Protection Of Information Systems And Data Other

Length: 6 pages Sources: 1 Subject: Education - Computers Type: Other Paper: #42333005 Related Topics: Espionage, Algebra, Firewalls, Information Systems
Excerpt from Other :

¶ … Security


In order to maintain information secrecy one would use cryptography. This is intentionally making information unintelligible. This method is mainly employed during the transmission of information. Cryptography ensures that only the intended person would be able to decipher the information (Whitman & Mattord, 2011, p. 339). The process of deciphering encrypted text is referred to as cryptanalysis. Cryptology is the mathematics branch covering cryptography and cryptanalysis. Cryptology has been in use since 1900 B.C. In Egyptian hieroglyphs. A Mesopotamian cryptography was discovered in 1500 B.C. that surpassed that of the Egyptians. The book of Jeremiah was written using alphabet substitution called ATBASH. Cryptography was employed during the First World War to decipher radio communication. Prisoners have also used cryptography to decipher their messages in order to protect their privacy. A key in cryptography is a parameter or piece of information that would determine the functional output for a cryptographic cipher or algorithm. Without a key, no useful result would be obtained from the algorithm. A key is vital for encrypted text in order for the receiver to decrypt the message. The three basic cryptography operations are substitution, transposition, and XOR (Whitman & Mattord, 2011, p. 342). Substitution involves substituting one value for another. Transposition is a way of rearranging the values in a block to generate cipher text. This cane b performed at bit or byte level. Exclusive OR (XOR) is a Boolean algebra function that compares two bits if they are identical they result to a binary zero, if not the same they result to a binary one. Hash function is another encryption technique integrated in cryptology. A hash function is a mathematical algorithm that will generate a summary of the message in order to confirm its identity and affirm that no changes have occurred to the content (Whitman & Mattord, 2011, p. 350). Hash functions do not create cipher text, but they confirm the identity and integrity of the message necessary for e-commerce.

The keys used for decryption and encryption are the differentiating factors between asymmetric and symmetric encryption. Symmetric encryption systems use one key for encrypting and decrypting a message (Whitman & Mattord, 2011, p. 354). Asymmetric encryption makes use of two different keys. The two keys are related and if one is used to encrypt only the other can decrypt the messages. To ensure that the recipient receives the secret key for decrypting the sent message in symmetric encryption, the sender must send the secret key using a different band or channel. Sending the secret key using another channel ensures that the key is not intercepted with the message. Public key encryption is also called asymmetric encryption. The person sending the message uses the receiver's non-secret public key to encrypt the message. The receiver will then use their private key to decrypt the message. The main advantage is that the non-secret public key cannot be used to decrypt the sent message. The six components for PKI are certificate authority, revocation, registration authority, certificate publishing methods, certificate management system, and PKI aware applications. The digital signature verifies the authenticity of a message. A digital signature is an encrypted messages hash, which the recipient can check to establish if the message has been tampered with by comparing the hash value to that of the decrypted certificate. Digital certificates bind public keys to entities (Whitman & Mattord, 2011, p. 365). If there were no certificates, it would be easy to forge the signature because the recipient would have no way of confirming the public key. Holding a single conversation would require the two parties to make use of four keys in asymmetric encryption, while in symmetric encryption the two parties must both have the secret key. Another drawback is that if the key falls in the wrong hands the messages could be decrypted by other parties. Using Diffie-Hellman key exchange, two parties can carry out efficient, secure communications. Steganography is the process of hiding information to protect its confidentiality during transit. It is not a cryptography form. The hidden information is embedded within other information in a harmless manner. Steganography is used when there is no possibility of encrypting the information.

The security protocols mostly used in web-based electronic commerce are Secure Electronic Transactions, Secure Sockets Layer, and Secure Hypertext Transfer Protocol. The protocols used to protect e-mail are Privacy Enhanced Mail, secure Multipurpose Internet Mail Extensions, and Pretty Good Privacy. The two modes of IPsec are tunnel and transport. Dictionary attacks and timing attacks make use of pre-identified terms to attack cryptosystems. Brute force...


Having an encryption key that is 64 digits would provide appropriate security. The maximum length would result in 256-bit strength, which would make the network more secure and prevent external attacks. The strongest encryption system in use today is the web-based Secure Socket Layer that was standardized in 2004 on 128 bits. The secure hash standard is the recommended encryption standard by NIST. Secure Sockets Layer is the popular encryption system used over the web. 3 DES is the popular asymmetric system, and PGP is the popular hybrid system.

Securing physical assets

Physical security involves the implementation, design, and maintenance of countermeasures that offer protection to the physical resources. The primary threat to physical security are human error or failure, power irregularities, espionage, information extortion, vandalism, theft, forces of nature, technical failures, and software errors. Potential acts of human error can be manifested by accidental spillage of drinks on the computer. Employees could copy confidential information and pass on to competitors. Espionage would manifest itself by a competitor accessing the facility, physically accessing the equipment, and theft. Forces of nature are thunderstorms, earthquakes, tsunamis, and floods. IT, security, and general management play a vital role in physical security. The security department has the most direct responsibility and are charged with establishing policies, implementing physical security, enforcing security procedures, and investigating security breaches. The IT department is responsible for network and computer security. A majority of most physical devices are network based, which increases the responsibility of maintenance and deployment of these systems. The company's senior management is responsible for protecting the assets of the company. The senior management is assisted by the IT and security department in order to achieve the company's goals. Overall, it is the senior management's work to guarantee the security of a company's assets. Physical access controls are the countermeasures aimed at protecting the physical resources of a company. Logical access controls are the countermeasures aimed at protecting the company's critical information, which a potential attacker could easily steal without necessarily gaining physical access to the equipment. They are both used for securing the equipment and data stored within the devices.

A secure facility refers to a physical location that has security controls that minimize physical attack threats. Secure facilities are used to protect information and equipment. The design of the facility will utilize the natural terrain, urban development, and traffic flow. It will complement these environments with protection mechanisms like gates, guards, walls, fences, and alarms. Guards have the ability to evaluate situations as they arise and determine the correct course of action based on specified policies (Whitman & Mattord, 2011, p. 387). In unfamiliar situations, the guard will use the standard operating procedures. Dogs can be used in risky situations where risking a person's life would not be appropriate. There are four types of locks namely electromechanical locks, mechanical locks, electronic locks, and biometric locks (Whitman & Mattord, 2011, p. 388). Mechanical locks are the normal lock and key locks. They use multiple slotted disks that must align for the lock to open. Electromechanical locks that can use various methods to open. Some will use magnetic strips, radio signals, or PINs. Electronic locks are integrated into alarm systems. These are smart locks that have sensors for additional security. Biometric locks are the most sophisticated, they use finger, palm, or hand readers. When locks fail, they use two modes fail-safe or fail-secure mode. For human safety, the two modes ensure that security is provided, but in case of an emergency, the lock will act as expected. Fail-safe is used to secure an exit door, which ensures that the door would ensure the door unlocks when there is an emergency. Fail secure is used to secure areas that are not dominant factors.

A mantrap is an enclosure with a separate exit and entry point. Mantraps should be used when securing highly sensitive areas where a person has to confirm their identity before been granted full access. Alarms come in many forms, and the common one is the burglar alarm that detects intrusions in restricted areas and notify a security agent to react (Whitman & Mattord, 2011, p. 391). The alarms make use of motion detectors, thermal detectors, and contact and weight sensors. Physical firewalls found in buildings isolate physical spaces of the company's offices. Standard interior walls are used to compartmentalize individual offices between the firewalls. Physical…

Sources Used in Documents:


Whitman, M., & Mattord, H. (2011). Principles of Information Security (4th ed.). Stamford, CT: Cengage Learning.

Cite this Document:

"Protection Of Information Systems And Data" (2014, November 30) Retrieved December 4, 2022, from

"Protection Of Information Systems And Data" 30 November 2014. Web.4 December. 2022. <>

"Protection Of Information Systems And Data", 30 November 2014, Accessed.4 December. 2022,

Related Documents
Information System MIS Stands for "Management Information
Words: 1293 Length: 4 Pages Topic: Education - Computers Paper #: 57573831

Information System MIS stands for "Management Information System." It is one of the computer-based tools to manage organizational operations efficiently. It consists of software that managers' use in making decision, for data storage, in project management applications, for records and procedures for making customers relations etc. Nowadays most of the organizations have separate MIS department which is basically responsible for computer systems. MIS is also called "Information System" or "Information Technology."

Information Systems & Information Technology
Words: 3130 Length: 10 Pages Topic: Business Paper #: 48384406

The company's consistent top line revenue growth also illustrates it has been successful in transforming its supplier network into one that operates more on knowledge, less on purely price or product decisions. As a result the company is capable of competing more at the process level and less at the purely price-driven one (Reese, 2007). In terms of the company's factors for success, the greater opportunities is to move into

Information Systems Multi-Chapter Case Study
Words: 3615 Length: 13 Pages Topic: Business Paper #: 93834264

First, as Personal Trainer expands globally, the system will be available through web browsers anywhere in the world. Second, the ease of completing system upgrades across all users at the same time needs to be taken into consideration, and the use of the Web-based system architecture hosted on a Software-as-a-Service (SaaS) platform is critical. Third, by taking this approach Susan can b e assured there will be higher levels

Information System on Ethical and
Words: 6479 Length: 15 Pages Topic: Economics Paper #: 96967103

They have a moral obligation to the South African people in this area for many reasons. First, they have an obligation to make certain that they can participate in the global economy to give their citizens the same chances for advancement as other nations. Secondly, they have a moral obligation to do everything possible to keep their citizens safe. When one discusses the topic of security in Information and Communication

Information System Recovery in the
Words: 1398 Length: 4 Pages Topic: Education - Computers Paper #: 5543019

4). The strength associated with this approach is ensuring that an organization has access to its mission-critical data in the event of a disaster, with the concomitant weakness being the relatively modest costs involved. The next step in developing the organization's information system recover plan is to take stock of existing hardware. As Cohen emphasizes, "If you have been hosting your company's Web site on an office computer, it is

Healthcare Information Systems
Words: 840 Length: 3 Pages Topic: Education - Computers Paper #: 41592355

Healthcare Information Systems Faculty of Information Technology at the Queensland University Australia, have written this article to point out the need to change the method of access control in the current health care environment. They have introduced this method keeping in the mind the latest information technology system structures, legal and regulatory requirements and the demands of security operation in the Health Information Systems. The authors have proposed "Open and Trusted