Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
If they need to access a site for business purposes, they may not be able to do so, and that can lead to frustration and even lost contracts and opportunities (Miller, 2005). With that being the case, it would seem as though there should be a way to get around these restrictions. If people start avoiding restrictions, though, where does that end? At what point does it become unacceptable and dangerous, and at what point does it jeopardize the privacy, safety, and security of other people who have their information online?
The people who own the information (i.e. The people whose information is being collected) should be the ones to control how secure that information is in the sense of who can see it and access it. Because their names, dates of birth, addresses, phone numbers, and other information belongs only to them, they should be able to determine whether they want that information to be available online (Miller, 2005). With public records laws, that is not the case. So, should the law be changed to protect people who do not want their information made public? What about people who need to protect their identity because of stalking, identity theft, celebrity status, or other factors? The argument could be made that these people should not receive special treatment, but they are clearly more vulnerable to problems than the average person on the street who most people do not know and who does not have any enemies or reasons to believe that others would be 'out to get them.'
Currently, the government decides how secure information is when that information is part of public record (DiBattiste, 2009). For information that is voluntarily given, such as to an internet company with which one is doing business, the company decides...
The consumer has very little say in what happens to that information, even if the company insists that it is safe (Cranor, 2008). Regulations do not appear to be changing in this regard, but that does not mean that they should not be changed. Information that is given to companies voluntarily must be protected, and to truly keep information safe a person would most likely also want to protect their public records information and keep it from being accessible to anyone and everyone online.
Whether changes will be made to reduce the number of identity theft cases remains to be seen. Right now, there are passwords and other security measures in place that are used when people have sensitive information online such as bank accounts, but they are often not enough to truly protect those people and their information. If entire databases can be hacked, what good are individual passwords? The overall scope of hacking and other privacy concerns must be considered on a grand, global scale.
References
DiBattiste, C. (2009) Privacy and Information Security 101: Have a plan Information Security Best Practices 2009 conference archive The Wharton School, University of Pennsylvania. Zicklin Center for Business Ethics Research. Retrieved on July 26, 2010 from http://technopolity.editme.com/files/isbp2009talks/DiBattiste-summary.doc
Cranor, L. (2008) A Framework for Reasoning About the Human in the Loop. Retrieved on June 10, 2011 from http://www.usenix.org/events/upsec08/tech/full_papers/cranor/cranor.pdf
Miller, M. (2005). Computer Security: Fact Forum Framework Retrieved on July 26, 2010 from http://www.caplet.com/security/taxonomy/index.html
Attacks on the system security include password theft, back doors and bugs, social engineering, protocol failures, authentication failures, Denial of Service attacks, active attacks, botnets, exponential attacks including worms and viruses, and information leakage. (Fortify Software Inc., 2008); (Fortify Software, n. d.) Servers are targets of security attacks due to the fact that servers contain valuable data and services. For instance, if a server contains personal information about employees, it
The management control area of authorize processing including certification and accreditation has been defined within Coyote Systems through the use of roles-based logins and access privileges and the use of certification of role-based access to ensure security. The company has found that through the use of role-based security authentication and the defining of rights by role, the certification and accreditation audits are far more efficient in being completed, and provide
System Security "As a manager, how would you plan on securing organizational data? How does security effectiveness and relative cost figure into those plans?" The more critical aspect of any enterprise-wide security management strategy is to align system resources to the strategic initiatives and goals of an organization. Increasingly this is being accomplished through the use of role-based access and authentication privileges and process workflows that audit and evaluate use of
Security Monitoring Strategies Creating a unified, enterprise-wide security monitoring strategy for any organization must be based on a series of strategic goals and objectives that encompass every functional area and system of a business. The intent of this analysis is to define the objectives that must anchor a security monitoring strategy to ensure its success, followed by specific recommendations for security monitoring of each major functional area. Defining Security Monitoring Strategies For an
Security Information is the Power. The importance of collecting, storing, processing and communicating the relevant information presently is viewed as crucial in order to achieve success in almost all the fields be it business firms, individuals or organizations. An integrated set of components assisting collection, store, process and communication of information is termed as information system. Increasing dependence on information systems is noticed in order to excel in the respective fields
Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework