• Home
• Articles
• Essays
• Add site

How Can We Avoid Having Good Information Security Technologies Compromised by the People Who Use Them?

How Can We Avoid Having Good Information Security Technologies Compromised by the People Who use them?


By using the term security we understand a sense of probable risk involved in the perception of the subject. With information technologies coming into the scene the canvas broadens its perimeter. At this point it becomes necessary to understand the nature of risk involved and alongside there should be a well formulated definition of the term security itself.

In general sense, there are basically three aspects of the term security. First, it indicates the availability of assets, however material or virtual, that are under possession of an individual or group. Secondly, there is a sense of confidentiality involved in this process in regards to these assets, in this case data, transactions and communication. Third and lastly, there should be a perception of integrity that enables the user or users to believe in the context of security. (Cross, 1,5)

When the problem of internet is taken into account the need of security becomes even more manifested because of the amount of data damage and information theft along with cyber fraud involved in this medium. Another very menacing fall out of the internet or the information technology as a whole is the nuisance of identity theft. Identity theft is regarded as one of the most menacing crimes of the cyber world. According to cyber law 'identity theft' is referred to as a crime when the personal information of one individual is used by another without the consent or knowledge of the former. The individual uses this information in various unlawful acts starting from frauds, misrepresentations to other kind of criminal offences. The victim is quite ignorant about the whole mishaps almost always and by the time becomes aware of the fact it's usually too late to act.
But act one must. This is not because it is meaningless to lament over spilt milk but prevention is always better than cure. The cure or better to say, the willingness to negotiate the malady lies with the state and federal government agencies like the Federal Trade Commission. The duty is to report immediately to such authorities whenever a mishap like Identity Theft takes place. Apart from reporting to the federal agencies here are few more steps to take in these circumstances. Firstly, there should be a Fraud Alert on the individual's credit report placed. Secondly, it should be noted that all the accounts that the individual thinks are open to any kind of fraudulent activity should be closed down. Thirdly, immediate report should be placed about the activity to the local police authority and send the copy of that report to all the potential and actual creditors. At present the top three nationwide consumer reporting companies are Equifax, Experian and TransUnion. It should be noted that identity theft is not only limited to driver's license and name badge theft but it also deals with criminal usage of a name, social security number and financial accounts. Therefore as security measure it is better not to reveal one’s name, social security number or other financial details to online surveys. Apart from these it is always better to use random numbers and digits for passwords.

But still, there are other sectors of risk that are kept wide open and Cross defines risk in this context as "Risk is described in management and strategy as a continuum (risk and opportunity) with payoffs (negative and positive) and probabilities (likelihood of occurrence and consequences). Risk in the financial sector is a quantifiable element (cost) of holding assets. Risk in the environmental safety and occupational health industry focuses on hazards of tasks and defined probabilities of chemical properties and physical events. Risk in the insurance and risk management industry focuses on probability distributions of material loss events. Risk in the security and audit professions tends to be protective and negative, focusing on the effects of material asset loss." (Cross, 1, 12)

These risk factors are affects most to companies that are completely depended on information technology like Google, Rediff or Yahoo. However at the same time it is also very affective against companies that are using the internet only as a promotional medium too. Furthermore, those companies are also at risk that uses the internet for information mining or for e-mail applications. Apart from companies there are wide strata of individual who access the net regularly for various reasons. Some access to trade, like stock brokers or investors, whereas other may access the net for purchase or even simple communication. Still others are there who uses the net for simple entertainment like games and music download. But the highest common factor among these people and companies is that they are all vulnerable to the same risk involved in accessing the internet. As a measure of risk management these affected parties or potential parties to be affected indulge into the use of greater and upgraded technologies to counter the menace of the prevailing technology as a measure of technology. But with spyware and other software available that masquerade as protector actually adds more dangerous and difficult to identify software into the system. (Kar, 241)

Therefore, a socio-technical approach is highly needed and this method is regarded as the system theory. This theory suggests that there should be a proper combination of social structure and technology are they should act as a overlapping force to specify, identify and solve problems under the perspective of information technology related perimeter. However, it should be taken into account that "the different perspectives on risk provided by systems theory are disturbingly regressive. Risk, under these circumstances is harder to quantify, or even identify by normal methods, until disaster strikes. By their very nature, complex systems such as the Internet (with its large infrastructure, programs, documents, hosts, servers etc.) are likely to fail on occasion in unpredictable ways." (Cross, 1, 18)

Still, there are other directives of the system theory and they interpret the problem in their own context. For example there is the theory by Perrow that suggests that system depending both on social aspects and technological development is sure to break down at some point of time. Going by this theory it is all but evident that a huge and complex system like the internet is very likely to fail and when it does it should be termed as a normal incident. However, potential measures are taken continuously to counter all possible measures of risk management and disaster management. As a result, sound understanding of these management principals are needed not only to identify and restore the assets from the threats of technology used in a negative manner but also preventive measures should be taken on account of social context as because it is the human brain that is liable to cause damage or disaster in the information technology sector by the dint of error, fraud or misrepresentation of data. The technology is affected by this and this social aspect ultimately snow balls into completely failure of the information system, at least the potential is always there and perceptions are to be focused more on this aspect. Whatever the consequences in near future the socio technological aspects hold the key to the future.

To conclude the topic it would be relevant to mention the insight shown by Antti Rantasaari in his paper Vulnerability Analysis - Who Will Be Vulnerable in the Future published in 2003. According to Antti, "Some errors in programs or improper use of a program can cause the system security to be compromised, making unauthorized access to the system possible. These kinds of software failures are commonly referred to as software vulnerabilities. The number of known vulnerabilities is growing all the time and since 1995, over 11,000 vulnerabilities have been reported to the authorities. When other variables, such as end users, that can compromise system security are taken into account, invulnerable systems are non-existent even if the software contains zero bugs." (Rantasaari, 1,1)








References:
Cross, Simon; 2001; How Risky Is the Internet? Working Paper, C-X Consulting; retrieved on 15.09.2006 from http://www.consult-x.com/papers/internet-risk.htm
Rantasaari, Antti; 2003; Vulnerability Analysis - Who Will Be Vulnerable in the Future? Working Paper; retrieved on 15.09.2006 from http://www.cs.helsinki.fi/u/lamsal/teaching/autumn2003/student_final/antti_rantasaari.pdf
Kar, P; 2006; History of technology and related application of technology; Dasgupta & Chatterjee. 241
4241

Posted by: Christie Ingram

Best Custom Writing Sites

Sites that provide custom writing services are better alternative to downloading pre-written paper samples, especially if you temporarily can't handle writing your own paper for some reason, and can not afford risking your course and reputation for plagiarism detection failure. The prices for custom written essays are affordable, but if you need 15-pages long master level report overnight, you better prepare to spend a noticeable sum.