Importance of Information Security and Privacy - Essay Example

Information Security and Privacy/Legal Concerns Introduction Networks are built in order to allow users to share, however it also allows other users the possibility to obtain information and other data that are not meant for them. This is becoming a bigger problem as organizations connect their private networks onto the internet. Despite the security problems the internet posses, businesses need to be connected to be able to compete as the use f the internet offer many advantages such as internet mail, file transfers and homepages for business. As organizations need to be connected to the internet, protection and security is required to prevent unauthorised users from accessing resources on an organizations private network and to secure data transmission over the internet. Although there are several methods to prevent unauthorised access; users occasionally are able to get through the security systems, and it is therefore essential for organizations to also be capable f detecting intruders. Importance f security Before beginning to discuss how networks can be secured to improve the prevention f intruders, the reason why it is important to prevent intruders will be pointed out to help understand why network security is vital for many businesses. As organizations around the world rely heavily on computers for all their information storage and processing, unprotected computers and networks can be an easy means for anyone to obtain this information. Also as organizations become increasingly dependent on computers and networks to run the business any damage can cause numerous problems for a business with possible costs within the millions. (Fitzgerald 1-7) These costs are caused by the inability to use computers therefore affecting productivity and sometimes causing the complete inability to run the business. As computer systems assist heavily in running businesses and store many f the organizations private data it is easy to see why organizations need to secure their computer systems or it will cost them. Preventing unauthorised access In order to prevent intruders from causing damage, the organizations networks need to be secured. There are several preventive controls that can be implemented to help prevent unauthorized access. It might seem that if companies do not connect their networks to the internet there will be no security problems. Therefore meaning security is needed on networks even if it is not connected to the internet. Two main types f security can be used here; passwords and physical security. (Fitzgerald 1-7) Passwords is a relatively easy and cheap form f security that can be implemented on a network, it also provides a good level f security as long as passwords are well kept by employees. With the use f passwords network managers can monitor the use f the network by its users by being able to see who logs in and where their logged in to, as well as what they have done. With more advanced technology network managers can also detect when and where there is an intruder and what the intruder has done. Fundamentally passwords will keep those who are not authorised away from restricted sections f the network, ultimately sustaining an adequate level f security. Physical security is basically using physical means to prevent certain employees from using certain sections or computers on the network. This may include computers being kept in secure rooms with key card or identification security. As organizations connect their networks to the internet, the risk f intruders rises dramatically as there are millions f users online; it also allows users from any part f the world to access your private network. This security issue is heightened as users within the network begin to access areas f the internet that are less secure. The most commonly used method to help prevent intruders and improve the security f the network when connected to the internet is the use f internet firewalls. Basically a firewall is capable f preventing intruders by determining what can and cannot be accessed by outsiders and those within the network. The firewall determines what services within the network can be accessed by others, and which outsiders are permitted to access inside services. It also is able to provide increased security and help regulate what employees do on the internet by determining what services the employees within the network can access on the internet. For a firewall to be effective, all f the traffic going in and out f the network and the internet must pass through the firewall so that it can be inspected and then only allowing authorised traffic to pass. A firewall offers great benefits to a company at a relatively cheap cost if you were to compare the potential damage an intruder can cause; this can be seen from the examples given above from InformationWeek and the bank f America. (Lazarus 21-25) Another advantage f using firewalls is that it is relatively cheap. However it can become expensive depending on the complexity and the number f systems required protecting. However more complex firewalls are used for larger businesses such as banks, and here the damage caused for not having a firewall can be enormous making the cost f the firewall somewhat acceptable. The price f a commercial firewall can be from anywhere between U.S$ 4000 and $ 30,000. These costs do not include the required ongoing support and maintenance f a firewall. As with most things, firewalls have its limitations. A firewall simply regulates activity between the internet and the network and therefore cannot detect and prevent security breaches from within the network. Industrial espionage and other forms f information gathering within the network cannot be prevented by the use f a firewall; this includes employees or guest users within the network deliberately trying to disrupt the functions f the organisations computer systems. Firewalls also do not provide enough protection against viruses; virus-infected files can be transferred into a network without notice which can cause many problems. Therefore a firewall should not be the sole use for protecting against intruders, but should be used along other forms f network security to provide a more secured network. (Anderson 1-10) With an increasing amount f personal and business transactions occurring on the internet, the use f cryptography is essential to ensure privacy. With out encrypting data that is to be sent through the internet people can easily gain access to the personal data and also manipulate the intercepted data which can be disastrous from either a personal, business or national perspective. (Lee Parker 12-15) Encryption is essentially the conversion f data into a form that cannot be easily understood by unauthorised people. This is fundamental for many organizations that wish to send data on the internet. A bank for example will need to encrypt the data it needs to send to another bank for maybe the cashing f a business check. If the bank was to never encrypt the data, people can intercept the message and gain private information that could ultimately cost the bank a lot f money. However, once the data is encrypted it will then need to be decrypted once it has reached the targeted bank. This must be done so that the receiver can understand the data that has been sent. With out going into to much detail how the entire process works, cryptography can only be done when there is a specific key or rule that allows data to be encrypted and decrypted properly. On computers this is mostly an algorithm that is capable f decrypting an encrypted algorithm. Therefore if only the sender and intended receiver have this key, unauthorised access to data is very unlikely. The problem here is that, if given enough time other computers can be used to break the cipher. Major businesses and national organizations use very complex encryption algorithms to ensure that the data will not be intercepted and if it is that it would be very hard to break. However more complex algorithms become more expensive to use. Encryption and Decryption is especially important nowadays as the use f wireless communications is taking off. Encryption should defiantly be used weather you are using wireless communications or not, some people are easily willing to gain access to sensitive information and transactions that you do on the internet, specifically with credit-card purchases. Conclusion Preventing unauthorised access to company information and computer networks is a vital part for any business, especially as businesses around the world rely heavily on computers. Computer hacking, industrial espionage and spies exit, and that is simply something businesses must deal with, and the risks f intruders increases as businesses become connected to the internet, connect to the internet constantly and as they begin to move into wireless communications. It is no longer an issue for managers to decide if security is needed, the issue is how much security is needed and what type f security is needed for their business and those that do not decide to secure their networks and information can face costs in the millions. The common security methods have been outlined and discussed; this includes the use f passwords, physical security, firewalls and cryptography. Firewalls should be used as it acts as a gateway for networks connected to the internet and cryptography is a must in ensuring that the data is not intercepted and manipulated with. These forms f security controls offer protection but as most things are limited, although a lot f the limitations can be fixed it comes at a higher price. Ultimately security is a must, and those who are reluctant to increase security measures due to high cost will eventually pay the price when security is breached, and as businesses become more dependent on computers and the internet a 24 hour collapse costing US $50 million will no longer seem extraordinary. Works Cited Anderson, R. (2001) Security Engineering: A Comprehensive Guide to Building Dependable Distributed Systems' Wiley, 2001 Fitzgerald, G. (2002), Information System Development: Methodologies, Techniques, and Tools, McGraw-Hill Lazarus, David., (2006) Where is the security for our personal data San Francisco Chronicle (CA), Lee Parker, Vicki., (2006) Banks increase computer controls: What's going on with data security. News & Observer, The (Raleigh, NC), Read More