The world is in an information era where the use of computers has taken center stage in almost all areas of a business. A new mode of communication has emerged, which is the use of the internet. The only problem with the internet is the danger that it exposes a company’s information to. Information is a valuable asset that a company uses for its benefits. It needs to be protected to ensure that a competitive advantage can be attained from computerization (McNulty, Lee, Boni, Coghlan, & Foley, 2007). This paper focuses on how to avoid interference of good internet security by the same people who use the internet; the discussion will largely borrow from the lessons learned from password management and patch management.
This is ensuring that data and information that is posted on one’s internet is used only for the right purpose by the right people. If the information is meant for customers, then it should be adequate, accessible, and useful to them. When one is developing a website, there is information aimed at different users that are given over the website. This information offers a competitive tool to a business and thus should be protected. The next level of security is on the kind of data that has been posted on the internet. It should be one that is required to be reflected over the net. The individual who updates data should be vetted (Schneider, 2005).
Password attacks are involved in brute-force attacks, where a hacker uses several attacks to ensure that there is a match of a user’s password and a username. After they have successfully gotten access to the said database or area, they then can access stored data, this data may have been stored with specific aims, manipulate or even delete some information. Hackers in this case use a dictionary program where they make several attempts in shared network places like a server to access the certain site.
These are system management procedures that are aimed at limiting the level and number of people who can access a certain site. It involves acquiring, testing, and installing multiple code changes. A system administrator should know the codes and maintain controlled system access. A company that has adopted this technology requires that there should be a control point where people who are allowed access to a certain system are configured in it. Simple patch management is the need for configuration by users before they access a certain cite. This, though, is faced by a number of problems. They include; system malfunction, hackling, and human error of forgetting.
To ensure that there is security in data over the internet, there are things that management should do to put measures that ensure that access of data/system is to the licensed people. Despite this there is another risk with licensed people being insiders they can manipulate information or they can be used by hackers to assist them access data knowingly or unknowingly.
Password Management Literature That Might Be Informative To Patch Management
There are different methods that an organization can adopt to ensure that its system are secure from insiders and outsider, they include;
Securing the Environment
This includes ensuring that there is physical security to areas that have computers which can be used for manipulation. This includes simple measures like putting the server room under key and lock. They can involve intrusion detection system, use of fire walls, and use of strong antivirus which can detect a hacker as a virus and reject his operations. On the other hand, there can be the use of more secure passwords like human thumb prints instead of password which can be duplicated by unauthorized people.
Educating Security Administrators
These are the people who are mandated with the task of securing the information system control rooms. They should be trained on different surveillance methods so that they can be alert and aware of any planned threats on the system. They should understand their mandate although they may not be given physical access to a certain system. Modern surveillance methods like cameras should be adopted. In computer rooms, no one should be allowed to come out with a written password.
Sometimes users can innocently give a password to people they are not suspecting that they can be hackers. To avoid this, users of the system should be educated on the need to keep information and access data to themselves and in case they are giving the data they should be aware of who they are giving information to. On the same point, the pass word should have an expire date. This will make them not easy to be duplicated.
To avoid hacking by employees willingly, there is a need to have a trail mechanism that offers a certain point employee a signature. When the employee commits something then the system should record who it was, at what time, and place. This will make employees more accountable of their password and fear engaging in faulty deals (Schneier, 2005).
How the Element of Risk Come into Play
Risk in a system comes when a hacker is able to access a company’s information which can affect the operation of the business negatively. They can either use the information for their own benefit, manipulate the information to mislead the companies decision making (information is an important tool in decision making), or access some customers data. These will all be to the disadvantage of the company.
In the part of employee, when one manipulates a certain set of information in the database to benefit another party other than his employer, then this is manipulation and change in information is the risk that a business will face (Arief & Besnard, 2005).
How Can We Effectively Factor Risks And Risk Management Into Our Security Management?
The most important way of controlling or mitigating a risk is avoiding its occurrence. However, since they are likely to happen, there is need to have risk management factors put in place. Employees should be vetted to ensure that their integrity can be approved. It starts by ensuring that the system provider is of high integrity and the kind of system he has developed for a company is hybrid. It should have self mechanisms to avoid hacking; it should detect and report abnormalities at any one point. The above is at system stage. The next measure is to insure the system like any other asset. This will be against any loss suffered by a company’s a result of information manipulation. Small risks can be borne by the company and improvement made.
A new mode of communication has emerged which is the use of internet. The only problem with internet is the danger that it exposes a company’s information to. Information is a valuable asset that a company uses for its benefits. Information is an asset that need to be protected as it can give a company competitive advantage. Decisions are made in reflect to information gotten. Password management and patch management have been used to protect information but have proved ineffective at certain times. To ensure that security of data is maintained there is need to have Educating Security Administrators, Educating Users, and Securing the Environment. Risk mitigation measures should also be taken to avoid any misfortune.
Arief, A. and Besnard, D. (2005). Technical and Human Issues in Computer-Based Systems Security. Centre for Software Reliability, School of Computing Science, University of Newcastle upon Tyne. Web.
McNulty, E., Lee, J. E., Boni, B., Coghlan, J. P., & Foley, J. (2007). Boss, I Think Someone Stole Our Customer Data. Harvard Business Review, 85(9), 37-50.
Schneider, B. (2005). The Curse of the Secret Question. Web.
Schneier, B. (2005). “Two-Factor Authentication: Too Little, Too Late,” Inside Risks 178, Communications of the ACM, V. 48, 4. Web.