Introduction
Information systems deal with the interaction between people, processes, data, and technology. Many organizations use information and communication technology to support the business processes that they carry out. Individuals in an organization interact with information and communication technology and use resources to produce products and services that can benefit consumers. The invention of the computer has come with advantages and challenges to the organizations that use them. There are many components of information systems that an organization employs. Examples of these components include hardware, software, input and output devices, applications, and interfaces, amongst others. All these components are aimed at ensuring that the interaction between people, processes, data, and technology is efficient. Each organization has some information that can be regarded as private and confidential. All the information that belongs to an organization needs to be secure. Organizations are transferring information across networks every day. This increases the vulnerability of the information being accessed by criminals. This paper will look at the software component of information systems because software can be developed to ensure the security of an organization’s information when in storage or when moving across networks. The paper will concentrate on a security information system that can be used to ensure that information to an organization is secure. Many organizations have been affected by security issues where hackers have crushed into their systems and acquired important information such as passwords. Websites belonging to large firms have been crashed and such organizations have suffered great losses in terms of information and confidentiality. Many organizations are using cryptography where information is encrypted and can only be accessed by the authorized. Cryptography that has been currently applied by organizations has not been very successful in ensuring security. The future of information systems especially information security systems is threatened considering the high growth in the number of smart hackers. Computer viruses, denial of service attacks, malware, and others have been used to attack networks. These pose a great threat to the future of security information systems. This paper will seek to analyze the future of security information systems bearing in mind that there are great threats to the security of information belonging to organizations.
History
Programming languages have been used to create software that provides security. Software is basically developed to address a problem at hand. Issues of security have led to the development of software used to perform various tasks. The programs that have already been developed have been modified to meet other emerging needs. The first software to be developed used punch cards fed into a reading contraption for them to run. There was a move to FORTRAN then C programming, and then to the current object-oriented programming. These programming languages have been used in coding software that has been used for security purposes.
Information security was not a big deal a few years ago and providing security to information was not very hard. The information systems that were previously used by most organizations were secure in the sense that the machines that the organizations used were rarely connected to other machines (Libicki 5). All the data to an organization was also hosted in large proprietary machines with no other machines in the organization. The systems were also closed, meaning that as they were being created, security was one of the major considerations. The security considerations were however minimal because the threats were limited. The operating system software plays a major role in the security of a system. An operating system like the Windows NT was fairy secure for the threats that existed some years back. Currently, some security tools have been developed that can detect some threats to information security. The tools that were used years back are added some patches to meet the security needs of the current tools. Firewalls and intrusion detectors have been used in the past to protect information against certain threats. The software has been used to alert administrators, withdraw user privileges, or note the specific system where an intruder is located. Cryptography has also been used in the past where data in the movement has been encrypted to protect it from hackers. However, the individuals who have implemented cryptography have not made the necessary considerations and have therefore developed inefficient software. Many programming languages that can be used to develop software have been developed to solve the many problems that arise every day. Currently, object-oriented programming languages such as java and c++ have been used to improve on software that was developed some years back in languages such as FORTRAN. In general, the information systems that have previously been developed have been developed to meet the needs of the current threats.
Research and Speculations about Developments
The computer systems that were used back in time were closed and could therefore provide a certain level of security to the security threats that existed by then. The current systems are more vulnerable because they are open and smaller. Being open means that the computers were not built with the issue of security in mind. Consequently, the security of information stored in the computers will have to come from outside. Networking increases the vulnerability of an information system’s security to security threats. Both local area and wide area networks increase the vulnerability. The average level of information security has been on the decline due the increase in the number of threats. Ths to the security are both internal and external (Peltier 140). The software that has previously been developed has managed to give different individuals in organizations different levels of accessing information. This means that some individuals in an organization are allowed to access some information that cannot be accessed by other individuals within the same organization. For example, database administrators have some privileges that other employees in an organization do not have. This can only serve to protect the information to the users in the organization. As information is being transferred across networks, other individuals may use some software to access the information belonging to an organization. Encryption has been used to change the format of such information when in transition so that an individual who is not recognized by a system as a user cannot read it.
Back up has also been used as a way of protecting loss of information in case of calamities. The development of high-capacity storage devices such as DVDs and CDs has encouraged organizations to maintain their information in these storage devices that are stored in different place. This however only prevents loss of information but does not provide security of the information. Security issues have led to big losses by organizations where some individuals have broken into the organization’s websites and threatened to crash the whole system if not compensated. Some hackers cause harm for the fun of it. Children in some countries compete to see who can crash the highest number of websites in a day. This is a clear indication that information security will continue to be a challenge to many individuals. Back up can be used to keep information so that it is not lost in case of a calamity.
The Future of Information Systems
All the organizations that have had operations have been subject to fraud. The fraud could come through cheating, denial of service, forgery, misinterpretation, rigged scales, phony invoices, and others. Threats to security include privacy violations, criminal attacks, electronic vandalism, and others. All these threats come in unexpected times and ways. The frauds are as result of insecure information that is accessed by some unauthorized individuals.
Security information systems will be very vital in the future in all organizations. Computer networks are growing bigger and bigger every day due to commerce and communication between organizations. The current cases of fraud that come as a result of information insecurity in electronic commerce need to be eliminated. Financial transactions need to be valid regardless of where they take place. Cryptography is one of the methods that have been broadly used today to provide security to information. It has been useful in providing fairness, confidentiality, accuracy, and accountability. It involves hiding information that is private and confidential. When communication takes place between two individuals, a third party that is not part of the system should not access the communication. Information is encrypted in a way that only an authorized user can access it and get the message it is carrying. The process by which information is converted in a way that is not intelligible is called encryption. The information is kept in this form when in storage and when being transferred across networks. When the information is being presented to an authorized user, decryption is done where the information is again presented in a way that can be understood by the user. There is a set of algorithms that are used to encrypt and decrypt the information. Encryption has been used by organizations to prevent vandals from altering organizational websites. It has also been used to prevent competitors from viewing confidential documents belonging to a company. However, the cryptography that is used by organizations today is not the best. As stated before, most systems are not designed and implemented by professional cryptographers but by engineers who use them just like any other computer technology. Unfortunately, cryptography cannot be applied like other technologies. The individual who develops the software must know what he or she is doing from the time he or she thinks of its implementation to the time he or she does the actual installation.
Organizations spend a lot of money on security only to buy some software that cannot meet their requirements. The strong and the weak cryptography are very similar from the outside but they have different capacities. A professional cryptographer can tell the difference between the two. The worst that the management in an organization can do is to implement weak cryptography and then sit down deceiving themselves that their information is secure. This is because some intruders can do a lot of harm without their notice now that they are convinced their system is secure. Individuals get into the system in a way that the designers cannot imagine. If an intruder has a single way of modifying the software, the whole system can be brought down.
The computer security that is in use today is quite effective for the time being but it cannot last in the future. New products are being released each and every day. Intruders have not attacked these products because they are still young. The fact that the products are young means that they have not been used widely and the intruders have not known of their existence. When individuals will start using the products extensively, criminals will always be tempted to attack them. Criminals are determined and can do anything to ensure that their mission is achieved. If such products are attacked, the press will give information about the attacks to the public. This is likely to lower the confidence of the customers in the products that have been attacked. The strength of security of a product in the market will determine the position of the product in that market.
There is no security software that can be termed to be a hundred percent efficient in offering security (Scheiner 8). The best thing that an organization can do is to work towards risk acceptance where even if intruders attack its system, the organization will still make some profit. Whichever the security system that an organization may develop in the future, intruders will always find a way to break in. It is important for an organization to always have a cryptography security system in place. However, an organization must spend money in a way that is acceptable and possible. This means that the organizations will not lose a lot if the security system is broken into. There are some strong cryptography systems that can withstand attacks but only to a certain extent. Strong cryptography systems can prevent data harvesting. Smarter attackers are emerging every day. An organization cannot install a security patch just because it has been attacked. However smartly a security system for an organization is designed, there is a very high chance that a criminal will find a way into the system. The best implemented security systems can stay for five years without a successive attack but at the end of it all, they can still be attacked.
Any organization which needs to secure its information systems will only need to use the algorithms and protocols that are already available. The work that will be left is implementation. For the cryptography to be implemented successfully, an expert must be there to do the implementation. Unfortunately, there are certain parts such as the areas that interact with people, computer interface, human interface, access control, key management, and others that defy analysis. The way that individuals understand certain parts such as computer security, software security, network security, hardware design, and others is very poor. This makes it quite hard for the implementation. In addition, cryptographic systems are fragile (Stinson 45). Failure to implement a cryptographic system effectively leads to failure. When implementing systems, most individuals work with deadlines and the budgets are also low. The individual does not have time to check errors, conditions, and end up leaving some secret information in the swap files. This makes the system more vulnerable.
The people who work with the cryptography systems make great contributions to information insecurity. The individuals who work within an organization are the ones who pose the greatest threat to information security. The users who are honest do not care about security. All they want is compatibility, simplicity, and convenience with the systems that they work with. They choose very predictable passwords, write them on different places like papers , and give their private keys to friends and relatives. This makes much information available to many unauthorized users. The honest users also have a tendency to leave the computers that they use logged in. this implies that any other person who sits there can access any information that the honest user can access in his or her computer. After implementation, individuals need to be trained on how to use the system. Convincing the consumers of the importance of training is a bit hard and this makes the use of the system a bit complex.
There is no specific way that users can use to compare systems that are claimed to be secure. Most of the comparison methods use the features of products and not their security. An organization that produces secure products will sell them at high costs. The consumers will not go for the product that is expensive when they have cheaper options. Lack of a way that users can use to measure the security of a product discourages organizations because their most secure systems cannot sell.
Conclusion
Information systems form an important part of many organizations and it deals with people, processes, data, and technology. Information and communications technology (ICT) has been used by many organizations to support the business processes that such organizations carry out. Some software has been used previously as a means of protecting information from unauthorized access. The systems that were used to keep information some years back were closed meaning that these systems were designed with security in mind. The systems were also not interconnected in most cases meaning that there was no data to be transferred. The manufacture of small open systems has brought the need for external security system to provide security to information. The invention of storage devices such as the DVD and the CD have helped in keeping back up that can be used to maintain information incase of a calamity such as an earth quake or a terrorist attack.
Computer networks are growing with each new day and this can be attributed to the commerce and communication that is taking place between organizations. Security information systems will be very vital in the future in all organizations. Cryptography has previously been used to provide security to information. It involves encryption where information is translated in an unintelligible language and later decrypted to an intelligible language when an authorized user wants to access it. Organizations have spent large amounts of money so as to secure their systems only for the systems to be later attacked by a criminal. Coming up with a security system that is completely secure and cannot be attacked is almost impossible. For cryptography to be implemented successfully, an expert must be there to do the implementation.
References
Libicki, Martin. The Future of Information Security. 2000. Web.
Peltier, Thomas R. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Boca Raton, FL: Auerbach publications, 2002. Print.
Scheiner, Bruce. Cryptography, Security, and the Future. 2000. Web.
Stinson, Robert. D. Cryptography: Theory and Practice. New Jersey: CRC Press, 2006. Print.