How Is Information Made Secure and Why Is This Necessary - Literature review Example

Information Security Student’s name: Institution: Instructor: Subject: Information Security Content Summary 3 Justification 3 Introduction 4 Importance of information security 5 Power, policy and position 5 Internal dangers 6 System administrators 6 Effective security configuration 6 Maintain software 7 Detect Security Breaches 7 Respond Intelligently 8 Independent security evaluations 9 Conclusion 9 Recommendation 10 References 11 Summary Information security has very important role on the role of privacy of the data (Brain, 2009). The field of the Information security has developed over years to now where we have many ways of securing data. Specialized means of ensuring that data is secure include use of databases, securing the applications and aligning the infrastructures so that they give the best results. Most breaches of security of information arises from lack of effective security configuration, inefficient or lack of system administrators, lack of clear policies and positions by organizations on securing their information. More so many firms do not have clear mechanisms to detect security breaches and clear ways of responding to those breaches. Organizations should aim to ensure that the data they deal with is secure for their own benefit and to the people or customers to whom they have been entrusted responsibilities by. Justification Financial institutions, government, corporations, military and business need a great deal in putting the putting in confidence information concerning the customers, employees, products, financial status and their research. There have again risen more information collection, processing and storage means, most advanced one being using computers and networks. It is therefore important to ensure that the integrity, confidentiality and availability of the data to the concerned parties are maintained throughout. Introduction Information security refers to protecting information and the systems of information from being accesses by the sources which are not authorized disclosure, use, disruption, inspection, perusal, modification, destruction or recording (Pauline, Julie, & Martin , 2003).For the information to be secure, it should be accessible to only those people who are authorized to have access to it. It should also be able to safeguard the completeness and the accuracy of this information and the methods used to process it, therefore maintaining its integrity. Furthermore, only authorized users should be able to access this information and the assets that are associated with it. Information security is achieved by putting in place sets of controls that ensures that the specific objectives of the security are met within the organization (Jean, 2002). Information systems involving areas like e-commerce is very important because it key to the development strategy of the market. In this area, consumers have expressed concerns over the safety and the privacy of the data. The companies with strong information security gain trust from the customers therefore putting focus in increasing their market shares (Sylvia, Larry, & Romulo, 2006). Information and data security is loss avoidance in business today where good security becomes a competitive advantage which would contribute directly to the revenue figures. This report paper seeks to determine how information is made secure and why information security is necessary. Importance of information security The main reasons we give a lot of care on the information systems is that there are some of the information we need to protect from unauthorized disclosure for competitive or legal reasons. All the information we refer to and store should be protected against deliberate or accidental modification and should be available in time as we require them to be. Pauline, Julie, & Martin (2003) observe that it is also important to put in place and maintain correct attribution of the information documents we have created, sent or received. Lastly, if poor security practices are allowed to damage the information systems, this might result to civil or criminal legal proceedings. Furthermore, negligence of information systems may lead to third parties being harmed when they get distorted information which would lead to more severe legal problems. Power, policy and position Policies are the expressions on the organization values. Relegating those involved with bleaching of the Information security will make the employees or people taking role in information act responsibly. Situations arises where information security is an afterthought where someone assigned to manage the security does lack defined responsibilities or has limited authorities or cannot serve alone (Brain, 2009). It is important that organizations recognize that information systems security is very important. Making the Chief Information Security Officer to report to head of the information technology in an organization would create conflict of interest. Rather, he or she should report to senior management like the CEO. Internal dangers Some damages caused to the information systems come from the authorized workers and personnel that are either incompetent or untrained. Some survey reports that about computer crimes that are linked to the people who are in charge of the information system. The management of any organization that is concerned with this kind of information should establish mechanism to counter such dangers. The Information system should be able to address these kinds of situations by ensuring that event the authorized people to not have total control over it. System administrators Establishing sound security architecture of information security greatly improves the security of information. System administrators fulfil the professional and legal obligation of supporting the technical staff on the basic hygiene of the system (Robert, Kenneth, & Scott, 2002). They ensure that the system is up to the date in terms of security software and help in establishing an emergency response mechanism in case of bleaching of the security. With this, the organization could intelligently respond to any accidental attacks and employ mechanism to investigate the evaluation services or the security assessment. Effective security configuration If the Information system we are dealing with has linkage to the internet security measures to counter anything that might cause the information to be insecure should be employed (Kabay, 2002). In this case properly configured firewall that implements the security policies for governing access to the corporate data should be employed. A firewall is the device used to filter the packets that comes or goes via the internet therefore allowing the control over the kind of information or commands that can be carried out to the corporate system by the remote users. If the firewalls are not properly configured, many people who are using the internet would gain access to the information meaning the information would be poorly protected. Another major problem in the design of the network is that no internal barriers are employed concerning the access of the information. Its is therefore critical that firewall are placed in strategic positions of the organization so as to reduce the violation of the policies concerning the security. This will reduce the damages that can be caused if the external firewalls are breached. Maintain software A major problem is faced by the information systems when software are not kept up to the date. Kabay (2002) observes that by ensuring the system administrators have all the resources they need to maintain the system and further update them on regular bases based on the changing situations, the systems shall always be secure. The system managers should subscribe to the alert services and computer emergency response teams and also be able to implement the security patches as often as possible. Most criminal hackers make takes the advantage of vulnerabilities; failing to heed warning and failure to regularly update and maintain the security system. Detect Security Breaches Among the major changes in security paradigm in the recent years is the realization that it is hard to achieve perfect security. According to Kabay (2002), some of the problems making it hard to achieve total security include the authorized personnel making mistakes therefore having some occasions as a result of revenge or dishonesty. For this reason, it is very important to be able to detect the breaches and be ready to respond in an intelligent way to them. The least kind of response to detect the problems is by audit trail or examining the log files. Another better tool that can complement audit trail is the modern intrusion of the detection system. This software is good tools that are able to detect any unusual pattern in the use of the system. Depending on how sensitive they are, they can be able to flag any unusual behavior by anyone working within the organization. It is also possible to spot intruders by detecting the attacks in the profile. This kind of software could be programmed to inform or alert system administrators of the potential problem by using a number of tools like pagers, e-mail, alarms or even telephone calls. Respond Intelligently It is important that whenever we detect a problem in bleach of information security we respond to it. An internal computer emergency response team should be put in place before there is a need that directly relate to it. In case of emergency, the team would have already set up means through which they would counter it (Olive &Jack, 2005). This team should include legal staff that have knowledge in damaging of law evidence, and the law enforcement that is required to effectively prosecute the malefactors. The emergency response should be able to involve beyond the technical battening, electronic hatches. The organization should be prepared to lies with the law enforcement authority and have a well organized relationship with the public to plan to keep stockholders, employees and the public accurately informed on the events whenever conditions allows such disclosure (Jean, 2002). Organizations should also think of ways to entrap attacks from outside in simulated areas that have sensitive information. This will enable the law enforcement experts to have more time to locate any intruder and be able to plan in advance for their arrest. These plans should be tested many times and ensured that they work well before they are used. Independent security evaluations Olive & Jack (2005) observe that most organization recognizes the benefits of using formal methodologies and guidelines in establishing the security policies. Some groups have developed policies yet being unable to devote enough time to maintain these policies. Some information technology staffs may lack the expertise in the information security and sometimes the upper management fails to give them the appropriate support measures to enable them protect the corporate information assets (Kabay, 2002). In these cases and external organization like professional associations, consultants and certifying authorities could serve a very useful purpose in altering the corporate culture and be able to make security experts to work to the best interest of the organization. Conclusion People working and living within a corporate should understand that security of the information does not come by buying gadgets and installing them no matter how good they may seem to be (Jean, 2002). Information security is a process and need to be woven in the corporate culture of any organization with the appropriate attention to the changing landscape and the advantage of the market. It should be able to address the issues of vulnerabilities, threats, market advantage and the risk of damage. Appropriate measures should be put in place to address violations of the policies and the misuse of information so that those found guilt. Recommendation i. The information resources should be available to the appropriate people which in the best ways through the hardware, the network, the software, the infrastructure, the facilities and any other such resources that does support the learning, teaching, research and the administration roles that have been authorized and designated. ii. The information that is used for learning, teaching, administration or research should be safeguarded so that they can be trusted so that they correctly reflect the reality which they represent. iii. The information should be confidential so that only the authorized persons can use it for authorized purposes. iv. It should be able to support the academic pursuits meaning that the requirement to ensure that the information is secure must go hand on hand with the need to support those who want to use it for legitimate academic objectives. v. The access of the information should be such that it promotes the value of that information through appropriate use. The value of information may reduce through misinterpretation, misuse and other unnecessary restrictions to its access. References Brain, B (2009). Information Security: Why secure information? Manila: Cardinal Book Store Jean, N. (2002). Data Integrity: How data is distorted, 3-12. Kabay,E. (2002)What’s Important for Information Security: A manager’s Guide, 5-20. Olive S. C., &Jack, J. (2005). Guide to NIST Information Security document, Security of Information in IT, 5 (24), 1-13. Pauline, C., Julie, D., & Martin, R. (2003). Corporate Information Security, Best practices in Metrics team, 3 (1), 3-10. Robert, F., Kenneth, I., & Scott, C. (2002). New Challenges, New strategies, Security in New information Age, 7 (3), 41-50. Sylvia, C., Larry, D., & Romulo, R. (2006). Information Security in Fedel Agencies, Computer Information Security, 4 (1), 5-10. Read More