Information security is a sophisticated area of technology that cannot be entirely guaranteed. As asserted by the security experts, security of information can never be absolute. There is a multiplicity of challenges that come with the adoption of technology. Among the many problems is the safety of information being disseminated and stored within the technology-enabled environment (Pagallo, 2011). Moreover, the use of the common network in an environment possesses serious security challenges that make data and information insecure. However, certain security measures can be employed to ensure data and information are protected and made difficult to be infiltrated. There are numerous avenues through which data information system can be infiltrated. One of the ways to a system can be exploited and accessed is through physical access. A malicious attacker can be forcefully or covertly gain access to the information points and get data without information (Pagallo, 2011). Such actions can be dangerous to individuals whose information are compromised and the reputation of the organization. As aforementioned, various control measures can be deployed to provide restraint.
Physical Access Control
Mantrap doors-the installation of mantrap doors can be important for such environment where someone might be interested in gaining access without the visibility of others. The use of mantrap will ensure that one can be seen from either side of the room as the doors are interlocking and once you open one door, another also opens thus exposing you. Such doors can make it scary for malicious people to enter the server room (Dunn, 2012). Therefore, it will provide environmental and security control that is necessary for the environment in question.
Security guard- there is the necessity to keep people physically in check. Sometimes the systems installed can be compromised and unauthorized people can gain access to the network without any alert from the security systems. It is thus important to have a person who can raise the alarm in case of any eventuality besides the installed electronic systems. When people are allowed into the server room, it can spell doom for the users of the system since their intention can be malicious (Dunn, 2012). Employing a security guard to provide physical security can ensure that every person who wants to gain access to the room is seen, and his intention for the visit to the server room well spelled before they are allowed access.
Locks- the computers in the registrars’ offices can be covered with locks that must be opened to gain access. It will ensure that only the registrar can access the computers since they are locked unless someone forcefully breaks into them. However, being an office environment, it is difficult to break into the computers when they are locked for fear of raising eyebrows that can lead to being caught. It will even be difficult for the assistant registrars to gain access to the registrar’s computer without his/her authorization. Hence, they will be guaranteed the safety from physical access to the ports on the computer through which data devices can be connected to transfer data (Dunn, 2012). It will keep the ports safe and physically prevent unauthorized access to the system.
Alarms-as part sound recommendation, the registrar’s office should have an alarm door installed to ensure that any unauthorized access to the office raises alert to everybody so that awareness is created about the potential security breach. Alarms have been successful in preventing illegal physical access to places and information points (Dunn, 2012).
Audit Controls for the Registrar’s Office
Review of policies-the network usage policies should be reviewed to ensure access is authorized to right individuals only (Dunn, 2012). It will provide the network usage of information devices is restricted to specified individuals only.
Review the network sharing policy-the terms of usage of the network should be reviewed to prevent users from the network from disclosing key network credentials.
Logical Access Control
Firewalls-firewalls are used to offer security to the private network by preventing unauthorized users from gaining access to the grid. Since the offices use a wireless network, it is easier to infiltrate the system through the common access points thus the necessity to exercise control of the network access points. A proxy server can be used to monitor the flow of information leaving or entering the network (Dunn, 2012). The technique will only allow authorized users to access the network thus ensure the safety of the network within its confinement.
Antivirus software-it is important to install programs that can prevent virus attacks on the information system. Malicious attacks can be used to render the system weak and vulnerable thus making it easy to infiltrate. Therefore, it is paramount to install antivirus software to help protect the information system from malware. It will ensure that only right programs are installed, and any program that is considered dangerous to the system is blocked hence prevent data tampering (Johnson & Ehinger, 2010).
Encryption-data encryption is often used to ensure that information passed through the system is only accessible to the intended users. Through the use of unique private keys for decryption and public keys, it is only valid users and holders of the keys that can access the information. Encryption makes it hard to intercept information before reaching the target recipient (Johnson & Ehinger, 2010).
How data moves within the organization
Data in the organization is disseminated through a network that interconnects the various offices within the institution. It is sent and received via the network. Therefore, safety techniques must be deployed to ensure it is moved safely, and right people receive the right information.
Techniques for safe dissemination of information
Network encryption- it is often considered one of the secure techniques to transfer information (Johnson & Ehinger, 2010). The network is protected using special encryption keys that are used to decrypt it when it reaches the recipient.
Database encryption-the data is encrypted only to allow specific users to access the information.
References
Pagallo, U. (2011). Designing Data Protection Safeguards Ethically. Information, 2(4), 247-265.
Dunn, R. (2012). Security Rule. The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules, 339-360.
Johnson, S. J., & Ehinger, M. (2010). Designing and Operating for Safeguards: Lessons Learned From the Rokkasho Reprocessing Plant (RRP) and FERPA.
