The Common Terms Of Security Issues Information Technology Essay
Computer security is a common terms that is used today by business world for grouping and tackling problems and issues related to the protection of the computer and information asset of an organization (Eloff, 1988). This pertains on those issues, which were encountered by many organizations and businesses in the past, which resulted to problems related to the operations and productivity because of the different internal and external attacks towards their internal and confidential information. The increasing number of Internet users, including the number of people who are becoming more and more aware and knowledgeable regarding the different procedures in safeguarding and bypassing security measures of computer system, the increasing number of viruses, malware and other software and files, which can cause damage to computer system, the increasing number of natural calamity (the changing weather or climate change) and catastrophe caused by man (fire, and the most important example the September 11, 2001 event) awaken the public and all of the important sectors in the world about the importance of computer security.
Currently, the world had become dependent on the computer systems, which are now used in everyday life, from business industry to banking, from entertainment to healthcare. It is important to take note that most of these systems are interconnected through the Internet, which, unfortunately very open and susceptible to cyber-attacks, which can cause problems, including disruptions from losses in service to financial and safety consequences (Besnard and Arief, 2004). This increasingly dependency on computer systems, together with the impersonality and uncaring power lead to the phenomenal exposure of corporate assets to higher internal failures, human errors, natural disasters, theft and sabotage. As more computers are installed and more individuals become knowledgeable about computer systems, this adverse trend in computer-related damage is expected to grow (Bui and Sivasankaran, 1987). This cyber-attacks and security threats include, but not limited to phishing, spam, intrusion, internet worms, sabotage of disgruntled employee and stealing of data for monetary gains (dan Zuraini Ismail, 2008). The fact that a single attack can freeze an entire sector and industry in one hour, the process of securing computer systems had become a very significant aspect of the design, development and implementation of a computer system. The problem is that the measures implemented by many organizations are not always effective and efficient. The problem is that as the security tools and approaches enhance and develop, the tools, approaches and instruments used by the attackers also improve. As a result, the security efforts of organizations have becoming more and more complex and inconvenient. By very nature security is an inconvenient – the more robust the security tools and mechanisms are, the more inconvenient the process will become. Aside from that, it is also important to take note that most of the security tools and policies from the passwords up to the process of authentication are considered as hindrance towards productivity (Vacca, 2009). Thus, organizations and companies must not just focus on the issue of safety and security in a sense of using systems and mechanisms that will prevent theft or infiltration to the computer system, but must also consider the reaction or the perception of the end-users of the system, for it will influence the overall performance and efficiency of the computer systems used by the organization.
With all these, there are different factors that must be considered upon discussing the issue of computer security. First, it is important to focus on the different security risks and issues that are faced by the organization, at the same time, focus on the different strategies, mechanisms, methodologies, approaches and tools to be implemented inside the organization, which will not hinder the regular activities and performance of individual employees and the entire organization. It is also important to focus on the fact that the study of computer security is continuous.
Statement of the Problem
In the past, security for computer system was not a major and important issue. This is because all computer resources were contained in a central location. In particular, between 1960s and 1970s, the computer industry was in its infancy, thus hardware and software resources were only available and accessible to those users who were located at the central host-computer location. Remote access did not exist for network or computer communications. Because the computer resources was contained in a protected central location, it was fairly easy to establish protection into the physical facility, and a guard could be employed or hired in order to watch the physical asset. With this, computer security issues mainly focus on the issue of physical – such as stealing the entire computer system and stealing information directly from the computer system of an organization. However, the technology progressed and improved, which gave way to the popularity of networking and the Internet which enables the people from different parts of the globe to be connected and access computer resources from distant locations (Newman, 2009). The Internet itself offered both advantages and disadvantages for most organizations and businesses. Advantages, because it enables them to easily connect with both their internal (employees) and external (consumers) customers in easier and faster manner; but it also offers disadvantages and threats because it created a channel or medium, wherein information sharing, transfer and communication is more open and vulnerable, which made the issue of computer security more complex and complicated.
As a result, organizations and individuals are facing more challenges, problems and threats related to computer security.
Purpose and Significance of the Study
The main purpose of the study is to investigate and evaluate the different issues related to computer security. This issue is very important as the world of today is becoming more and more dependent on different computer systems – from schools, universities and other educational institutions to trade and commerce; and from personal communications and connections up to the different activities, programs and projects of the government. The world today is at the peak of the information age, wherein information is considered as the most important asset or resource. For businesses, information enables them to create, plan and implement the correct and appropriate strategies and actions in order to maintain competitive advantage, enhance customer relationship and maintain high market share, on the other hand for government agencies, information enables different government agencies and authorities to meet the changing demands of their citizens and the entire society. With this high dependency on computer system, any alteration or deletion of data from the system can create problems related to the final products or services towards the final customers or the users of the system. It will affect the quality of the final products and/or services that the organizations will offer towards their final customers or the end-users of the system.
Therefore, this paper will enable to present and tackle background information and show in-depth analysis of those issues related to computer security, including those risks involved in the different aspects and elements of the computer system, show the changes in the needs of computer security, and present and evaluate the different tools, approaches and mechanisms that are used in order to protect the computer system from internal and external harms.
The main aim of the study is to investigate and assess the different issues related to the problems of security in computer system. In line with this, the following are the questions that the author/researcher will answer and investigate:
What are the development and changes in the computer system implementation?
How does these changes and developments influence or affect the security policies and activities implemented by organizations?
What are the different security risks faced by computer systems in the current time?
What are the consequences and outcomes of computer security risks?
What are the different mechanisms, tools and approaches to be used and implemented in order to prevent the devastating consequence of computer security threats?
Scope of the Study
This study will mainly focus on the basics and fundamental issues related to the subject of computer system security. It will tackle those issues, concepts and aspects that will help the reader to become well-informed and be knowledgeable regarding the importance of computer security, together with the historical information or timeline of the development and improvement of computer system, security threats and issues and those tools, mechanisms and approaches uses to prevent and combat them.
Delimitations and Limitations
The time to be spent for the study have greatly influence the choice of methodologies, approaches and instruments to be used by the author/researcher. It is vital to take note that the methodologies to be used and applied have a vital influence towards the result and findings of the research. This study will be exploratory in nature, meaning, it will just focus on the fundamentals and basics of the issue. However, the result of the study will serve as a guide and will be very helpful for future study, which can help to offer more in-depth analysis of the problem and the topic.
Chapter II – Literature Review
Progress and Evolution of Computer System Security Issues
In the contemporary world, computer systems have become the brain and heart of businesses and organizations in the world. As a result, computer security is vital to sustain the availability of the system; integrity of the information; and confidentiality and privacy. The lack of computer security will not just compromise the life of the business, but will also affect the entire democratic society because computer systems play a vital role in the government sectors which influence the economic and financial system (Vandenberghe, n.d.).
Since the introduction of computers to the business environment, there have been huge changes and developments on the way that computers are used, as well as the purposes for which are used. These developments have had a direct influence towards the different types of computer related security that are used nowadays. Fundamentally, computers are used as a business tools in order to automate the entire business process. During those times, the use of computers was isolated, thus computers are commonly found in the computer center only (Mutsauers et al., 1998, 119). This situation had remained until the early of 1980s, which enabled the implementation of computer security to focus on the efforts of securing and protecting the physical infrastructure of the computer system (Bradhurn, 1987, 27). Due to those reasons, computer security attacks were mainly centered on the computer center, thus, physical security offered efficient and comprehensive protection on the overall computer infrastructure and mechanism of organizations.
However, this had changed when the multi-tasking technology have become popular, which enabled the interactive application of computer to be possibly done in the entire organization (Hearnden, 1987, 10). As a result, security attacks could have a greater effect on the organization and the distributed use of computer made the physical security measures to be ineffective and insufficient security procedures (Gollman, 1999, 165). As a result, during this time, the protection of information technology (IT) systems necessitated extra technical security measures or the security implemented with the help of software mechanisms which resides on the IT systems (Pfleeger, 1989, 4). This resulted to the change of focus of the security efforts towards the IT security.
Since the 1990s, there has been vital development in terms of IT systems. The emergence of the World Wide Web or the Internet enables businesses from different parts of the globe to be connected and the popularity of the Intranet. This added new burden for organizations. More than 30 years ago, the first computer virus – Elk Cloner, was written with the intention to display a short poem after the computer booted for more or less 50 times. After which, there have been millions of viruses and other malware, such as email viruses, Trojans, Internet worms, spyware, keystroke loggers, etc. – which have appeared and some spread worldwide, causing massive destruction of personal, business government computer system. Examples are the Michelagelo virus and I Love You virus. During those era, viruses and malwares intended on deleting files, filling computer screens and making garbage, considered as small problems as compared as the scenario today. Currently virus can encrypt all files and demand for ransom or a hacker might blackmail large company by threatening to launch a denial-of-service (DoS) attack, which will prevent its customers and employees from accessing and retrieving information from the website (Sophos, n.d.). Hackers and attackers can also create a look-a-like of a company website then gather or collect important information of individual customers, such as credit card information, which will affect the image of the organization and the lives of the people.
Since then, there have been changes in the importance of IT inside organizations, which considered data and information as important assets, which dictates profit or loss and success or failure (Forcht, 1994, 373 – 374). Thus, this moved the focus of security towards information security.
For the past decades, the changes of the usage of the computer and the advancement of IT systems further complicated and diversified the issues and problems related to security of computer system. From the focus towards the physical infrastructure of the computer system to the software infiltration, then the issue of information safety, confidentiality and privacy – in the future, in the current pace of the technological development and improvement, together with the development in the business environment due to the different influential macro- and micro-environmental factors, it is expected for organizations to face further challenges, changes and threats in computer security.
Categories of Computer Security Risk
There are three major categories of computer security risks: destruction, modification and disclosure (Shim and Qureshi, 2000).
In addition, each of the computer security risks can be categorized into further groups, which include intentional, unintentional and environmental attacks.
Intentional comes from those computer criminals and dissatisfied and resentful employees who intend to defraud sabotage as well as “hack.” The unintentional threats or risks come from those computer users who are careless and unaware and who lack of knowledge about the computer system. The final risks come from the environment, which include those natural and man-made disasters, such as fire, flood, earthquake etc (Shim and Qureshi, 2000).
Computer Security Risks Issues
There are different aspects and factors to be considered by organizations in order to maintain and monitor computer security risks issues, these include: physical, hardware, software personnel and network security.
The first line of defense for a computer system is to protect the physical mechanisms, which include the plant, equipment and the personnel. In addition, it also focuses on protecting the integrity, accuracy and privacy of data. Physical security focuses on preventing security failure (Lehtinen, Russell and Gangemi, 2006).
This includes environmental, technical and human-caused threats. This pertains on those issues related to the computer facilities, which include the environmental factors, including the heating, cooling, dehumidifying, ventilating, lighting and the overall power systems and supplies. It is also important to focus on those issues that will help the computer system to be safe from different man-made disasters and environmental catastrophes such as flood and fire, but it is important to ensure that the facility is equipped with the important gadgets and machineries, together with the practices that will help to prevent man-made disasters, particularly fire (Vacca, 2009).
It is important to focus on the important environmental factors, including: heat, water, humidity, dust, dirt and foreign particles and power failure.
In addition, it is important to use and apply different security machineries and gadgets such as surveillance camera, tracking management system or card security such as Xyloc access cards in order to monitor and control the access of people in the physical facilities of computer system of the organization (Shim and Qureshi, 2000).
Software security is dependent on the hardware security; therefore, lack of security in terms of hardware has a great influence over the entire security of the computer system (Pfleeger, and Pfleeger, 2003). In connection to the physical security, if part of the hardware can be easily stolen, changed or replaced, then it can create vital problems.
Some of the common hardware risks faced by organizations are:
Removable devices and media can be stolen or replaced;
Changing of hardware setup parameters;
Booting of the computer system by unauthorized users or software;
Rewriting booted media by unauthorized software;
As a result, it is important to focus on physical security, which includes:
Locking and protecting rooms with the computer system;
Proper and intensive monitor and audit of the use of computer system;
Proper and safe storage of keyboards and removable devices;
Using password to configure and setup computer system;
Requiring passwords in using the system (Shim and Qureshi, 2000).
Software security is considered as one of the major problems in the current world, for individual or personal use of computer as well as businesses, particularly with the growth of the Internet and Intranet, wherein people or users can download or upload and share files in easy manner.
First, it is important for organizations to address different malicious codes, which can affect in discreet and dangerous impact on the computer system. The best known viruses are: worms, Trojan Horses, droppers, bombs, etc. Viruses can be benign, annoying and catastrophic. There are different types of viruses, which include: booth sector viruses, file infectors, macro viruses, multipartite viruses, stealth viruses, polymorphic viruses and future new viruses (figure 1).
Figure 1 Types of Viruses
Source: (Shim and Qureshi, 2000)
According to the Symantec, the maker of Norton anti-virus, the most common symptoms of virus infiltrations are:
Alteration on the length of programs;
Changes in the date or time stamp of file;
Longer loading time of a program;
Slower operation of the system;
Reduced on the memory of the computer or the disk space;
Back sector on the disks;
Unusual and irritating error messages and screen activities;
Failed execution of programs;
Failed boot-ups of system; and
Unexpected writes and files on the disks (Shim and Qureshi, 2000).
As a result, it is vital for an organization to focus on the different software and hardware products, together with the policies related to the personnel or the end-users of the system in order to prevent software security risks.
First, it is important to install and update anti-virus software – a type of utility software which looks for and eliminates viruses. Figure 2 shows how it works.
Figure 2 How Anti-Virus Works?
Source: (Parson and Oja, 2009)
Second, it is important to install and maintain firewall – a system or group of systems which imposes an access control policy on network traffic as it passes through access points (Hunt, 2002). Figure 3 shows the basic operation of a firewall.
Figure 3 How does Firewall Works?
Above all, it is important to focus on informing the employees about the usage of storage device, upload and download of files from and to the Internet and extranet.
Properly informed and well-trained employees or personnel are less likely to do wrong things. This is applicable in the case of computer security. It is important for organizations to focus on the knowledge and skills of the employees about the different flow and procedures that are needed to be done and follow in order to ensure the security and safety of the entire computer system.
In order to implement personnel security, it is important to focus on the different strategies and policies to be implemented by the organizations, which include the process of: establishing the criteria for filling each position, specifying the process used in order to evaluate the candidate, screening the applicants and doing background check. In addition, it is also important to focus on the process of specifying and maintaining training programs related to computer security.
This processes shows the actions and strategies which can be implemented by organizations in order to ensure the knowledge of the candidate or individuals to be hired, at the same time maintain the knowledge of the hired employees of the company. Thorough check and research about the past performance, connections and behaviors of the candidates can help in order to check if the records of those individuals to be hired are clean and free from any issues related to computer security (Shim and Qureshi, 2000).
On the other hand, for the hired employees, it is important to implement continuous monitoring, benchmarking and auditing activities in order to ensure that the employees are following the orders or policies of the organization regarding the computer security. It is also important to take note that computer security issue is constantly changing as technology and the global industry change.
Figure 4 Techniques for Personnel Security
Source: (Newman, 2009)
Fundamentally, it is important to focus on the process of designing the network. There are 3 factors to be considered, which include:
The users should get the best response time and throughput;
The data should be transmitted and shared within the network along the least cost path, but reliability and confidentiality must not be compromised; and
Reliability should be maximized in order to ensure that all data will be received by the users or requestor (Shim and Qureshi, 2000).
Need an essay? You can buy essay help from us today!