Information System Security
Information System Security
Customers, business, as well as, the government, rely on web service and the internet to communicate and get information. Very institution has a responsibility to manage data and at the same time transfer and access data in a reliable way. Therefore, it is their duty to ensure that the cyber café they make use of are secure to ensure privacy is upheld (Chew, 2007). The world at the present generation has become digital, and attacks on computers have, therefore, increased. Attack on a single computer, may affect many other systems within his institutions which may in turn result to huge financial losses, loss of information that is very confidential.
In addition to that, it may cause damage to the computer systems in the different institution interfering with the smooth and efficient operations of the institution. Unauthorized access may also cost the institution a fortune while hiring professional staffs to help them restore the operations of the system. In addition to that, the institution’s reputation may be damaged, as a result, of being associated with cybercrimes. The paper shall critically discuss the issue of information system security.
System security professional are used by various organizations to configure, design, manage and implement reliable computer systems. The professional also have a duty to ensure that the computer systems in an institution are well supported and secured to ensure that they are reliable. In the recent years, the roles played by a professional have increased as their nature of cyber-attacks has also changed to become more sophisticated. Employees with the knowledge of preventing the occurrence of cybercrimes in different institutions join the security infrastructure team in the institution.
There is a growing need to have privacy for your data with the growing use of electronic data especially in the cyber cafes. The damage caused, as a result, of cybercrimes has detrimental effect to individuals, as well as to companies and government institutions. Some of the damages that result due to cybercrime to individuals and institution can be considerable which include; loss of information that is very confidential to the company, and loss of funds, as a result, of fraud. In addition to that, cyber criminals may change important information on companies websites, causing them great loss and embarrassment diminishing its reputation. Cyber vandalism and criminal activities may cause the company and other institutions great financial loss as they try to fix the computer system to perform efficiently by hiring professional.
Institutions; for example universities across the world are at risk of losing critical research data that have taken many years, sensitive documents as well as personal information abut he management can be destroyed or lost, as a result, of cybercrimes. Therefore, it is important for individuals, companies, as well as institutions to come up with security measures, to ensure that important information is not destroyed or lost. Developing back up plans and recovery path are important to retrieve data in a situation where cyber vandalism occurs.
Such effective measures are important to the institutions for them to develop trust and stability. Another reason as to why information system security is important in different organizations and institution is to avoid unauthorized disclosure for competitive and legal reasons. The information used by organization should be kept such that accidental damages or deliberate alterations and modifications cannot be done and that the information can be available in time.
It is also important to have information system security to establish and maintain the authenticity of documents created as we send them or retrieve others. Information system security should be a prerogative for all companies, organizations and institutions to avoid damage to their computer systems to avoid being charged with criminal and civil proceedings on the grounds of negligence. It would be claimed that he institutions have allowed third parties to be harmed through the compromised systems which may attract heavy fines.
Business firms are also integrating information security systems as a trend emerging in e-commerce as good security is an important strategy in developing markets. Companies have increasingly adopted information security systems as it increases their leverage increasing their pool of willing buyers hence increasing their market share. Companies have also realised that good information security system for their customers and the business contributes to the revenues of the company, as well as being a competitive advantage.
Threats to information security
The causes of information systems cannot be easily determined. However, here are some causes of information security damages that have been identified. Internal dangers are one of the causes that have been established. I come from persons who are authorised in organisations and institutions that are poorly trained and incompetent. Computer viruses are also believed to be another cause of internal dangers which are believed to destroy 10% of organisation information (Jaeger, 2008).
External threats are the major cause of risk to information system security in most organisations and companies in the world. In the past, most of the systems were restricted to internal access for remote access by the employees of the organisation. Today, production systems have been opened up to access wider internet connections. Systems in most organisations have also been linked tightly to hose of trading partners by the use of virtual private networks. As a result, the number of people who can access the system has increased
There are two categories of people who engage in cybercrimes; that is the amateurs and the professionals. The amateurs who engage in cybercrimes are badly socialise rebellious adolescents, and adult who are psychologically disturbed people who are ideologically wrapped (Dhillon, 2007). Their ground for engaging in cybercrimes is social responsibility where they allege to work in the interest of victims among others. The most serious type of cyber criminals are the professionals, who are few and catching them is usually difficult. The criminal hackers have taken cybercrime as a way of making their living.
They make use of illegal sources of both private and public information and work with unscrupulous private investigators. Research has shown that products of Microsoft office have greatly increased users venerability due to their decision of including powerful scripting language at the heart of its spreadsheet, database, emails and word processing. Emails have the can carry documents that include equivalent programmes with macro viruses. The viruses not only harm the documents; it also calls the routine of the system wrecking the operating system, files as well as the memory.
Basic protection
Information systems security professionals have made significant improvements toward protecting information by coming up with basic protection mechanisms. The specialists cite basic problems in the field include security policies that are inadequate, inadequate security awareness, poor training, improper security technology as well as bad management. The specialist noted that most of the organisations do not do maintenance to their security systems as well as their operating systems software. In addition to that, the organisations lack computer emergency preparedness (United Nations, 2012). To solve the problem of information system security, organisations should review their policies, power and position. It occurs that most of the firms lack security policies and those that have are very old. Security policies should be reviewed, and the people in charge of security be given more authority.
Training and awareness are the other way that specialist has advocated as basic protection. In most organisations and firms, training takes place for the first few months. Raining should be continuous as technology is changing rapidly, and critical issues such as security should be addressed. Employees are willing to give information about organisation to strangers. Lack of awareness makes such innocent people be exploited by strangers.
Software maintenance in organisation is another way through which information system security can be improved. Keeping the software up to date is important. The authorities should subscribe for an alert from the vendors to help them implement the security patches in their systems (Information Systems Security Association, 2002). It is also important for the organisation to identify all the security breaches that may be there in their information security systems since it is not always perfect.
In conclusion, the paper has critically analysed the issue of information system security. Different aspects that touch on the issue have been analysed in the paper. Information system security must be upheld by all organisations and firms to avoid huge losses of data, financial resources and to protect their dignity.
References
Chew, E., Stine, K., Swanson, M., & National Institute of Standards and Technology (U.S.). (2007). Information System Security Reference Data Model. Gaithersburg, MD: U.S. Dept. of Commerce, National Institute of Standards and Technology.
Jaeger, T. (2008). Operating system security. San Rafael, Calif.: Morgan & Claypool Publishers.
United Nations. (2012). Information system security guidelines for the United Nations organizations. New York: United Nations.
Information Systems Security Association., & EBSCO Publishing (Firm). (2002). Information systems security. Boston, MA: Auerbach Publications.
Dhillon, G. (2007). Managing information system security. Basingstoke: Macmillan.
