Fundamentals of Information Systems Security - Term Paper Example

INFORMATION SECURITIES + Submitted Information Securities Information security aims at protecting information from unbiased or unauthorized use, it also protects information from being dislocated or used in a manner that will make it accessible to an authorized user. Information security is divided into two a) Computer security –it is also referred to information technology (IT) security. This is where technology is protected from crime such as unauthorized use. Technology in this context means many businesses require computer security therefore many IT specialists are located almost everywhere due to the growing need of computer security. Cyber attacks are rampant nowadays therefore the IT specialists are required to keep this information as protected as possible as the crimes may breach critical information especially in the government or private sectors (Kanade & Dorizi 2012, 21). b) Information assurance- disasters such as earthquakes, flooding, fire, computer server malfunction, theft of any part of the computer structure such as the CPU are prone to occurring. This creates the need to protect such data. Information assurance ensures that these data is not lost and can be retrieved anytime such vulgarizes occur. It specialists also handle these cases as most information is contained in the computers. A back up system ensures information assurance. In much chain business, military centers, government centers or institutions information is stored in one system that transmits it to other systems connected to it through a network system. Incase something happens to the mother system the information may be at risk of being lost and major losses or leak of critical information may be leaked and used against the organization/institution or may even ruin a reputable name. This therefore calls for information security across connected network to protect information from being hacked. History of Information Security Julius Caesar has been accredited to the invention of information security as he came up with techniques that could ensure internal information was not leaked to unwanted person. Procedural handling controls were put in place where he marked sensitive information and used codes to represent the information he wanted to pass. Trusted people who were guarded by heavy security then transported it. Later there was the invention of post offices in many countries where critical information could be sent via the post office. It became a more trusted way to send letters and parcels that contained vital information by government and private individuals. In 1889, the Parliament of the United Kingdom passed an act of legislature to thwart the revelation of official documents and information and created offences for disclosure of information (the official secrets act 18899(52 and 53 vict.c. 52). This was done to manage information according to its sensitivity. Data that are more sensitive had a more secure way of handling it. A multi-tier system of classification was used to rely vital information during the First World War. Coded information was used for communication from different fronts to know the progress of the war or the actions to be taken. Use of encoded information was now more sophisticated as machines were now used to scramble and unscrambled the coded information. There was then evolvement of esoteric range of markings. This indicated who could handle the information, where they could be stored, who could store them and the procedure of releasing the information. Destruction of information was also not to be done haphazardly, there was a procedure on how it was to be done and who was to do it. 21st century saw the rise of electronic systems of information and telecommunications. Electronic data was used in businesses where internet connected data between computers. The growth of electronic system came with growth of internet crime. This with other factors such as use of internet to plan activities such as robberies, terrorism etc led to the need of coming up with a system or a way to protect vital information stored in the electronic systems. Therefore use of information security came to rise and information technology specialists handle this work. The core principles of information securities are confidentiality, integrity and availability. The Importance of Information Security Businesses, institutions such as schools and banking, governments, private organizations and military store crucial information such as information about employees, salary information, business plans, financial results, among other vital information. This data is kept in the computer system and uses internet to convey it. Internet hacking has been very rampant and vital information has been lost in this way. Unauthorized access of information has also been experienced and this has led to collapse of firms (Avoine & Junod 2007, 01). In the case of Plunder properties a Confidential, available and integrity-centered security system is required. The Information security will be used in a. Protecting information- information from Plunder properties to connected networks of daughter companies such as Plunder padz, Beatle towers, Gentrify projects and the upcoming block in Manchester will require good form of information which requires to be protected. b. Protecting information breach – this occurs where information is not well protected and therefore compromised. This can lead to loss of vital information that was stored in the system or alteration of the information to suite the compromiser’s target. E.g. one can alternate a security file to get away with a crime or a banking file to escape to repay a loan or a revenue authority file to escape the taxman. This can occur in Plunder properties and freeze the operations and investment of the company and a lot of people can lose employment c. To improve efficiency- a department’s productivity can improve by ensuring a strong backup system. This can be done by using a backup system to store vital information and the backup system to be located in a secure place, local software and desktops to be stored with a strong antivirus, ensuring there are secure procedures to be followed and are strictly observed. CASE STUDY INFORMATION SECURITY BREACH TJX CLOTHING COMPANY Nearly 500,000 records that contained names of customers, licenses of drivers, and social security were compromised. Credit and debit cards, which were over 45 million, were also lost. This occurred due to breach of the protection of the wireless network that was used by the company. This exposed all the information that was stored and enabled it to be accessed and cause damages of over $100s of millions (Chakrabarti 2008, 98). Good Practices in Information Security Best practices in information security are vital in ensuring that data is not lost. These practices include; Policies should be created to ensure that protection of information is upheld with great integrity, confidentiality and availability. Staff should only access information that they require in the smooth running of their departments and role. More staffs should also be employed to back up this staff incase of a gap in any of the staff. A trusted IT administrator should be employed in every department and should be made liable to breach in information in the department. This will allow accountability in the part of flow of information. This person will be in charge of Backing up critical information Training staff of his department on good use of the IT system Segregation of duties Ensuring a competent primary and a backup personnel Document and log retention Creating an acceptable software Equipment and software removal Access of the systems/file Virus protection Proper design of controls Proper operating procedures Disaster planning and recovery Clear and complete job description DIFFICULTIES OF THE UNITED KINGDOM INFORMATION SYSTEM There are varieties of challenges faced by information technology systems in UK. They include Inside threat-, large organizations fear that their employees may leak data from their organizations. These require companies to know they are giving their information to. Companies need to be sure of the people they give their data to and know the manner in which the data they supply is protected. This calls for procedural, technical and legal views. An example is a former CIA contractor, Edward Snowden who is holed up in Russia and yet continues to leak crucial information. Cyber attacks- efforts are being made in many institutions to reduce cyber crime. This cyber attacks lead to loss of vital information and bring a lot of economic damage. Militaries are under threat of cyber attack that threat military operations and government protection over its citizens. It has become like another world war in government operations and business developments (Whiteman & Mattord 2012, 29). Social cites have also inhibited cyber security- many social sites act as training grounds for cyber crime. The tactics are then developed to work in other IT systems. This lead to data breach fatigue where users of data will not be able to adequately protect themselves from their internet being hacked. Attacks of Distributed denial of service (DDoS) have been rampant in the UK especially in 2013 and are at a risk of increasing. Internet of things increases threat to information security system- this is the interconnection of devices through the internet as shown. These systems are very vulnerable to attacks because of can use one device to create an attack on others. Retrieved from (Wisa, Kim & Lee 2008, 21) MAJOR INFORMATION SECURITY IN UNITED KINGDOM There are a number of legislations made to protect data in UK. These legislations are made by an act of parliament. They include The Data Protection (1998) The data protection principles- it states that “ it shall be the responsibility of a data controller to conform with the data security principles in relation to all personal data with respect to which he is the data controller (Kim & Solomon 2011, 30). Sensitive personal data-“in this act ‘sensitive individual data” means individual data consisting of information as to a. His physical or mental health or condition b. His political opinions c. His spiritual beliefs or other beliefs of a similar nature d. His sexual life e. The charge by him of any offence or f. The racial or tribal origin of the subject g. Whether he is a member of a trade union (within the meaning of a trade union and labor relations (consolidations) act 1992) Any proceedings for any form of offence committed or alleged to have been committed by him, the disposal of such proceedings of the sentence of any court in such proceedings. (Adapted from Data Protection Act 1998) There are also basic information security professional certificates one should have, they include I. The service routing certification program offered by Alcatel-lucent II. CISCO career certifications offered by CISCO systems III. Brocade certification and accreditation IV. Citrix certified administrator program offered by citrix system V. Cyberoam security certifications program offered by cyberoam VI. HP expertONE offered by Hewlett Packard VII. Dell certified systems expert program with associate and masters level offered by Dell VIII. Google apps certification program offered by GOOGLE (NATO Advanced Research Workshop On Complexity And Security 2008, 32) List of References KIM, D., & SOLOMON, M. (2011). Fundamentals of information systems security. Sudbury, MA, Jones & Bartlett Learning. NATO ADVANCED RESEARCH WORKSHOP ON COMPLEXITY AND SECURITY, RAMSDEN, J., & KERVALISHVILI, P. J. (2008). Complexity and security. Amsterdam, Netherlands, IOS Press. WISA 2007, KIM, S., YUNG, M., & LEE, H.-W. (2007). Information security applications: 8th international workshop, WISA 2007, Jeju Island, Korea, August 27-29, 2007 : revised selected papers. Berlin, Springer. Whitman, M. E., & Mattord, H. J. (2012). Principles of information security. Boston, MA: Course Technology. Avoine, G., Junod, P., & Oechslin, P. (2007). Computer system security: Basic concepts and solved exercises. Lausanne: EPFL Press. Chakrabarti, A. (2007). Grid computing security. Berlin: Springer. KANADE, S. G., PETROVSKA-DELACRÉTAZ, D., & DORIZZI, B. (2012). Enhancing information security and privacy by combining biometrics with cryptography. San Rafael, Calif, Morgan & Claypool. Read More