Introduction
Information
security (IS) implies the protection of information along with the information
systems from any unauthorized access, disclosure, use, disruption, perusal,
modification, inspection recording as well as destruction. Information security
revolves around confidentiality, availability as well as the integrity of data
regardless of the type that the data is going to take, which could be print,
electronic or the other different models. Security of the information systems
is one of the most profound challenges that the society is facing in the
current technological age. Information systems have made modification in of the
manner in which people carry on with their everyday lives, undertake their
business and even the running of the government. Thus, it is apparent that
information systems have become one of the most integral parts of the everyday
life as a result of their numerous applications that make our lives easier as
well as faster in the implementation of certain tasks.
The Challenges
The
challenges that are resulting to the current state of the information system
are mainly as a result of computer crime while other cases it involves the
abuse of computers. Computer abuse, as well as computer abuse, are rapidly
becoming major problems as technological is making it possible for criminals to
achieve almost every unethical or illegal task. In the case of computer crime,
it involves an individual using a computer to commit an act that is illegal
while the abuse of computers revolves around an individual using a computer to
commit an act that is unethical although not always illegal. The current state
of computer crimes and computer abuse is threatening the information systems as
a result of the growing reliability of individuals and businesses on
information system (McGee, Coutière & Palamara, 2012). The threat is
additionally aggravated by the insecurity that is evident in the
telecommunication networks.
The
majority of the ordinary threats to the information systems as fire, hardware
failure, electrical problems, software failure user errors, personnel actions
as well as the telecommunication issues additionally result in the increased
access to large volumes of data. If the telecommunication network is facing
threats, the information systems of an individual as well as businesses
additionally face an even greater threat (Arogundade, Akinwale, Jin, &
Yang, 2012).). Among the numerous computer crimes and abuse challenges
threatening the current state of security is the issue of spamming. Spamming entails
the practice characterized by the sending of the unsolicited email along with
other electronic communication. Spamming is proving to possess the greatest
threat to the current state of security as it is among the cheapest as well as
easiest strategies of abusing a computer system. The spammers who engage in the
sending of these emails are charged just a few cents for sending the
unsolicited emails to hundreds of users who did not request the information.
There exist laws that prohibit the use of spamming to abuse computer systems,
but the spammers rarely get punished as the laws are rarely enforced.
Hacking
is the additional problem facing the current state of security and occurs when
an illegal user attempts to access private information that they do not have
authorization to its access. The realization of the illegal access is mainly
via the use of logic bombs, Trojan horses along with other numerous types of
software with the ability to hidden with a lot of ease. Hacking in some
occasions goes as far as the crashing of entire networks, whereby the hackers
flood the network server with thousands of communications that are false with
the objective of crashing the network (Zhuojun, Bin, Yuan & Vinck, 2015).
Jamming as the additional threat to the current state of security is not the
most common model of attack but is the easiest to accomplish. The illegal
objective behind the jamming is to locate a way to be able to tie up the lines
leading to a computer serving as the central brain of a website. Once there is
the tying of the lines, the illegitimate visitors access the site thus jamming
the lines with many illegal users.
The
malicious software serves as the most common type of computer crime that is
causing the most significant threats to the current state of security. The
crime takes place when a criminal sends computer viruses through the internet
and the viruses infect the computer, in most cases leading to a disabling of
programs and in other cases causing the system to crash. The moment a virus has
been implanted into a computer, it becomes easy for it to spread resulting in
more significant damage to the computer system (Griffin, 2014). The main effects of the computer viruses
encompass the destroying of programs, crashing a computer system, destroying
data as well as clogging the system memory.
The Solutions
The
fact that the current technological generation has become overly dependent on
the information systems, the challenges that threaten the information system
also pose major threats to everyday activities. There complex roles that the
information systems normally play in everyday lives has seen development that
has made it attain near perfection although there are numerous challenges that
are threatening the developments. These challenges include hacking, spamming,
jamming, sniffing, malicious software, spoofing as well as identity theft. The
challenges are causing major problems to the issues of reliability as well as
the security of the information systems (Zhuojun, Bin, Yuan & Vinck, 2015).
These
diverse technological attributes that are prevalent in the current environment
are posing the major threat to the current security state of the information
systems. They are resulting in hindrances to the flow of meaningful information
in addition to the security of the sent information. Research indicates that
through the adoption of the commonly accepted effective security practices, any
organization can start managing their security risks successfully. It is
imperative that the IT managers develop an appropriate internet and information
security policy as well as auditing processes (Stewart, 2009). Security in any
organization has to be considered as one of the most instrumental components of
the survival of their mission.
Additionally, the security processes
need to be an everyday activity and not an attributes done once and forgotten
considering that the threat landscape is changing sporadically on an hourly
basis. Thus, it is necessary that the security policy provides written rules
that are going to define the manner in which there will be the configuring of
the computer systems, as well as the employees in the organization, shall
conduct their businesses before the use of the information technology. There
has to be a mechanism that promotes effective controlling of policies as they
are the foundation of the implementation (Arogundade, Akinwale, Jin, &
Yang, 2012). If the organization does
not have a policy in place, they will not have any plans upon which they will
be designing and consequently implement and effective security program.
Risk
management emphasizes on the identification, assessment as well as prioritizing
of risks and the necessary mitigation techniques. In most cases organizations
implement it as a component of the formal information security assessment that
identifies the critical information assets in the organization including
systems, data or networks. Additionally, it examines the threat to these
critical assets as well as assets vulnerabilities as well as risks (Stewart,
2009). Thus, it is imperative that an organization has a risk mitigation plan
in place that is as a result of efficient evaluation while ensuring that there
is a regular review as well as management of the risks associated with the
organization’s vital information assets. It is additionally vital that an
organization has adequate comprehension of their security architecture
(Arogundade, Akinwale, Jin, & Yang, 2012). The main question that the
organization should be asking itself is of the manner in which their security
architecture is aiding their business. Mapping the main resources that are
vital to the organization as well as the reasons is paramount.
The
additional component of the management of the current problems affecting the
status of security related to the issues of accountability as well as training
coupled with adequate expertise to the organization. Regarding accountability
and training, it is imperative that the organization develops accountability
for the users’ actions, trains for accountability and additionally enforces it,
in the same way, it is evident in the organizational policies and procedures
(Griffin, 2014). The users comprise of all the organizational stakeholders such
as the partners, employees, vendors as well as suppliers. Regarding the
expertise, it is imperative to ensure that the organization has the adequate
in-house expertise for all their technologies as encompassing securing the
operations of the technologies.
The
system, as well as network management, encompasses of different varieties of
instrumental disciplines. These disciplines are software integrity, access
control, secure asset configuration as well as backups. The establishment of an
assortment of security controls for the protection of assets that reside on the
systems as well as networks is vital. It is imperative to take into attention
the use of access controls at the network layers along with the use of data
encryption technologies are appropriate. It is advisable to use removable
storage media for the vital data to make sure that it is secured physically.
Undertaking regular checks along with verifying the integrity of the software
that has been installed is vital in ensuring that faulty software is not
installed (McGee, Coutière & Palamara, 2012). The system administrators
should ensure that they carry out regular assessments for viruses, Trojans,
worms along with other malicious software and other unauthorized software.
It
is vital to offer procedures as well as mechanisms that will guarantee that
there is a secure configuration of all the deployed assets in the entire
lifecycle of the various installation, operations as well as maintenance and
retirement. The implication of this assertion is that it is imperative that one
applies patches to rectify security as well as functionality challenges while
establishing a standard and minimal essential configuration for every type of
computer and service. The organization needs to keep their network topology up
to date as well as maintaining an appropriate logging level (Zhuojun, Bin,
Yuan, & Vinck, 2015). Before the
application of the patches, it is necessary to consider the security impacts
for every modification to the networks as well as the systems. Implementing
regular system vulnerability checks on a periodic basis is additionally
essential and ensuring that there is the addressing of all the vulnerabilities
once identified. They also need to be the mandating of the regular schedule of
backups for both the software as well as data. It implies that an organization
has to validate their software as well as data prior and after backup, and
additionally ensuring that they have the ability to restore from the backups
(Zhuojun, Bin, Yuan, & Vinck, 2015).
Protection
of the critical assets when providing network access to users who are working
remotely as well as to the third parties as the service providers and
contractors is another critical protection model applied. It is imperative that
one applies network system file as well as the application-level access
controls, restricting access to the authorized times as well as tasks are
necessary. It is additionally essential to consider the encryption of data as
well as through the use of the virtual network technologies when necessary
(Arogundade, Akinwale, Jin, & Yang, 2012). The application of the
appropriate monitoring, auditing as well as inspection facilities along with
assigning responsibility for the reporting is necessary for the enhancement of
the responses to systems as well as network events and conditions.
Implementation
of physical security interventions is also essential in the promotion of the
efforts meant to deal with current state of security. The physical security
elements are one of the security types that is regularly forgotten as the
attribute of security entail the practices, threats as well as the available
protections which vary from one site to the other (Griffin, 2014). The ideal
danger in the loss of a computer is not on the loss of the system hardware but
relates to the value of the data stored on the computer disks. The hacking
issue remains one of the hottest issues in the societies with various measures
applying to the administrators as well as the other users. An example of an
intervention meant to deal with the hacking challenge is in the case of a firewall
which is a program applied to the close monitoring of the specific information
that passes in as well as out of a computer system. It is possible to implement
programs that will keep some users out thus preventing information from leaving
the information system. When dealing with issues of identity theft which is the
other challenge faced in the current society, the common assertion that
prevention is the best mode of dealing with the vice. As such, it is necessary
to ensure that one keeps their information close by guarding it well (Stewart,
2009). Carrying out regular virus scans can assist in dealing with the
challenge posed by the malicious software along with the regular maintenance
schedules.
Conclusion
As
evident from the paper, there are numerous issues that are causing major
threats to the current security state of information systems. Issues as
phishing, jamming, malicious software, hacking among others pose major threats
to the information security systems, making the implementation of the various
tasks very complex. The fact that most of the current society place major
dependence on these systems implies that these security threats are impacting
the operations of organizations and government ion major ways. However it is
evident that through the implementation of diverse interventions as the
establishment of information system policies, risk management interventions,
system and network management attributes among others will assist in the
mitigation as well as the successful resolution of these threats.
References
Arogundade,
O. T., Akinwale, A. T., Jin, Z., & Yang, X. G. (2012). Towards an
Ontological Approach to Information System Security and Safety Requirement
Modeling and Reuse. Information Security Journal: A Global Perspective, 21(3),
137-149. doi:10.1080/19393555.2011.652290
Griffin,
P. (2014). Telebiometric information security and safety management. IEEE
Communications Magazine, 52(1), 186-192.
doi:10.1109/MCOM.2014.6710082
Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in affordable custom writing if you need a similar paper you can place your order from college research paper services.
No comments:
Post a Comment