Information Security Contemporary Issues - Literature review Example

Information security contemporary issues Name: Institution: Date: Information security contemporary issues Introduction The aim of this project is to look at contemporary issues in information security with the purpose of discussing threats and developments that have been witnessed in information security. The report dwells in the technology industry and covers literature review concerning the topic, narrows down on government sector as a case study, and offers recommendations on how the government can address the issue of information security. Information security is the protection of information systems and information against modification, unauthorized access, whether in transit, processing, or storage, and against service denial to users who are authorized. Information security comprises of those measures which are required to document, detect, and counter such threats (Rössler, 2005). It is made up of communications and computer security. Information security can also be defined simply as the safe-guarding of data in organization from unauthorized modification or access so as to ensure its availability. Information in an organization has to be protected from destruction and disruption. The terms information insurance, computer security, and information security are often applied interchangeably. Literature review: the fundamental security and privacy Information security professionals have to understand the legal and ethical responsibilities of an organization. Information security professionals are very crucial in the approach of the organization to managing liability for security and privacy risks. In the modern world that is litigious, laws are duly enforced in civil courts whereby huge damages have been awarded to plaintiffs who bring law suits against firms or organizations. These damages are punitive and widely viewed as deterrent. To reduce risks and minimize liability from physical and electronic threats, and avoid losses from law suits, information security practitioners have the responsibility of thoroughly understanding the prevailing legal environment, be up to date in regard to laws and regulations, and be alert concerning news and emerging issues (Bennett & Raab, 2006). Through education to the employees and management of an organization on their ethical and legal obligations and the proper application of information security and information technology, security professionals can assist in keeping the organization focus on its objectives. Generally people chose to trade some elements of personal freedom for the course of social order. The rules that are created to strike a balance between the rights of the individual to self determination and the needs of the entire society are referred to as laws. Laws prohibit or mandate certain behavior and they are derived from ethics. Laws are important when it comes to information security. Boundaries are drawn to indicate the accessibility of certain private or confidential information (Bidgoli, 2006). The same accessibility and speed that results in the remarkable benefits of the computer era can, if not controlled properly, allow organizations and organizations to interfere with computer operations or inexpensively eavesdrop from remote locations for malicious or mischievous purposes, including sabotage or fraud. Technologies’ ubiquity such as searchable on-line data repositories and wireless communication has resulted into new challenges as far as protection of information and data sources’ privacy is concerned. There is urgent need to come up with new models of confronting these challenges. Enormous effort has been dedicated to these issues in recent years, and a significant activity has been fundamental limits on information privacy and security that assist in guiding the development of new ways for securing wireless networks and making sure that the privacy of online data sources is protected. Information security has steadily grown over the years and turn out to be very important in the modern times. More professions have been created in the area of information security (Acquisti & Grossklags, 2005). Some of these specialty areas include information systems auditing, security testing, network, application, security and database, digital forensic science, and business continuity planning. Data and programs protection can be secured by the use of digital certificates and passwords for users who are authorized. Nevertheless, passwords have the role of validating a correct number or key has been entered, but not if the actual authorized individual. Biometric techniques and digital certificates offer a method that is more secure. Following the authentication of the user, sensitive data can be duly encrypted in order to prevent eavesdropping. Regardless of measures to authenticate users, it is challenging to determine whether the authorized employee is engaging in malicious activity. A person may possess a valid access to a certain account for updating, but knowing whether phony numbers are being keyed in is a big challenge (Gifford, 2009). The basic principle is that effective security measures should always strike a balance between personnel management and technology. Most of information is processed, collected, and stored on computers and eventually transmitted across networks to other destinations. If the information finds its way in the wrong hands it can results into identity theft, law suits, loss of business, or even business bankruptcy. Protection of information as assets underpins profitability and viability of all enterprises and public sector organizations’ effectiveness. It does not have to be left to chance. Information is an important asset to the organization. Appropriate set of controls have to be put in place in order to achieve its security. These are processes, policies, organizational structures, procedures, and functions of helper tools. Every company has to protect is assets from damage or misuse. Regardless of the type of the company, information has to be protected. Business can be lost through loss of information. By all means information has to be protected from intruders and malicious users. The competitive advantage of the company is weakened when information about the company licks to competitors. The world is drastically becoming an environment that is interconnected (Fitzgerald, 2012). This occasions increased trends of exposure of information to large audience which escalates vulnerabilities and threats. Consequently proper measures have to be taken to protect information so that it remains an asset to the organization. Information that is shared indiscriminately ceases to have the competitive advantage aspect which puts the organization ahead of its competitor. All organizations regardless of the size store and collect huge volumes of information that is confidential and therefore has to be protected. The information may relate to customers, research, employees, financial operations or products. Standards, policies, guidelines have to be created and tools employed in order to protect information. The tools include software and hardware designed to protect information. Turnstile gates, locked drawers, surveillance cameras, card readers, firewalls, and network IDs are some of the technological tools that can be applied in information security. Information Security and privacy for government sector Governments anywhere have the responsibility of addressing cyber-security in order to mitigate the possible threat of disruption of government operations and commerce for the goal of enabling sustainable economic growth. In the recent years, following the terror attacks of September 2001, governments have widely deliberated on whether, and to what level, their security and intelligence agencies should exchange information and what controls or conditions they should impose on such transfers. Cyber-culture is growing at a rapid speed as compared to cyber-security owing to the accelerated advancement of internet-enabled machinery and devices, and consequently everything that relies on cyberspace is at risk (Bidgoli, 2006). Intellectual property, private data, cyber structure, even national and military security can all in one way or another be compromised through deliberate attacks, security lapses that are inadvertent, and the vulnerabilities of a relatively unregulated, immature global internet. The recent global financial crisis has occasioned economic inequality that has resulted into frustrated employees engaging into cyber-wrongdoing. Federal agencies are faced with a set emerging cyber-security threats which occasion changing sources of attack, new modes of covert compromise, intricate social engineering techniques created to trick the unsuspecting user into giving out sensitive information, and confusing once distinct attack into more damaging and complex exploits. Advancement in ant-spam measures has resulted into spammers coming with sophisticated techniques to bypass detection; the sophistication and frequency of phishing attacks have likewise escalated, and spyware has become difficult to remove or detect. Risks faced by agencies are significant and various measures have been put in place to try and counter possible threats. Security codes, cyber surveillance, voice recognition, and digital certificates are used to ensure that unauthorized access to sensitive information is not allowed. The government has the responsibility of protecting itself and its citizens from any malicious activity that may put its integrity and the lives of its citizens at risk (Whitman, Townsend & Hendrickson, 1999). Biometric components for security information have to be used carefully to avoid compromising transmission of information. Information on transit has more risk of being intercepted by fraudsters and being used to con unsuspecting victims. The government works with other governments with the goal of exchanging crucial information that will enhance security of its citizens. Conclusions and recommendations Cybercrimes and increased threats to information security and privacy have made governments to step up measures to increase confidentiality, privacy, and integrity of information. The government has to expand the challenge functions and oversight within cross-border intelligence. There is need for increased surveillance and monitoring of any avenues that terrorists and other threats can use to plan their events meant to compromise information that may heart the government. Information the military and national security has to be kept security so that enemies do not use it to bypass security checks and therefore exposing the lives of citizens to risk. Information security has to be emphasized in every department of the government. No government agency should be seen as compromising on information security (Bejtlich, 2004). From time to time, security measures have to be reviewed and updated to counter advancement in methods used by spammers and other intruders to get access to important information. Policy enforcement should include personal responsibility of being vigilant and willing to assist in securing information. Employees who use their positions to compromise confidentiality, privacy, and integrity of information have to be punished severely. The government stands to lose a lot if security of information is compromised. Measures have to be taken to ensure that such an incident has a minimal chance of ever occurring. The foundations for protections have to be reinforced while respecting the freedoms and rights online. Technologies are ever evolving and intruders are finding new ways of circumventing information security measures put in place to protect sensitive information. The government has a role of ensuring that its employees are sensitized on the importance of maintaining information integrity, confidentiality, and privacy (Gifford, 2009). The importance of information security has to be emphasized to everyone. Sensitive information has to be kept secret and government agencies in charge that policies are enforced to ensure only authorized users can reach it. Information security personnel have to be employed and further trained to be fully equipped in securing government information. Trust and honest has to exist in order to ensure that information security do not unscrupulously share information that will risk the national security of a country. The information security personnel have to be paid very well so that they are not driven with greed to exchange information for extra money. National intelligence security agencies have to very vigilant and ensure everything is done to protect government information. The possibility of imminent terror attacks have to give the government impetus in the sealing of any possible loophole that can cause information licks. References Acquisti, A. & Grossklags, J. (2005). Privacy and Rationality in Decision Making, IEEE Security and Privacy, 3(1): 26–33. Bennett, C. J. & Raab, C. D. (2006). The Governance of Privacy: Policy Instruments in Global Perspective. MIT Press, Cambridge. Bejtlich, R. (2004). The Tao of Network Security Monitoring: Beyond Intrusion Detection. London: AddisonWesley. Bidgoli, H. (2006). Handbook of Information Security, Key Concepts, Infrastructure, Standards, and Protocols, New York: John Wiley and Sons. Gifford, N. (2009). Information Security: Managing the Legal Risks, Sydney: CCH Australia Limited Fitzgerald, T. (2012). Information Security Governance Simplified: From the Boardroom to the Keyboard, Melbourne: CRC Press. Rössler, B. (2005).The Value of Privacy. Polity: Cambridge. Whitman, M.E., Townsend, A.M., & Hendrickson, A.R. (1999). Cross National Differences in Computer-Use Ethics: A Nine Country Study, The Journal of International Business Studies, 30 (4): 673–687. Read More