Information Security Risk and the Possible Threats to Information Security - Research Paper Example

 Introduction Information is the processed data that helps managers and other officers in an organization to make decisions (Borchgrave 2001). It is therefore important that it should be handled with care throughout processing and storage. Information security is a very essential necessity in an organization or company. This is accomplished through various technical measures and strategies. In order to come up with viable solutions, it is important to identify the possible threats to the security of information then design the solutions based on the problems and the weaknesses identified (Kairab 2004). Information is treated according to the level of management accorded the authority to amend or process it. Information is considered secure if it reaches the right recipient without being distorted or interfered with in which case it would have served its desired purpose. This essay is an evaluation of the possible threats to information security and the various measures that can be taken to ensure that it is secure. Information security risk is any danger that may lead to the loss or damage of information (Kairab 2004). While determining the course of action to be taken in enhancing and maximizing security, the current activities and performance of the current information systems should be properly scrutinized to identify any loop holes that may make the system vulnerable. Any action or process that can compromise the confidentiality, integrity or the availability of information should be identified as a risk and once highlighted proper measures should be taken immediately to control it (Kairab 2004). These qualities of information should be maintained because they can cause serious damage to the organization’s name and integrity if compromised and as a result scaring away customers and potential investors thus lowering the chances of excelling. Technology has advanced and with the advancement, it has become possible for many organizations to connect to other global networks for example through internet and the World Wide Web (Broder 2006). This means that the information concerning these organizations can be accessed from any place in the whole world. The mode of working has also changed with many companies facilitating telecommuting which involves employees working from remote locations and sending their work directly to the company’s database through the company’s network. Some even have employed people to conduct research activities while in their home countries after which they send the results of their research through the organizations’ websites (Broder 2006). Advertising has also changed with many organizations using their own websites that also facilitate online buying and selling (Northcutt 2005). These have helped in expanding markets and attaining global recognition for these organizations. However, these developments have posed a great challenge to the maintenance of information security. Physical challenges that cause direct harm to the computers also are threats to information and when strategizing on the mechanisms to be used in securing information they should be addressed for not only do they threaten the information but also the assets which are expensive not to mention that they are the easiest to control. Telecommuting is advantageous in that it enables employees to finish their tasks in time by using their free time to complete their assignments. On the other hand, this mode of working poses various threats to the organizations’ computers and information (Fisher 2005). This is because, as these employees upload information from their computers, computer viruses attach themselves to the files being uploaded if their computers are not virus protected. These viruses are deposited in the recipient’s database where they replicate and destroy files that carry information that is important to the organization. This may cost the organization a lot of time and resources trying to recover the lost data and repairing computers that may have crashed due to the virus infections (Harley 2007). As information is being sent to the company’s database, there is a risk of exposure to hackers who break into networks with the intention of stealing information which they use to cause malicious damage to the organizations’ name and integrity. In most cases, many organizations allow these employees to access data bases which contain information that is confidential concerning customers and the company’s financial information. These are details that are very important and should only be accessed by a limited number of people who can be closely monitored. Not all people can be trusted and allowing access to these employees may turn out to be a threat to information security if they get to leak this information to competitors or the press. This lowers the dignity of the organization resulting to loss of customers and investors who prefer those companies that regard information with secrecy and discretion (Patterson 2005). Advertising through the organization’s website is a strategy that has proved to be efficient and profitable. It has enabled quick access to information for those customers who do their shopping online. Every organization is fighting and determined to join and reach the wider market opportunities offered by this technology without knowing that by doing so, 3 they are creating opportunities for rogue programmers. These people either out of curiosity or personal gain create viruses and other malware which they attach to the websites such that once a person visits the web site, he is prompted to perform an action for example to download certain software for free or updates (Borchgrave 2001). They use these websites to disperse their corrupt programs to unsuspecting customers’ computers once they accept these requests. This in turn compromises the good intention with which the website was created. Once the visitors of the site discovers this, he will no longer visit the site and that way the organization loses the chance to spread information to these willing and potential buyers. The mode of information storage is also an important factor in determining the possible risks. Many organizations store their information in databases that are stored in computers. Computers are the best storage facilities because they can store a lot of information which does not experience dilapidation and can be accessed after a long time in its original state. However, they face various physical threats either caused intentionally or through depreciation (Patterson 2005). The management should look into the level of maintenance and conduct frequent inspections to ensure that the machines are free from dust to reduce the rate of depreciation that results to possible loss of data if the machines get destroyed. Constant back up of data should be done to ensure that the files are not lost completely when the machines are out of service. Intentional damage of computers also happens in many organizations to cover activities of fraud. Theft of hardware also happens crippling the operations of the machines. This should be addressed by installing security surveillance equipment and strong doors which should be locked after everyone have left (Patterson 2005). Every computer user should be assigned his/her own computer so that in case of any vandalizing, someone should be answerable. Power generators and uninterruptible power supplies should also be installed to protect the computers from low power voltages and power failure. These equipments ensure that there is a constant power supply reducing the chances of memory loss in the computers leading to loss of information. After identifying the activities performed in the current systems that pose as a threat to information security, the effectiveness of the threat control methods in place should then be analyzed and if they do not offer the desired resistance to the threats, proper mechanisms should be put in place either preventive or corrective, to reduce the occurrence of these risks (Kairab 2004). It is easier to come up with solutions for problems that are already identified through brain storming and structured walk through. It is also necessary to involve all the information users to ensure that they know of the dangers and if they contribute to the threats, they should learn from the knowledge they get from participating in the assessment process and take it upon themselves to ensure that the information is protected. The most common threat to information is computer viruses. These are programs that are created by rogue programmers with the intention of causing harm to computers that get infected. They can be transmitted from one computer to another through various methods that include and not limited to downloading materials from infected sites on the internet and using infected removable storage devices (Harley 2007). The organizations should ensure that all the computers have been installed with antivirus soft wares which should be updated regularly. They should also ensure that all the employees working from their personal computers at home are provided with free antivirus soft wares so that any information they upload to the company’s data base is scanned first for virus infection. The possibility of hackers breaking into the networks should be addressed by ensuring that any data being sent through the network is encrypted. Encryption is the use of secret codes that can only be understood by the sender and receiver of the information. If the information is hacked, it would be hard or impossible for the hacker to decrypt and that way he would not get the contents of the message (Borchgrave 2001). This has been done in the US and it has worked prompting the government to term it as unbreakable. The information should also be password protected so that any person with the intention of gaining unauthorized access to it would be restricted. This would reduce the chances of availing sensitive information to the wrong persons who may be hired to tamper with the information or to destroy the reputation of the organization for personal benefit or scheming competitors. Fire walls and spam protection should be done to check on any suspicious files that may be sent to the organization’s network through emails and avoid giving confidential information to any requests that may come as log in forms (Sherwood 2005). Conclusion Information security is very essential and should be properly maintained and protected. This is because it helps the management to make important decisions regarding the organizations’ operations. If proper protective measures are not taken, the company risks losing valuable information and clients. It could also have its reputation at stake if the information gets into the hands of malicious people could it be hackers, crackers or rogue users who could be hired agents of competitors, press or even current and past employees of the company who may want to undermine the company in terms of market at their corporate gain or personal vendetta. It is therefore important for organizations to conduct frequent risk assessments so that appropriate measures can be taken to protect information. The assessment involves scrutinizing the operations of the current systems and identifying the different information systems. Information which is vulnerable should be classified and the possible threats should be assessed. Control measures in place are measured to determine their effectiveness after which better controls are designed. Decisions made should be cost effective and should be supported by the management. This is because if the cost is too high, then the profit margin would go down where as the main objective of the firm is maximizing profits. References Borchgrave A. (2001). Cyber Threats and Information Security: Meeting the 21st Century Challenge. Center for Strategic & International Studies. Broder J. (2006). Risk Analysis and the Security Survey. Butterworth-Heinemann. Fisher M. (2005). The Distance Manager: A Hands On Guide to Managing Off-Site Employees and Virtual Teams. McGraw-Hill. Harley D. (2007). Avien Malware Defense Guide. Syngress. Kairab S. (2004). A Practical Guide to Security Assessments. Auerbach Publications. Northcutt S. (2005). Inside Network Perimeter Security. Sams. Patterson D. (2005). Implementing Physical Protection Systems Asis International. Sherwood J. (2005). Enterprise Security Architecture. Cmp. Read More