The Growing Importance of Information Security - Coursework Example

Information Security The new developments made in the field of Information Technology have contributed to revolutionary changes in all fields of knowledge and communication. The various services of information technology are widely made use of by national and international security wings, social service agencies, educational departments and corporate business and management sectors. Maintaining the security of information systems has proved to be the greatest challenge for the managements today. Information security in the field of national and international security deserves the primary attention as nations and the international communities, all throughout the world, are threatened by terrorist upheavals and outbreaks. It is sad to note that most of the recent developments in the information technology have accelerated terrorist movements as communication and strategy formation among terrorists is more comfortable and because of the fact that there is considerable amount of lapse in the governmental information security. As pointed out by The Office of Technology Assessment, United States: “The proliferation of microcomputers, continued rapid increase in mainframe computer systems, large percentage of computerized Federal records (e.g., about 80 percent of Privacy Act records are maintained in fully or partially computerized systems), and growing use of electronic data linkages of all sorts, clearly have increased the difficulty and complexity of protecting government information” (Federal Government Information Technology Management.1986, p. 6). Therefore, it is the ultimate duty of governmental agencies to ensure that proper security of information is maintained so as to undertake effective governmental operations against all sorts of terrorist threats. This growing importance of information and communication Technology has made privacy and information security critical issues. Governmental organizations need to develop application solutions and software packages that can withstand any sort of lapse of information security. With the spread of information technology, internet- enabled crimes, identity theft and even hacking of governmental websites have become common place. Known bugs, design flaws, unsecured communication paths and poor programming techniques can affect software used by the governmental organizations and this can in turn result either in the stealing or corruption of data. Therefore, a secure development program should be integrated with all phases of the Organization’s Software Development Life Cycle (SLDC). A series of Access-Related Controls (ALCs) are to be developed and maintained by the concerned authorities with a view to control access to information and data, and keep them secure, protected and confidential. Trustworthy personnel should be put in charge of the development, protection and implementation of governmental policies that frame measures to eradicate terrorism. The Governments need to apply improved software testing methods to guarantee high level of reliability on initial software release so that the quality and integrity of the software can be ensured. In this regard, the steps undertaken by NIST (National Institute of Standards and Technology) to strengthen information security in the Federation government are commendable. The information security work of NIST is carried out in the Information Technology Laboratory (ITL) and it “develops tests, metrics, and guidance for building trust and confidence in the IT systems that are now pervasive in the nation’s economy, its organizational, governmental, scientific and technological infrastructure.” (Wu 2004). Special researches are being conducted by NIST to “identify information security vulnerabilities” and to evaluate “security policies and practices developed for national security systems.” On the other hand, information technology should be used as the best counter terrorism strategy to sort out all sorts of possible information collected by the various governments’ intelligence and counter terrorism agencies. As pointed out by Robert Popp and John Poindexter, “Security and privacy aren’t dichotomous or conflicting concerns—the solution lies in developing and integrating advanced information technologies for counterterrorism along with privacy-protection technologies to safeguard civil liberties.” (Popp and Poindexter 2006). For them, terrorists widely make use of the services of information and communication technology, but it is not that easy to distinguish them from the common public and the only way to detect “terrorists is to look for patterns of activity indicative of terrorist plots based on observations of current plots and past terrorist attacks, including estimates about how terrorists will adapt to avoid detection.” For this, the governmental agencies need to locate detectable clues, collect and analyze them, and resort to “predictive (anticipatory) modeling.” Jody R. Westby believes that the terrorists’ use of information and communication technologies is the key factor for the spread of terrorism worldwide and it can be countered only by ensuring cyber security. For her the major reasons for terrorism are: “difficulties in tracking and tracing cyber communications, (b) the lack of globally-accepted processes and procedures for the investigation of cyber crimes, and (c) inadequate or ineffective information sharing systems between the public and private sectors.” (Westby 2006). Therefore, it is the responsibility of governmental agencies to frame policies for sharing information and “launch a multilateral initiative that complements and builds on existing and functioning mechanisms aimed at advancing global capabilities regarding rapid response on cyber investigations, prosecutions, and information sharing” (Westby 2006). Terrorism Information Centers have a pivotal role to play in the collection, evaluation, analysis of information of terrorist groups and in the formulation of counter strategies. The Memorial Institute for the Prevention of Terrorism suggests to establishing “national contact points in order to facilitate the timely exchange and sharing of information on terrorist groups and activities at the regional, continental and international levels, including the cooperation of States for suppressing the financing of terrorism.” (Information Security/ Technology. 2008). In the same way, The GMP Counter Terrorism Unit ( CTU) was established in England and Wales in 2007 “ to create a national terrorism infrastructure” and “ to tackle the terrorist threat within the Greater Manchester area” (Counter Terrorism Information and Threat Levels. 2008). Measures should be undertaken by the government to find out the real identity of all the people who make use of the services of information technology. For this purpose, there should be provisions to track down personally identifiable or third party data. This personal identification device using advanced information technology can be used for further analysis and the governmental agencies can use its discretionary power to decide whether further investigations are to be made on the data or its source. Building up sound technological safeguards such as “audit and oversight mechanisms to detect and deter abuse” (Popp and Poindexter 2006) is another prerequisite in this regard. As there is to be provisions for information protection, there should be advanced measures to ensure back- up and recovery of the information at any point of time. Proper categorization should be made regarding the sort of restricted as well as sensitive information the lapse of which can destroy national security or integrity. Information Security Offices all throughout the country need to be vigilant and there should be centralized network for the smooth functioning of the system. System administers, System developers and information integrators need to be specially trained to meet the need of the hour, and special and effective researches are to be carried out to trace the source or manner of information lapse as well as for the protection of the same. It is again the responsibility of the Information Security Offices to establish configuration standards and maintenance procedures for the access of Restricted or sensitive information. All the users of information system services should be warned of the threat of on-going daily virus wars and efforts should be made to make sure that anti-virus programmes are kept up to date and are employed whenever necessary. Thus, information security includes variety of factors which the governmental agencies should take into account. Protecting information and information systems from unauthorized access, use, modification, theft or destruction is not only the task of the Information Security system of the Government. On the other hand, The Information Security System of Governments should follow a two way method: protection of confidential governmental information and prevention of terrorists’ access to information and communication technology. As Parker observes: “Information Security requires more than the physical protection of computers. An effective information Security program incorporates a combination of technological and human controls in order to avoid the loss of information, deter accidental or intentional unauthorized activities, prevent unauthorized data access, detect a loss or impending loss, recover after a loss has occurred, and correct system vulnerabilities to prevent the same loss from happening again” (Parker 1984). Thus, every effort is to be made to ensure that no lapse of information is committed by the governmental agencies in the future intentional unauthorized access to information is never provided to the terrorists. Works cited “Counter Terrorism Information and Threat Levels. Information Centre. Greater Manchester Police. 2008. 03 Feb. 2008 . The article, posted on 21/01/2006 by the Information Centre, throws light on the Great Manchester Police’s anti- terrorist steps, to tackle terrorist outbreaks in the Great Manchester area. The article is cited in the work as it provides some valid national counter terrorism strategies. Federal Government Information Technology Management. Security and Congressional Oversight. By Office of Technology Assessment. United States. Dane Publishing Co.1986. 03 Feb. 2008 Published in 1986, the book deals with the new trends in Federal Government Information Technology Management, discusses the major policy issues, and elaborates on the issue of Information System Security with a special reference to the vast amount of computer crimes. The book was found during Google book search and is available at: http://books.google.com/books?hl=en&id=6uFyIHqkDJIC&dq=federal+government+information+technology+management+security+and+congressional+oversight&printsec=frontcover&source=web&ots=PN2pzfJRw-&sig=09aD5BcW6R-2g5kEub5-YpgO-68#PPA1985,M1 Information Security/ Technology. MIPT. Terrorism Information Center. 2008. 03 Feb. 2008 . Published by MIPT, the web page provides a number of reports on Terrorism related information sharing. The cited portion is taken from the abstract of “National Strategy for Information Sharing: Successes and Challenges in Improving Terrorism- Related Information” published by the White House, United States in October 2007. The abstract offers some useful tactics and measures for the protection of information; it also states clearly the multiple purposes for which the Federal, State, Local and tribal Government Organizations can make use of the information collected regarding various terrorist groups. Popp, Robert and Poindexter, John. Countering Terrorism through Information and Privacy Protection Technologies. IEEE Security & Privacy, vol. 4, no. 6. 2006. 03 Feb. 2008 . Written by Popp and John Poindexter, the article offers some highly effective practical guidelines on how to counter terrorism. They consider information and privacy-protection technologies as the twin powerful tools for countering terrorism. The article discusses in detail many counter terrorism frameworks, analyses the early results achieved in the field paying a special attention to the safeguarding of civil liberties. Parker, D.B. The Many Faces of Data Vulnerability. IEEE Spectrum. 1984. Quoted in Protecting Information: Effective Security Controls. Journal article by Marie A. Wright; Review of Business, Vol. 16, 1994. 03 Feb. 2008 . Written by Marie. A. Wright and published in 1994, the journal article emphasizes the need to have effective security controls in order to protect information and thus to ensure information security. The Journal article is available from the Questia Online Library:- Westby, Judy.R. Countering Terrorism with Cyber Security. Paper for the 36th Session World Federation of Scientists International Seminars on Planetary Emergencies. Erice: Italy. 2006. 03 Feb. 2008 . Published in August 2006, Jody R. Westby in the article highlights cyber security as an essential prerequisite for countering terrorism. The author identifies the difficulties in tracking and tracing cyber communication as the major threat to the information security system of the nation. The article unearths the major issues connected with information sharing and offers some possible solutions. Wu, Ben. Information Security in the Federal Government. One Year into the Federal Information Security Management Act. Technology Administration Testimony. 2004. 13 Feb. 2008 Read More