Print Email Download Reference This Send to Kindle Reddit This
submit to reddit

Information technology and hacking

Introduction

The information technology has transformed in the way we do the business and it plays a major role in every branch of economy like from financing, transporting, distributing, and in every field related with the economy. Economical securities are not provided in a society where information security is not there.

It is becoming unmitigated because of the hackers and cyber criminals who are the threat for worldwide information and physical infrastructures.

All the technologies which support organazination procedures and models, information systems are diversified. Solutions developed and progressed mutually by the organization and the public can help in reducing the threat and it assures that the system will be secured against some new cyber criminals.

The threat will increase substantially, as more perceptive and confidential information is made public or readily available to the many users. Thus making it credible for the insiders to engage or embark on criminal activity. This includes terrorism and economic intelligence. It also offers strong tools for shielding against and responding to attacks, scrutinizing them and mitigating their damage.

The lager spectrum of world's information infrastructure is being operated by private organizations. The job of the private sector along with public sector in partnership is to defend the global cyber assets.

World wide information will to subject to continuous sophisticated threats and to an unfavorable catastrophic crash because there is no awareness to a cyber security.

Security Policy:

Security is the protection of information, systems and services against disasters, inaccuracies and manipulation in a manner that the likelihood and impact of security lapses is minimized.

A security policy is a precautionary way for safeguarding considerable amount of company data . A consistent security measure is communicated to users, management and technical staff.

Security policies should be an organization's immediate line of protection. It is a fine balance that needs to be monitored closely time and again. Privacy is all about the amount of control and vigilance an organization can exercise on itself. Security is concerned with unauthorized access to this information in terms of vulnerability. The reason for today's altered concern in the security policy is the sustained expansion beyond the conventional boundaries of an organization with partners and supplier. The intention of information security is to have measures in place which abolish or reduce major threats to an acceptable and sufficiently low level. Companies should be able to get connected globally with the consumers, partners and also with the employees of the organization.

Network predators regularly eye on and pilfer corporate assets and intellectual property thus causing service breaks and system failures, tarnish corporate brands, and alarm customers.

IT security comprises of:

Integrity: The business has to be in control of any alteration to objects (information and processes).

Availability: The necessity to have business objects (information and services) readily available when required.

Legal conformity: The composed, processed, used, passed on or destroyed information/data has to be dealt in conjunction with legislation of the respective countries.

Individuals have to be alert in maintaining the security processes put forth out by organizations. The organizations have to impart and execute security measures; and business and government must use different levels of security technology to avoid and minimize threats. All three are necessary to diminish risk involved.

Key legislative points or issues that is appropriate to the security policy of an organization.

Information security policies are surrounded by federal or state laws which are to be followed by every organization, failure to any would result in a legal action against the organization. Though IS laws might vary from country to country but it is important to remember that IS policies always operates within a legal frame work.

For example in U.K.

In the United Arab Emirates, the federal law is defined to combating information technologies related crimes. e.g.

Thus it becomes mandatory for any organization to comply with applicable laws and policies

Information security policy with respect to legal issues can be divided into different sections.

International Cyber Crime Treaty

Goal of ICCT is to facilitate cross-border computer crime investigation, currently 38 nations have participated in it, and USA has not ratified it yet.

Provisions:

Obligates participants to outlaw computer intrusion, child pornography, commercial copyright infringement, online fraud

Participants must pass laws to support search & seizure of email and computer records, perform internet surveillance, and make ISPs preserve logs for investigation

Mutual assistance provision to share data

Opposition to ICCT: open to countries with poor human rights records; definition of a “crime”

Federal Laws Related To Information Security.

These are defined at the federal level.

U.A.E Federal laws with respect to information security are

Information received electronically;

As per the Telecom regulatory authority of the UAE, any material in electronic form should comply with the social, ethical, cultural and religious laws of the countries and therefore all the organizations working within the domains of U.A.E. should comply with these policies in the flowing areas;

State Laws related to Information Security.

At state level, In U.A.E. there is not laws defined at the state level with respect to the information security, reason probably being it's a small country and such decisions are taken at the top level by the Federal government.

Organization wide policies related to Information Security.

Computer use policy which will be discussed in next section.

The goal of the organization:

Banking Organization

Let us take a look at a banking organization, which is generally used by the people and the for the business purposes. The organization works by using diverse electronic information systems, hardware, software and data, paper-based materials, electronic copy devices. The organizations mainframe network are used both directly and indirectly.

This sector deals with in transactions, deposits, and the properties of different firms. Since it is an organization which should move in accordance to the people assets security, it is of prime importance to the organization to follow the information security policy.

As per the policy, an organization's staff and other individuals are entitled to use organization facilities, of the principles governing the asset, use and discarding of information.

1. Empowered users of information systems

All users of organization information systems should officially permitted with a scheduled time as a staff member, or by any other process specifically authorized by the CEO. The authorized users will be in ownership of a unique user identity. In any circumstances, identity of the user should not be revealed.

2. Suitable use of information systems

Use of the organization's information system by official users will be legal , sincere and upright and will have due considered to the rights of the people.

3. Information System Owners

Organization Directors need to ensure that:

4. Personal Information

Users who are authorized of information systems are usually not given rights of privacy to use an organization's information systems. Similarly authorized officers of the organization may or scrutinize personal data available information system in any organization. The organization should take legal action so as to certify that, illegal persons should not use the information system.

Cyber Security

Impact

Organizations may suffer from huge financial losses and information security can become a vital concern for top managers.

Organizations respond to the infringed incident by making extra security speculation to avert any outlook breaches. This will project the way to either help decrease the negative status of the firm caused by the breach or even have affirmative long-term economic impact on the concerned organization.

As the instant passes, organizations forget about what happened previously and how the impact of the breach on a financial act had an effect in the long-term.

As more organizations move towards providing greater online access for their customers, professional criminals are successfully using phishing techniques to pilfer personal finances and conduct identity theft at a global level. The popularity which banking services have won with customers due the speed, expediency and accessibility offered may raise in the near future

However, the major topic of concern must be given attention. The system operators should be attentive and cautious in providing process guidelines. Other problems of fund transfer which are issued by electronic means such as verification of payment instructions is required to be addressed

Hence, for the improved security verification is better in order to make banking with higher security in the years to come. It needs to be recognized in a manner that technological expense initiatives will have to be to be undertaken only after careful consideration of the practicality and feasibility of technology along with its other associated applications.

Conclusion

Organizations require the security plan, process to implement information security in controlled manner. The choice of policies required by the organization should be sought by following the process of analyzing risks that consists of security and vulnerability assessments.

The assessment results, with a proper plan and procedure must decide which plans are needed for an industry. This can be done by using software like “Symantec Enterprise Security Manager” which supports in measuring the corporate policy compliance. Additional services can warrant that the business plan will be updated and will be put in practice accurately and efficiently.

A corporate security policy is absolutely essential. Hackers, crackers, bugs, insecure operating systems, along with continual business evolution, will always be present. As a result, new security threats and loopholes will constantly surface. The current IT security solutions have to strive for a continuous and sustained improvement to remain effective and provide business value again in future.

References

Information Security Policy World. The Information Security Policies / Computer Security Policies Directory. 2001, viewed on 8 Febuary, 2010 http://www.information-security-policies-and-standards.com/

IT Security Policies & Network Group. IT Security Policies, Network Security Policies & Effective Delivery. 2001. http://www.network-and-it-security-policies.com/

ISO 17799 Information Security Group. The ISO 17799 Directory. 2002, viewed on 8 Febuary, 2010 http://www.iso-17799.com/index.htm

RUsecure Information Security. RUsecure Information Security Policies. 2002, viewed on 8 Febuary, 2010 http://www.information-security-policies.com/

Security Risk associates. Security Policies & Baseline Standards: Effective Implementation. 2001, viewed on 8 Febuary, 2010 http://www.security.kirion.net/securitypolicy/

The SANS Institute. The SANS Security Policy Project. 2001, viewed on 8 Febuary, 2010 http://www.sans.org/newlook/resources/policies/policies.htm - template

Print Email Download Reference This Send to Kindle Reddit This

Share This Essay

To share this essay on Reddit, Facebook, Twitter, or Google+ just click on the buttons below:

Request Removal

If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please click on the link below to request removal:

Request the removal of this essay.


More from UK Essays