations, institutions and workplaces of the world that make use of internet are in need of internet security (Bhimani, 1996). Internet has minimized the gaps between people and their wanted works but it has also given us many disadvantages such as security threat. The computers that are kept and used in global settings are at threat in terms of security and if they are accessed illegally, there will be security threat and the private data of the companies or organizations that are working on international basis can get lost. In the lieu of internet security, there are a number of security measures that are taken such as anti-virus software, spyware, firewall and copyright authentication. There are many other security measures taken by various global organizations such as passwords for security purposes. The companies that are working online are at higher stake of lapsing of internet security. The online companies suffer from online monetary frauds that are quite problematic for the organizations. For all these purposes, further measures are required to be taken in order to safeguard the private and confidential data of internet companies. Global internet access is easier but internet security is considered very important by all the users of internet operating globally. Internet is an essential resource for all working institutions whether they are educational or business oriented. The sharing of it can be a key to growth and success of the institution. Internet security can be linked to computer security because internet is dependent on computer. Computer security can be defined in terms of the availability, integrity and confidentiality of information (Bequai, 2000). Its loss or improper use may have serious implications as to the continued success of an organization. Availability means that it should be ensured that information is available when you need it. Integrity means that the information should be protected from unauthorized modification and it must be ensured that information, such as price list, emailing details and other institutional information that is private can be relied upon as accurate and complete (Fisk, 2002). Confidentiality means that the information should be protected from unauthorized disclosure, perhaps to a competitor or to the press. These can be breached in a number of ways, for example by theft or computer viruses. The result of a breach may be far greater than expected. Not only may the loss of critical information directly affect competitiveness and management but the reputation of the organization may also be damaged which could have a long-term detrimental effect (Bhimani, 1996). A simple, structured approach to identifying and locating the threats which computer-based systems are likely to face is essential. Such an approach can present a view of computer security in terms of the causes and effects of loss of security, which, in turn, can be related to practical solutions (Fisk, 2002). It should also allow related aspects to be considered a few at a time, resulting in a more complete, systematically derived, view. Information to be protected is that which is: Stored on computers Transmitted across networks Printed out or written on papers Sent by fax Stored on tapes or disks Spoken in conversation (including the telephone) Transmitted via e-mail Transmitted via internet Stored on databases Held on films and microfiche Included in any other methods used to convey knowledge and ideas Any breakdown in the IT function can have disastrous results. Threats to Internet Security a. Virus b. Fraud c. Theft d. Trojan e. Loss of data f. Hacking All the threats such as virus, fraud, theft, Trojan and loss of data are because of internet usage. For all these threats, precautionary measures are taken so that the computers that contain confidential and important data cannot be accessed with negative motives. The virus attack is destructing for the data that is stored on computer systems. With usage of internet on daily basis, the computers have the threat of virus attack (Symantec, 2004). This threat can be minimized by the use of anti-virus software and through online scanning for viruses on weekly basis. Firewall can also be employed as a means of precautionary measures. With these precautionary measures, the data and information stored on computer systems will not be lost or destructed (Sherwood, 2000). Moreover, the companies that are operative all over the world should make sure to keep more than one copy to data so that there is no threat to the loss of data. Fraud is such a great threat that is very common for the companies operative online. The customers that access the internet and get online products can become a source of fraud and can get products by the help of fake payment information to the company. On the other hand, the customers can be defrauded by paying for something which, they do not get (Bequai, 2000). The credit card and ATM card fraud is very common in terms of internet usage and customers and companies in the whole globe become a target of these frauds. Because of internet, such frauds are very easy and people can suffer through a great monetary loss on the basis of their personal information disclosure (Sherwood, 2000). Computer theft is another threat to internet security. The personal information of a company or organization or an internet user is attained by means of theft due to which, he/she has to suffer financial or reputation loss (Bhimani, 1996). The payment information is also attained through negative means such as hacking or fraud after which, it is employed for get access to customer’s account and his personal data that can be injurious for the customer. Trojan attack is somewhat similar to virus attack as due to Trojans also, the security of internet is lost and the data or information stored on a computer system gets affected negatively. There are antivirus and anti-Trojan software that can be employed for the removal of Trojans and also firewall can be employed for stopping irrelevant entries from the internet (Fisk, 2002). Loss of data can be there because of theft, fraud, and hacking or virus attack. For all these threats, there are effective strategies that can be employed by global consumers of internet. The companies that are operative online face a greater threat to loss of data and information because they are more vulnerable as they are linked to the globe by means of internet. When the users of a site are many, the threats can also be many. For companies and organizations and even for individual users of internet, internet security is must because they keep important data and information on their computers, which can be accessed because of lack of internet security measures taken by the user (Sherwood, 2000). Hacking is also a means of breaking the internet security. Through hacking, the personal information of a company, organization or an individual user can be leaked out and can be employed for illegal or fraudulent purposes due to which, the owner can be negatively impacted (Bhimani, 1996). There are also anti-hacking software programs that can be installed for safeguarding the computer from being hacked. Internet Security Standards and Procedures Virus Protection Viruses having received considerable publicity in recent years, so it is no surprise to discover that 95 % of organizations have some policies and procedures for preventing virus attacks (Symantec, 2004). Prohibition of unauthorized software is the most common policy and loading of unauthorized software is still the most common cause of virus infection. However, there were a number of cases reported where viruses entered the organization via authorized software updates and in one case on a new PC, direct from the suppliers (Bhimani, 1996). Over 80 % of organizations have either virus detection or change detection software on all systems or a central disk checking facility (Bequai, 2000). User awareness programmes were also in place in over half of organizations. A number of respondents who had experienced virus incidents mentioned that the incident was used to raise user awareness (Symantec, 2004). Copyright Compliance Sixteen per cent of organizations reported infringements of software licence conditions. Comparisons with the 1994 survey suggest that organizations have tightened up procedures in this area (Symantec, 2004). The proportion citing a formal policy has increased from 55 % to 72 %, monitoring to ensure compliance has increased from 32 % to 61 % and guidelines or training for users has increased from 29 % in the 1994 survey to 55 % in 1996 (Fisk, 2002). Data Protection Almost three quarters of organizations have a designated employee who can advise users on data protection issues. Many of them also have a user awareness programme. There was a strong correlation between industry sector and the emphasis on data protection issues. In the government sector, 95 % have an individual with responsibility for advising users on data protection and 66 % have a user awareness programme (Symantec, 2004). Other leading sectors were education (91 % and 70 %), health (81 % and 76 %) and finance (86 % and 60 %) (Bhimani, 1996). Risk Analysis Just over one third of organizations (36 %) said that they carry out detailed risk analysis of IT applications. This is more likely to be used for mainframe or network based applications than for standalone applications (Symantec, 2004). Risk analysis at the design stage was most common for mainframe or network based applications. Access Control Access control procedures exist in most organizations. Password protection for network access and password protection for specific applications were much more common than password protection for individual PCs (Symantec, 2004). A number of those who indicated that they have password protection for individual PCs pointed out that this was for specific PCs or portable PCs only. Over three quarters of the respondents had implemented formal corporate standards relating to password security and procedures for controlling and changing passwords (Symantec, 2004). Computer Misuse Nearly half (46 %) of the respondents said that they provide a clear definition and notification of those parts of the system to which each user has authorized access. A warning about computer misuse is displayed on or near all terminals in 17 % organizations and 44 % give staff a written warning about the disciplinary consequences of computer misuse (Bhimani, 1996). Security Evaluation There are standardized European criteria for the security of IT systems and products, known as ITSEC. In the UK, third party assessment against these criteria is certified by the ITSEC scheme. Just fewer than 20 % of the respondents were already aware of the ITSEC scheme, although the proportion was much higher in the larger organizations (41 % of those employing over 1000 staff) and the finance sector (also 41 %). Of those who were aware of the scheme, almost one third gave preference to certified products (Symantec, 2004). Thirty-one per cent of respondents had had the security of some systems assessed by a third party but three quarters of these were not aware if this assessment was carried out to a recognized standard (Bhimani, 1996). References Bequai, A. (2000). America’s Internet Commerce and the Threat of Fraud. Computers and Security 19 (8), 688-691. Bhimani, A. (1996). Securing the Commercial Internet. Communications of the ACM 39 (6) , 29-35. Fisk, Mike. (2002). Causes & Remedies for Social Acceptance of Network Insecurity, contribution to the “Workshop on Economics and Information Security”, Berkeley: University of California. pp. 106-127. Sherwood, J. (2000). Opening up the Enterprise, Computers and Security 19 (8) (2000): 710-719. Symantec. (2004). Symantec Internet Security Threat Report: Trends for July 1, 2003, 112-134. Read More