A Wealth Of Online Possibilities

Published Date: 02 Nov 2017

Abstract:

This term paper is concerned with information security. Every people and organization has their own information and it’s sometimes private and sometimes can be shared with other people. Information can be defined as a data or info that was in printed or in electronic media. Information is very important and need to be secure from access by another user without the permission. Organizations must manage information security effectively as they share data across the enterprise, as well as with their partners and customers. Information security is an overall security management that means a way to protect the information from unauthorized person.

Keywords: Information, security, information security, data

Introduction

Most people and also organization creates, use and save an information. Information can be defined as data or info that was in printed or in electronic media. But nowadays, a lot of information was in electronic media such as in email, system, and so on. While in a system the information sometime can be hacked and access by other user without a permission. Through this problem, sometimes an organization loss their data or information. For example, when a confidential business plans have been compromised, the financial results have been leaked to the media and the personal files employees have been posted on the internet. The effect from this problem is the market can loses confidence with the organization. It is because the customer can access all of data through internet. This problem also happens individually. For example, imagined if all of your information such as name, identity card number, number phone, email, bank card number was be hacked by other people. Of course it can cause a problem to people when another people use the information for illegal activities.

The term security can be defined as a ways to secure information and information systems from unauthorized person to access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Information is like assets in business and it is essential to protect and secure from access by other users. This is need to increasing the interconnected in business environment, where the information was exposed with many threats and problem. Information security is about way protection of information systems and the information store. This includes protection from unauthorized person to destruction, recording, use, inspection, perusal, modification, disruption, and disclosure. Information security is important for businesses and governments. It is because, that information was collected such as detailed about client, employees and citizens. Protecting the information nowadays is the highest legal and ethical obligation. If the information was managed in unproperly it can cause to bankruptcy problem, lawsuits, and lost business. It can cause damage such as denial of service attacks malicious code, and computer hacking become more common and increasingly.

Information security is like a business issue and not an 'IT problem'. In short, regulatory requirement and legal was important in information security. If an organization or business want to success, it should let alone prosper, and should know the importance the implementation of information The ways to make sure the information was secure also need to find and implemented especially in organization.

Methodology

In complete this term paper, the methodology that I used to find about information is used primary and secondary literatures to make sure I know detailed about information security. From the website I know details about information security. I also always know about the problem in information security in newspaper, news on television and also radio. For example, information other people was be used in criminal aspects especially in bank. A transaction process of money by another user can be happen and the major problem are the details information about people was not secure and can be access by unauthorized person.

Definitions and concepts

Information can be defined as data or info that was in printed or in electronic media. But nowadays, a lot of information was in electronic media such as in email, system, and so on. According to The U.S. National Information Systems Security Glossary defines "Information Systems Security" as the way to protect of information systems from unauthorized access or modified of information. Information security can be as defined as a the standards that published by the Committee on National Security Systems (CNSS), formerly the National Security Telecommunications and Information Systems Security Committee (NSTISSC),12 is the protection of information and its critical elements, including the systems and hardware.

In general, security is "the quality or secure and protect a data from a criminal crime. A data or any information must be kept confidential and need to secure. For example, credit card numbers, identity card number, health records and others records. In organization or business a detailed about company, clients, financial and so on are confidential and need to be secure from access by unauthorized people.

According to William, R. H (2001) in Introduction to Information Security Concepts, information security have three primary goals that known as a security triad or (CIA).The CIA triad or stand for confidentiality, integrity and availability. It is one of the core principles in information security. When people think about information security, they will think the first item that is confidentially. It is because it related with a security.

Confidentiality refers to avoid exposure of information to unauthorized person or systems. For example, a user use a credit card for the transaction such as for buys something through internet. The system requires the credit card number to transfer money from customer account to enterprise. The system was tried to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear and by restricting access to the places where it is stored. If unauthorized person obtains the card number in any way for a criminal, a breach of confidentiality has occurred.

According to William, R.H (2001) encryption is the most commonly thought of way that used to promote confidentiality, but other methods also can be used include Access Control Lists (ACLs) that it can keep from access to information, using smart cards plus pin numbers to prevent unauthorized people into building and looking around, or even the manager give an explanation to employees type of information about the company that they can and cannot disclose over the phone.

Next is integrity. In information security, data integrity can be defined as maintaining and make sure consistency or detailed about a data over its entire life-cycle. This means that data cannot be adjust, unauthorized, or undetected. For example, the files in operating system must maintain a high level of integrity, but the threats such as worms, viruses and trojans are a major issue in IT, and can also be a way that an attacker to can get information out of network. And integrity is not just about threats but it also mean other problem such as disk errors, or accidental changes made to files by unauthorized users to make a criminal crime.

Next is availability. It is one of the triad most administrators or manager need to worry about a work and with a good reason. All of information need to available when it is needed to user. This means that the function of computer systems is used to store or save and process the information and the security to controls used to protect , and the communication channels that was used to access must be functioning correctly.

4.0 Types of Controls

Information security is the concept of controls or secure a data or information which may be categorized by their functionality such as preventive, detective, corrective, deterrent, recovery, and compensating. and plane of application that is in physical, administrative, or technical. Physical controls include doors, secure facilities, fire extinguishers, flood protection, and air conditioning. Administrative controls are the organization’s policies, procedures, and guidelines intended to facilitate information security. Technical controls are the various technical measures, such as firewalls, authentication systems, intrusion detection systems, and file encryption, among others.

To secure information it has variety of ways that can be taken by user or organization. It includes preventive controls, detective controls, corrective controls, deterrent controls, recovery controls, and compensating controls.

First of controls are preventive. Preventing control can be defines as a first steps controls that taken before an emergency problem, loss of something, or other problem occurs. These include alarms and locks, division of work or task and other general and specific authorization policies. Preventive controls can prevent security violations and enforce access controls to a user.

Second are detective controls. Detective controls are in a place to detect security violations and give an alert to the defenders. According to Wisegeek.com, Detective controls can be defined as a measures or way a company uses to identify irregularities. So if have a problem with a system it can be corrected. One of the example of a detective control is an audit. Most of organization or business hold internal audits and a regular external and to review financial statements and to determine if there are any irregularities. In companies, a way that use a surprise audits is the good audits. It is because people never know about the evaluation can happen. From that way, it can detect a problem with their companies.

Third, are corrective controls. From the corrective controls it can try to detect the correct or real situation after a security violation is has occurred. Although a violation occurred, not all is lost, so it makes sense to try and fix the situation. Corrective controls vary widely, depending on the area being targeted, and they may be technical or administrative in nature. According to ishandbook.bsewall.com, corrective controls can be defined as a way to controls restoration the system or process back to the state prior to a harmful event. In a business or companies, the implementation a full restoration of a system from backup tapes after evidence is found that someone has improperly altered the payment data.

Fourth are deterrent controls. Deterrent controls mean considered to be special cases within the major categories of physical, technical, and administrative controls. Deterrent controls are intended discourage potential attackers and send a message that is better not to attack. For example, are notices of monitoring and logging as well as the visible practice of sound information security management.

Fifth is is recovery controls. Recovery control means like a corrective control but it applied in a serious situation or problem to recover from security violations and restore information and information processing resources. For example, recovery controls may include an disaster recovery and business continuity mechanism, backup system and data, emergency key management arrangement and similar controls.

The last but not least is compensating control. According to controlorigins.com, some of the organizations, by virtue of their size, are not able to implement basic controls such as segregation of duties. In this problem, it is important to management institute compensating controls to cover the problem such as the lack of a basic control, or if a basic control is not able to function for some period of time. Compensating controls are important to controls that is often over looked when internal control deficiencies are identified by either internal or external auditors.

6.0 Types of data.

7.0 Challengers in information security

Nowadays, all of people around the world, use an technology in manage their information and not all of information was secure and confidential. Technology has done a great deal for changing the way we live and do business today.

7.1 Awareness

Awareness and education are the important key issues surrounding information security today. It is because all people and also organization not have awareness and sometimes they think information security is not important. People must understand and know the risks that can occur if they don’t secure the information in properly it can cause a problem. By knowing about the threats the people or organization can know how to use these luxuries carefully, and not blindly accept that someone will have the solutions for any problems that may face in the future.

7.2 A Wealth of Online Possibilities

It is also one of the problems when all of transaction was through a system. For example, people nowadays use an internet banking, smart phones, credit cards, bill pay, and countless other internet options. It can give an open problem to individuals to such as risk of hacking and opportunities for criminals to try stealing personal information. It is because, a hacker or cracker can hack a system to get information.

7.3 Complacent Businesses

The problem or challengers in information security also happen in the business organization. For example, sometimes a fail about customer not secure and can be access by unauthorized person such as staff in other department. But, at the present time, most of the information stored in the system and the system sometimes can be accessed by outsiders. This will cause problems if the customer information such as name, identity card number, card bank number, address, phone number and any detailed to be accessed by criminals.

7.4 Risk Management

The risk management also one of the issues nowdays. An organization or individuals need to responsible keeping the personal information in computer files and also know about the threats that can occur. Individual and organization need to know the information is in their files, and keep only what is needed. Then, the good plans must be made to make sure all of files safe and cannot be access by unauthorized people.

7.5 Recognizing Problems

It is also one of the problem or challengers in information security. The issues or problem in information security also cannot recognize a problem. It is because not all of threat can be avoid, but it is being to recognize the warning signs of identity theft might keep a problem from escalating as much as it could have if left unchecked.

8.0 Recommendations

In response to that challenges and problem, several recommendations are proposed as below:

8.1 Reduce risks and determine need

To make sure all of information was in a secure a recommendation such as the risks can be reduce after conducted the survey or maintenance. The top management in organization needs to hold a periodical meeting. From the meeting, the top management can know about the problem and the best solution can be making after the discussion.

8.2 Promote awareness

People nowadays don’t secure their information from other user or person. It can give a problem when the information was access by other user for criminal crime. So to make sure all of information was secure it need awareness. In organization, the top management should make a seminar or talk about the important of information security to make sure all of data was secure. To give a talk, a person that has a lot of information was be choose to make a clear guideline to a user.

8.3 Implement appropriate policies and related controls

Organization need to implement appropriate policies and guideline to make sure all of information was secure. Policies generally mean the action that can be taken if make a a problem in the organization. So the top manage need to follow the policies to make sure all of workers know the policies that can be faced if they make a problem. Guidelines contained a detailed about rules for implementing the policies. When combine the policies and guideline the manager can easy to solve a problem.

8.4 Education and Training

People need to have an education and training to make sure they know a detailed about how to secure the information in confidentially. It is because all of the information such as name, identity card number, address, and phone number and so on needs to secure from access by other people. It is because the information can be used by the unauthorized person to criminal crime. So, for the best solution, the education and training need to hold to make sure all of people know a detailed about the important of secure the information. In organization, the manager need to give an information and need to give an explanation to employees that do open emails from persons they do not know and to ask the helpdesk about any emails that seem suspicious. Employee training not only give the education to employees on information security benefits, but also give a training a to help improve employee efficiency. Employee efficiency is improved due to the employee’s better understanding of the computer network and processes.

8.5 System security checking.

To make sure all of information was in good condition without any problem such as any threats such as Trojan, viruses or malicious its need to make a system security checking. Security checking mean, the way to check any problem that attacked in the system. So when the system checking generates a report the manager can make a discussion with other staff and find a solution to that problem. So all of the organization needs to implement the security checking to make sure their system was in good condition and run smoothly.

9.0 Conclusions

When people know the important of information, people think what the way or best solution to protect an information to make it is secure and confidentially. First, people must decide what needs should be protected. In other words, people need to audit all of assets, from information stored on servers to physical items such as document in a paper and also in a digital format. According to Microsoft's view of information, there are four types of information that is public, internal, confidential and secret. While it may not be as cool as remembering CIA, the word PICS should remember these four data types. But while Microsoft and others use these classifications of data, not all groups follow this as a standard. In other words, it's just not as wide spread as the talk about the CIA model, and some companies may use their own models.