Information Security White Paper
Information Security White Paper
The internet and its technology have brought many advantages and disadvantages for information system of businesses, whether public or private. There is no denying that the business world will move further and further into the cyber world, where information are available just by a click of a finger. No matter how large of a scale a business is, private restaurant or large Banking Corporation, the truth is every single one of these business is at risk. Risk of losing trade secret and risk of losing employee’s confidential ...view middle of the document...
What Apple Inc. did for their database security are call authentication and authorization. Authentication is a process of validating a certain individual’s identification. For example, a person who wants to log into a system must provide their ID and then authenticate him or herself by providing a password. Authorization comes after authentication. Authorization grants permission or authority for an individual toward accessing certain information after they have authenticated their identity. For example, an administrator of a networking company will be able to access to users’ database and a regular employee will not have the same privileges. Authorization however is consider a double edges swords because it raise the issue of insider threats and data theft. Insider threats are individuals that work inside of the organization that can potentially cause harm to that organization. Insider threats are actually the biggest risks that a business will ever encounter. According to a research by Andrew P. Moore and Dawn M. Capelli, 65% of insider’s threats are current employees of the organization and 80% of them has already accepted job offer from a competing organization. 63% of these insider threats case involve in trade secrets. These statistics raise a big question for organization and even small business on how to deal with their own employees. These organizations must continuously monitor their employees on a daily basis by using security camera and event log that can be installed in a computer system. Before hiring a certain individual, a business has to check his or her background to ensure he or she doesn’t involve in any cyber crime. Treating employee well and know how to handle employee’s firing are essential actions that an organization must learn to adapt.
Integrity of information is to ensure that piece of data cannot be altered or compromised. Why is this component important for any kind of business nowadays? Imagine an attacker sends a malicious virus to a system of a bank and it corrupts files regarding to accounting information. Since banking information involve a lot with money data, this attack can cause major problem for that bank. A malicious virus is a computer program that can disrupt file and cause further harm to the information system as a whole. Back in 2000, a virus called “I Love You” has worldwide infected information of thousands of people. According to an article written by Larry Seltzer, the virus disguise as an attachment in emails that were sent to its receiver. Once the attachment is open, the virus overwrites itself onto music files and document files, which violating integrity of data. As a business owner, one should be concern that these viruses will have great potential to corrupt important...