The use of computer has been a generic routine for personal and business purposes. It seems everyone rely on computers for convenience and other beneficial reasons. But not everyone is protected, the rising number of white-collar crimes happening in the cyber community points out the problem with data security and information assurance. Data security and information assurance are two different terms. The data security is a common term referred to as protecting all stored data in the computer from any acts of intrusion and unauthorized access to that information by individuals outside of the organization (Spamlaws.com N.D.). Information assurance on the other hand is also the common terminology that defines the focus of implementing procedures set by computer security practices and managing the risks arising from utilizing information whether in physical or digital form (Rauch, Michael August 20, 2009). In other terms data security blankets sensitive information from unrecognized access through the use of several key features, while information assurance is a preventive measure set by system’s policy to correctly designate the user’s action to the intended functions.
There are issues regarded on data security and information assurance, one is SQL injection in which the hackers gains access to manipulate a website application for the purpose of injecting their own set of SQL commands to the ones that came from the database. An example of that are cheat engines that allows the player to change his amount of resource and status in an online game by penetrating the application source command and edit the text commands. Another issue with data security is decryption. Large database needs to employ the help of encrypting tools that will scramble the data into unreadable text by means of mathematical algorithms and schemes.
The problem is hackers also have their own antidote called decryption tools that works like encryption but on a reverse process. Information assurance also has its share of flaws if one of the four factors is missing either, integrity availability, confidentiality and accountability then a failure of information assurance feature is possible. One of the issues and probably the most common in information assurance is the loss of data, an error that was created internally. In a corporate environment, sensitive information detrimental to the organization are always kept confidential, when one of the members of the organization uses his corporate email access to send out sensitive information outside of the organization is already considered as breach of corporate security. Another issue is when the company payroll associates mistakenly entered wrong amount of wage or encoded the salary on the wrong employee. This issue demonstrates how the internal user used incorrect algorithm in encoding the data which information assurance is supposed guard against.
Resources:
Spamlaws.com. (N.D.) what is Data Security? Web Retrieved April 2, 20012 from http://www.spamlaws.com/data-security.html
Rauch, Michael. (August 20, 2009) What is Information Assurance? Web Retrieved April 2, 20012 from http://www.articlesbase.com/security-articles/what-is-information-assurance-1142179.html
