Risk Assessment in the Past Term Paper
- Length: 15 pages
- Subject: Business - Management
- Type: Term Paper
- Paper: #33631090
Excerpt from Term Paper :
It is also quite possible to use the file system's security characteristics or features in order to protect accessibility to the device management application itself. Then unauthorized users will not be in a position to read the application file, and they will not be able to run the application and have to attempt to guess a legitimate logon password in each of the step providing an extra layer of secured protection. (Network Management Security)
In general any organization in a stable state has built in systems to decide on required confidentiality of information even within the organization, but when important changes take place to the organization, and then this concept of confidentiality is disturbed. A very big organization in the field of computer technology, Borland, had decided to use 23 industry leading system integrators and consultants to provide major corporations and government clients with applications, consulting and training services for Borland's client/server software products. The products concerned were Delphi Client/Server, Inter-Base and Report Smith. According to the world-wide marketing vice president at Borland, this had led to a situation where "The Premier Partner Program has quickly grown into an association of leading strategic solutions providers focused on delivering high-quality solutions and services for client/server and Internet application development." (Borland Strengthens Premier Partner Program; Borland Expands Program with New Premier Partners, Delphi Client/Server Certification, InterBase Test Drive Program, and New Premier VAR Program)
TCI became a premier partner along with Cambridge Technology Partners, IPC Technologies Inc., Millennium Computer Technology, Professional Computer Solutions Inc., Sterling Information Group and Tactics. (Borland Strengthens Premier Partner Program; Borland Expands Program with New Premier Partners, Delphi Client/Server Certification, InterBase Test Drive Program, and New Premier VAR Program) Considering the size of the organization, this was an achievement for the organization. At the same time, this required a lot of information to flow from the organization for requirements of business. This naturally influenced the considerations of security due to removal of confidentiality in some areas. The first step in preparing a secure site is to initially prepare a secure site and then decide which information needs to be handled specially.
To judge the requirement of security of any information, the first step is to decide why that information is at risk, and from where. The first step for security has been taken by developing a system as secure as possible. Often this makes us leave out information about that extra bit of security which is being required in order to stop internal theft of information which may even start off by accident or through means of easing of the tasks by the executives who want to give such information on certain of the occasions to answer all his queries. The first step is thus to keep the system to be as secure as possible by means of introducing all new types of software having controls, and all information should not be made accessible from all approaches possible. This is not as difficult as it sounds or might seem to be and requires only certain amount of classification of different entry points into the viable system. The second point is that which pertains to as soon as a new software is been installed and to have it checked by the experts so that any flaws which are being discovered can be easily rectified upon. Then when secure information is being transmitted over the system, make sure that there are secure ways of doing it, otherwise you may have instances of secure information being sent in the e-mail and in that case everybody on the system may get to that information which is not desired. (Handling secure information)
Even when current software is installed, there will be discoveries of holes in that system, and periods before that defect can be rectified. This is one of the most dangerous periods for the system and extra care have to be taken to keep the system safe during that period. The only way of handling that problem is to make sure that consequences of break in to the system are not serious. This is achieved by shifting important and confidential information away from the system to places where it cannot be tapped through the net. When confidential information travels over the net, one has to make sure that the information is deleted as soon as the transmission is over. The last danger comes from the system being compromised and there should be methods to find this out as soon as possible. Even if there is suspicion that the site has been compromised, then the site has to be cleaned and new passwords and keys selected and applied. (Handling secure information) Thus it is not enough to have a good system, but it must be kept up-to-date for it to be useful.
Another important point to be noted is regarding the integrity of the system which is in operation and all the company computers contain certain amount of information which is being sensitive, which is inclusive of personal data of the staff, financial results, and projections for the future of the company and so on. The importance is with regard to ensuring that the nature of information being provided that is stored should be analyzed or assessed and the information which should be secure needs to be secured. One of the important sources for getting the hold on to the information is when the information is brought under transit, and for this purpose, it is better to encrypt whatever information when it is in the process of transit. This process makes it really difficult for people who are not being targeted for the information in order to understand the information even if they can try to have a hold of it. The fact that information is being encrypted is indicated via the Internet and it is done through the symbol of a padlock, but this also does not ensure about security during all times. To understand this one need to first understand two important issues in system security. (Security)
The first is the use of passwords and these are the first items to be chosen and used securely. If the password is known to the person trying to get hold of the information, then all information being sent on the system by the individual whose password is exposed, can be tracked and found out. Passwords are used by systems to restrict access, and others can find out about your password if the person chooses a simple password like mother's maiden name, pet's name, favorite sports team or something similar; or through brute power by using a program which tries out all the words in the dictionary; or through social engineering which is to trick people into revealing passwords and this can be done even on the telephone by using special tricks; some others obtain stored passwords when they are stored on computers, post it notes or their diary and this is used by persons who has access to the person whose password is being taken. Some individuals use shared passwords for all their usage and when their password is revealed for one system, it is effectively given away for all usage. Passwords can even be stolen by using 'Trojan horse software' on the computer which records all key movements and these may also record passwords. (Security)
The problems with passwords can be solved by using good passwords and these should be of at least eight characters with punctuation and numbers within it if possible; another possibility is to make sure that the system allows permits a limited number of attempts at password before the system locks itself out; it is better not to store passwords on the computer, or even write them down; another good method is not to use the same password for all usage and it is better to use different passwords for different important uses; passwords should not be disclosed to anybody; virus checking programs should be used and thus making sure that e-mail programs are configured securely and kept up-to-date; and when passwords have to be sent online, it is best to make sure that a secure connection is used. In terms of configuration of systems it is better to configure servers in a manner that all unnecessary features are disabled from the beginning. This will stop the defects in the system from affecting the computer, if they are on the features that are disabled, which is of help since the features will not be used anyway. (Security)
The most important feature is encryption and this is to ensure security of information even when it is in transit. The method of encryption is using a public key method. When it is done well, the encryption is not easily broken, but some points have to be carefully checked in this context. The method of encryption permits communication even between two parties who have not communicated…