Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Protecting People and Information: Threats and Safeguards
In this contemporary era, we are living in a world that rotates around "Information Economy." This means that the wheels of the world no longer run predominantly on agricultural products or merchandise. The secret of surviving in the present days is the creation and propagation of information (Hill & Pemberton, 1995).
Information is vital for the continuous functioning of every venture. Today, information has been converted into a purchasable, profit-making and vandalized product. It has been notified in a report too that "corporate data is gold in this information age, and organizations have to understand how to protect it just as they would protect precious metals." This brings one to the absolute conclusion that the protection of information is exceedingly important as it is an asset just like the workforce, equipments or resources are for an organization (Hill & Pemberton, 1995). The necessity of security has existed from the time when the first computer was introduced. However, the new times have seen a shift in the paradigm. Terminal server mainframe systems modified to client/server systems and the latter changed to Internet. Securing data was not a particular issue during the era when mainframe systems were used widely. On the contrary, innumerable new security problems emerged with the development of client/server technology. The significance of access to networks, systems and files for countless tasks grew with the passage of time especially in the companies. New technologies such as data encryption, granular access control and single sign-on were developed in order to secure the data and make it non-public. This was done so that sensitive information could not be accessed by any unknown individual. On the other hand, circumvention and misuse of these newly introduced technologies and security products also began as expected. It was the phase when operating systems like Windows NT and UNIX turned out to be the most reliable of the management information systems (Andress, 2003, p. 1).
Threats
The repute, branding and broad-spectrum corporate image of a company can be overwhelmingly affected due to security infringements. This is important as rebuilding intangible assets is far difficult than reconstructing physical assets (Andress, 2003, p....
However, it must be well understood that securing information is not the only solution. It is an unending and all-encompassing process which needs constant reviews and revisions. It is a zenith in which all the three important components of a corporate environment i.e. people, process and technology interact. This must be remembered that security products are not to be depended on entirely. They are just a single puzzle piece. It is required that strategies and measures be introduced with proper analysis and preparation. All these things must be implemented along with security products to build an effective security infrastructure (Andress, 2003, p. 5).
It is important to know about the types of attacks against which the systems need to be protected. Such knowledge can be helpful in building an appropriate and efficient security infrastructure. There are three types of attacks that are needed to be worried about: Denial of Service (DoS), Intrusion and Information Theft (Andress, 2003, p. 6).
DoS attacks are generally the ones which are deliberate and malicious to harm a particular network or system (Andress, 2003, p. 7). However, some DoS attacks can be accidental in case when configuration errors occur or network is used inappropriately (Andress, 2003, p. 8). Intentional DoS attacks can prevent the user(s) from using computing services like mail, Web or database servers. It can also deprive an organization from using its anticipated resources. A DoS attack can be easily created by programs such as Trinoo and Tribe Flood which are available to all Internet users. These programs allow a person to target a specific company or organization who might want to take revenge due to some personal grudge etc. DoS attacks also include system rebooting or the lockage of an account after multiple unsuccessful login tries. Both these attempts of DoS attacks make it unable for the real user to access his/her account (Andress, 2003, p. 7). The most widespread kind of DoS attacks is the Buffer Overflows; the best example of which is the "Ping of Death" attack. SYN Attack and Teardrop Attack are the other common examples of DoS attack (Andress, 2003, p. 8).
When an attacker is able to gain access to any other system and use its resources, such attacks are called Intrusion Attacks. Such attacks are meant to gain pleasure, brag rights…
References
Andress, A. (2003). Surviving Security: How to Integrate People, Process, and Technology (2nd ed.). Boca Raton, FL: Auerbach. Retrieved November 11, 2011, from Questia database: http://www.questia.com/PM.qst?a=o&d=108484660
Cyber Criminals Are Hunting Your Data, So Lock Them Out. (2006, February 25). Western Mail (Cardiff, Wales), p. 31. Retrieved November 11, 2011, from Questia database: http://www.questia.com/PM.qst?a=o&d=5013934143
Hill, L.B., & Pemberton, J.M. (1995, January). Information Security: an Overview and Resource Guide for Inf. ARMA Records Management Quarterly, 29, 14+. Retrieved November 11, 2011, from Questia database: http://www.questia.com/PM.qst?a=o&d=5037075795
The need for continually creating and updating the security techniques and technologies involved in an enterprise system is the ethical responsibility of the IT professional. In order to successfully protect the information and intellectual property assets of a firm, an IT professional also needs to make a personal commitment to stay as current as possible on existing and future technologies (Pemberton, 1998). This commitment needs to be supported by the
The first time that they attempted to build this system they did not follow the life cycle plan and the system ended up failing. Developing a new claims payment system that will talk to and be user friendly with the customer service management system would help to speed up efficiency and enhance quality of all departments within the organization. This streamlining would help the company as a whole to
Information Technology -- Annotated Bibliography Information Technology Baker, N. (2011). The Borderless Enterprise. Internal Auditor, August, 28 -- 33. This article endeavors to explain the various trends in digital media. The author contends the use of digital technology is evidence of a deeper trend and shift in global culture. The article is as philosophical as it is technical. This article could be considered a technical article or a philosophy of technology article. Durkee, D.
Protection of Digital Health Information With increase health information technology store access patient information, likelihood security breaches risen. In fact, Canadian Medical Association Journal (CMAJ): In United States, a whopping 97% increase number health records breached 2010-2011 Ensuring that patient information is protected at all times is vital for any health care institution. Patient information records contain sensitive information that can be used for malicious purposes like identity theft, credit card fraud,
" (Tolone, Ahn, Pai, et al. 2005 P. 37). Table 1 provides the summary of the evaluation of various criteria mentioned in the paper. The table uses comparative terminology such as High, Medium and Low and, descriptive terminology such as Active, Passive, and Simple, and the standard Yes (Y) and No (N). The research provides the solutions based in the problems identified with the access controls evaluated. Table I: Evaluation of Access
Value Digital Privacy Information Technology The Value Digital Privacy in an Information Technology Age National security concerns in society and the continual investing in Internet, telephone, text and e-mail monitoring systems by enterprises are reshaping the individual citizen's rights to privacy. For U.S. citizens and employees, this is particularly challenging to accept and is often outright rejected as this nations' culture has been predicated on individual liberties and an assurance of privacy. The