Information Assurance and Computer Security - Report Example

It is necessary for any reputable organization to carry out an IT and computer risk assessment. Risk assessments are normally used for purposes of identifying any risks that business organization face, and this is in regard to their computer system (Calder and Watkins, 2010). Risk assessments help in the identification of the vulnerabilities that an organization faces. It further analyzes the costs that a business organization will face, for purposes of recovering its operations in case its computer systems are attacked. A secure computer and IT system is beneficial to the organization, mainly because it increases the confidence that customers have towards the organization (Calder and Watkins, 2010). There are a variety of risks that a business organization faces when it comes to the implementation of a secure information technology system. This includes loss of information, an attack by internet or computer viruses and malwares, authorized use of data, etc (Vladimirov, Gavrilenko and Michajlowski, 2010). This paper analyzes the various elements that would make the computer system of a business organization to be vulnerable. It also examines the various measures aimed at protecting the computer system of a business organization. A secure computer system must comprise of three major elements, namely recovery, resilience, and contingency (Calder and Watkins, 2010). Under resilience, the critical functions of a business organization and its supporting infrastructure are engineered and designed in a permanent manner. They are designed in a manner that it is impossible for any disruption to affect the functionality of these systems (Bradley and Carvey, 2006). It makes it likely for an organization to maintain its operations in case of a major threat or attack to its computer systems. For instance, a business organization may develop power back up systems, to protect the loss of data or their computer networks from going off, in circumstances where power fails to occur (Harrington, 2005). Business organizations may use solar gadgets and generators to protect their computer systems, in circumstances whereby power may fail. Recovery involves restoring the important features of a computer system or network that failed to function (Bradley and Carvey, 2006). Computer experts may make arrangements aimed at recovering lost data, and making replacements on areas that is needed. This is to ensure that the activities of the business organization are not interrupted in any negative manner (Oppliger, 2000). Contingency involves a situation whereby the organization is able to establish a capability that can help it mitigate on unforeseen risks to its computer system. This aimed at protecting the information system of a company from any failing because of an attack that the organization is not prepared to handle. This is the most challenging part while establishing the security of a computer system (Vacca, 2014). It is because of difficulties in establishing the kind of threats that a computer system will face. The threats that face computers normally change and evolve with time. It is therefore difficult to develop a standard security system that can protect from future threats. This is the major reason why anti-virus systems such as Norton, Kasperkys, and Avast constantly up-date their capability, to make them effective in fighting emerging threats (Swanson, 2005). The management of Information Technology involves applying the elements of risk management in the context of Information Technology. It is for purposes of reducing business risks, and any threat that emanates from their operation, ownership, and adoption of information technology within an organization (Calder and Watkins, 2010). An efficient method of protecting the Information Technology system of an organization is through the creation of an offsite back up data system. This system is efficient and effective in protecting data of an organization in case it gets lost through power failure, virus attack, or through unauthorized entry. The use of the internet makes the computer system of a business organization to be vulnerable to virus and malware attacks (Vacca, 2014). Viruses such as the Trojan horse can sneak into the computer system of an organization and make it virtually impossible for the organization to access or restore its important data. Creating an offsite data system, together with an anti-virus will enable the company to recover its data, in case of an attack by a virus or malware (Vacca, 2014). An offsite back up data system also enables the organization to recover any sensitive information or data it has lost, because of an-authorized entry into its computer or IT system or network. However weakness of an offsite data backup system is that it cannot protect the computer network from any an-authorized entry. It will only help in recovering lost data (Harrington, 2005). People can steal sensitive information stored in the computer system of a company. This information might include credit card information, bank statements, business plans, etc. It is important for a company to develop its computer system, in a manner that these people might not gain entry. This is through coming up with a computer password system (Oppliger, 2000). Creation of a security solution for a company is not easy task, and depends on the needs and vulnerability of the company. An IT official will begin by verifying and analyzing the possible threats and vulnerabilities of the organizations computer systems (Vladimirov, Gavrilenko and Michajlowski, 2010). Once the review is complete, the assessment team will provide a plan, developed to tackle the vulnerabilities of computer system within the organization (Vacca, 2014). One security measure that an organization needs to develop or implement is the creation of firewalls. Firewalls are security applications that have the capability of attaching to a network, and acting as a protective shield of the computer system. This is because it protects the computer system from an attack by viruses, malwares, or un-authorized entry (Bradley and Carvey, 2006). The use of internet browsing and safe E Mailing is also an important aspect that a company needs to consider. If the employees of a company are constantly involved in sending emails, and browsing the internet, then it is important to install computer virus, and internet security systems. This includes software’s such as Norton, Kasperkys, Avast, etc (Swanson, 2005). With the installation of such kind of soft ware systems, it is possible for the company monitor the content of any outward or incoming mails, and the various websites visited by its staff. This would ensure that the computer system of the company is not vulnerable to an attack of malwares, spywares, viruses, or any other malicious substances that can destroy the computer system of the company (Phoha, 2002). It is possible for the company to control the kind of websites an individual visits. For example, the creation of these security systems can help the organization block face book pages or other social networking sites. This is for purposes of ensuring that its employees concentrate on their jobs, instead of spending time browsing the internet for their personal affairs (Phoha, 2002). This helps in ensuring that the company under consideration achieves maximum input from their employees, hence improving the efficiency of their services. Furthermore, these security systems have the capability of protecting the company computer system from future or unknown attacks. This is because they keep on updating themselves, for purposes of gaining the capability of fighting emerging threats (Phoha, 2002). Most banking organizations have an advanced security computer system, because of the sensitive information they keep, and in a bid to protect the money of their customers. They have developed the safe sights system, which is a series of strong anti-virus systems and internet security programs aimed at protecting the computer of the company from un-authorized entry, and an attack by viruses, and malwares (Thomas and Essaaidi, 2006). Other security measures that the banks use include the password authentication system. This is a system whereby the internet banking system would require a user to give out his or her unique passwords, in order to access the system (Calder and Watkins, 2010). This is not an efficient method of protecting banking data. This is because of the emergence of computer hackers, who have the capability of hacking into the computer system of the banking organization. On this basis, the banks have developed a security system, referred to as the Pin/Tan system. The Pin is a password, while the Tan is a onetime password sent to authenticate any transaction (Swanson, 2005). The Tan constantly changes with each and every transaction an individual undertakes. It is therefore an efficient method of protecting computer data of any financial institution. The automated teller machines are also vulnerable to attacks, and the use of ATM cards with special features that can help protect against fraud (Swanson, 2005). In conclusion, protecting the internet and computer system of an organization is essential for the survival of the organization. This is because the computer system contains so much information of the company. The company uses the IT department of an organization to communicate and transact its various businesses. The most common method of protecting the computer system of a company is the use of fire walls, and antivirus systems. These are software’s developed with the intention of protecting the computer system of the company from an-authorized entry, and against various viruses. Computer hardware’s are also vulnerable to attacks, hence the company should also develop a system to protect them from such attacks. References: Bradley, T., & Carvey, H. A. (2006). Essential computer security everyones guide to e-mail, internet, and wireless security. Rockland, MA: Syngress Pub.. Calder, A., & Watkins, S. G. (2010). Information security risk management for ISO27001/ISO27002. Cambridgeshire: IT Governance Pub.. Harrington, J. L. (2005). Network security a practical approach. Amsterdam: Elsevier :. Oppliger, R. (2000). Security technologies for the World Wide Web. Boston, MA: Artech House. Phoha, V. V. (2002). Internet security dictionary. New York: Springer. Swanson, M. (2005). Guide for information security program assessments and system reporting form (Initial public draft, Rev. 1. ed.). Gaithersburg, MD: U.S. Dept. of Commerce, Technology Administration, National Institute of Standards and Technology :. Thomas, J. P., & Essaaidi, M. (2006). Information assurance and computer security. Amsterdam: IOS Press. Vacca, J. R. (2014). Network and system security. Amsterdam: Syngress. Vladimirov, A. A., Gavrilenko, K. V., & Michajlowski, A. A. (2010). Assessing information security strategies, tactics, logic and framework. Ely: IT Governance Pub.. Read More