Information Technology Security Over the Last Several

¶ … Information Technology Security

Over the last several years, the Internet has evolved to the point that it is a part of any organizations activities. As both governments and businesses are using this new technology, to store as well as retrieve significant amounts of information. However, this heavy reliance on various IT related protocols are having adverse effects on these organizations. As they are facing increasing amounts of threats from cyber criminals that are seeking to exploit a host of weaknesses. A good example of this can be seen by looking at statistics that were compiled by the FDIC. They found, that in third quarter of 2009 there was $120 million stolen (from governments and corporations), out of this number small business lost $25 million. This is significant, because it shows how the tremendous reliance on IT-based technology, is increasing the overall vulnerability that these organizations are facing. To fully understand how an entity can protect itself requires: examining the problems, solutions to address them, the impact of the Internet on the organization's security, examining RAID fault tolerance and recommendation of what products / services should be utilized. Together, these different elements will provide the greatest insights, as to the overall scope of the challenges and solutions all organizations will face.

The Issues that Organizations will Face on the Internet

The overall challenges that an organization will have on the Internet is from: malware, botnets and spyware. Malware is a type of software program that will infect a computer system, without the owner knowing that this occurring. Botnets are a collection of software programs (called bots) that are designed to seek out and find vulnerabilities in a host of different computer systems. Spyware is similar to malware, in that it is software that will attach itself to another computer without the owner's knowledge. Criminals are using these different tools to: seek out and attack vulnerable computer systems. Where, they will use various social networking sites, to identify organizations that could have possible vulnerabilities. At which point, they will use one or a combination of them to steal sensitive information. This is important, because it shows how the biggest problem facing governments and businesses are unknown security breaches. Once this takes place, it means that there is the possibility that sensitive pieces information could fall into the hands of criminals or spies. ("The Effects of Spyware, Malware and Botnets," 2010)

Solutions to Address the Problem

The biggest problem that all organizations are going to face is, preventing security breaches from occurring. Part of the reason for this, is because human beings are the largest risk, as they will require outside access to the various tools including: e-mail, telnet, FTP, web-based systems and remote login. This is problematic, because it means that hackers can exploit this weakness, in order to gain access to sensitive information.

As a result, a comprehensive security protocol needs to be created that will address: the organization's security technology, policies / procedures, awareness and training. One way that this can be accomplished is through interconnecting the different tools together. As far as security technology is concerned, this means that a number of different tools can be used to help protect sensitive data from possible breaches to include: encryption, the use of bio metrics, multiple personal identification verifications and firewalls. ("Guide to NIST Information," 2010)

The Impact of the Internet on the Organization's Security

The Internet is having a tremendous impact upon the security of an organization. This is because, the increasing reliance on computers and other technology (for storing information), has caused many businesses as well as governments to face a host of unprecedented threats. This has lead to a shift, in the way an organization is looking at and addressing their security needs. Part of the reason for this, is because many entities are fearful of the possible fall out that occurs when this kind of situation takes place. In the case of businesses, this could mean that they may lose customers or have their reputation damaged. As far as governments are concerned, this could lead to a public relations disaster and political fallout. A good example of this occurred recently, when Wiki Leaks released hundreds of thousands of U.S. diplomatic cables. In this situation, the U.S. government faced tremendous amounts of embarrassment over some of their private comments. What this shows is how the Internet is changing organizational security, by increasing the possibility that major security breaches could occur. As a result, this has created a shift in the way a host of different entities are looking at their security procedures. ("Wiki Leaks Cable Rattles U.S. Government," 2010)

RAID Technology

You would then interconnect these different tools together through a redundant array of inexpensive disks (RAID) system. This is when you are creating a number of blocks and system backups that are interconnected. The idea is that by using this strategy, you can have multiple procedures in place. In the event that there is some kind of security breach, this will reduce the overall risks that an organization would be exposed to (by making certain that there is fail safe mechanism). The different policies and procedures should be flexible enough, to adapt to the overall changing nature of the threats. Awareness is when you are constantly monitoring for: possible security breaches and are looking at the different ways that they can occur. Training is when you are teaching and updating the staff about how to: identify security breaches along with isolating them. ("What is RAID," 2010) These different elements are important, because they are providing solutions that can address the underlying problem and are adjusting to possible threats.

Recommendation of What Products / Services should be Utilized

To prevent any kind of possible security breaches requires using a number of different tools in conjunction with one another. This means that vendors must be selected, who can provide the technology necessary, to improve the organization's security. To accomplish this task, means that different vendors must be used in conjunction with one another. The most logical choice to address the offsite security issues is: the 6998 Storage System (offered through LSI). This is a storage device that will allow the organization to be able to: storage large amounts of data and integrate the different security solutions into a single platform. As this allows for effective communication through a secure fiber optic cable and it has SATA disk drives. This will create the basic foundation for protecting the data of the organization itself.