Wednesday, May 6, 2020
Information Security & Privacy Issues-Free-Samples for Students
Question: Discuss about hte Information Security and Privacy Issues. Answer: Introduction There are several resources engaged with the organizations that look in to the information properties and processes associated with it. Chief Information Officer (CIO) is the primary resource that is responsible for the management and monitoring of the information that is associated with an organization. There are several issues in terms of security and privacy of the information that have been observed and these issues have emerged as a major point of concern for CIOs and other security managers. It has become mandatory to develop the mechanisms and measures so that the security architecture is maintained and enhanced (Totterdale, 2010). The document carries out a literature review on the topic of information security and privacy and lists out the major issues along with the countermeasures that may be adopted. Information Security Privacy Issues There are a number of information security and privacy issues that have been observed and a lot of research work has been carried out to highlight and understand these issues. Network Related Issues Networks are an integral part of the information architecture as it is these networks that allow transition and communication of the information from one entity to the other. Cloud computing is also used as a technology in most of the business organizations in the present times that makes use of a number of networking channels and mediums. Information security and privacy issues that commonly occur are due to the networks as the agents of these attacks and threats. There are several network security attacks that take place that adversely impact the privacy and confidentiality of the information. Denial of service and other availability attacks are carried out with the aid of the networking channels that are flooded with unwanted traffic. This traffic blocks the service availability and adversely impacts the continuity that leads to the situation of a breakdown. In this manner, the users become unable to access the services that are offered by the organizations. This type of attack is of prime concern for the CIOs as it directly affects the system attribute as its availability (Pawar, 2015). There are a number of passive attacks that are also given shape with the help of the information networks. These passive attacks include traffic analysis, eavesdropping and monitoring of the networks. Through these measures, the privacy and confidentiality of the information is affected as it gets exposed to unwanted entities. Rushing attacks are also executed through the networking mediums in which the data packets are sent to the receivers repeatedly. The receiver assumes the transmission of the packets being done by the sender which is however done by the attackers to deteriorate the service quality. It is an advanced form of networking attack. All of these networking attacks can have varying degrees of impact as they may affect the various categories of information associated with the organization. Issues Related with Big Data The organizations in the current times are making use of Big Data technologies to efficiently manage the huge information sets that are related with it. However, Big Data has its own set of security and privacy issues that are required to be handled and prevented by the CIO and the information security team. Organizations make use of Big Data along with Internet of Things (IoT) to make sure that the services provided to the users and customers are as per latest technology. There are several entities that are involved in the process and the information is transmitted from one entity to the other. In this process, there are occurrences wherein the information is breached by the attackers and the privacy is affected as a result. In case of Big Data and the applications and service that are associated with it, there is a lack of transport encryption that is seen. It is because of this reason that the information is exposed to the attackers (Moura, 2015). There are also cases in which the alteration of the information contents is executed by the attackers which lead to the hampering of the information integrity. There are many messages and media contents that are exchanged in association with Big Data and these contents are altered through unauthorized means. Data mining is extensively used along with Big Data so as to achieve the desired results. However, data mining has its own set of data privacy and security issues that are associated with it. Social Networking Information Security/Privacy Issues Social networking is being used at a massive scale in the organizations that have allowed the organizations to achieve a number of benefits in terms of competitive edge, information collection and gathering, customer satisfaction and likewise. However, there are a number of information security and privacy issues that have been observed in association with the social networking platforms. There are employees and customers that are associated with an organization that put up a lot of information on the social networking channels. This information may be associated with customer preferences, reviews, employee viewpoints and likewise. The information on the social networking channels can be easily acquired by the attackers as most of this information is publically available. This information may then be analyzed by the attackers and transferred to the competitors. This may have an impact on the market performance of the organization as the user preferences and choices will be understood by the competitors (Kumar, 2013). There may also be information leakage and breaches that may occur that also lead to the hampering of information security and privacy. Legal, Ethical and Professional Issues There are various other aspects that are associated with information security and privacy. These issues are associated with the legal, ethical and professional aspects of the information and the same will be required to be handled by the CIO. There are a number of regulatory and Intellectual Property laws and policies that an organization must adhere to in association with the information that is associated with it. An organization deals with a number of other partners and third parties that may be multi-national and multi-cultural. These laws and policies may therefore vary and it becomes necessary to come up with an agreement stating the applicable laws and standards that the organization must comply with. However, with occurrence of information security and privacy attacks, these laws and policies are violated that lead to legal obligations as a result (Cassini, Medlin and Romaniello, 2008). There are various professional and ethical codes that are also defined for the organizations and it becomes the responsibility of the senior management and CIO to make sure that the employees of the organization adhere to the same. However, there are often violations that are observed. Insider threats and attacks are one of the most common categories of the information security and privacy issues. Employees that are engaged with the organization have the complete understanding of the information architecture that is followed and also have the access and privilege that is required in association with the information. These privileges are misused by the employees as the information is deliberately shared with unauthorized entities that later misuse the details that are provided to them. These actions are a clear violate of professional code of conduct and the ethical standards that shall be followed in the organization (Warren, 2012). Countermeasures to Information Security/Privacy Issues There are several countermeasures that have been defined in order to control and prevent the security and privacy issues that are associated with the information related with an organization. These measures shall be included and reflected in the information security policies and strategies that are followed in the organization and the CIO must make sure that the implementation of the same is adequately done. Network security attacks shall be controlled by the following measures There are many anti-denial tools that are available in the market that shall be acquired and installed in the internal and external networking channels to avoid the flooding of the network traffic (Sridevi, 2011). There is also automated intrusion detection along with intrusion prevention packages that are also available to make sure that the intruders do not enter into the networks and any such attempt is immediately reported. CIO, Information Security team, Networking team and senior management of the organization must carry out regular reviews and inspections to make sure that the networking channels are secured and protected at all times (Erlich and Zviran, 2010). The issues that are associated with Big Data shall be controlled and handled by making use of frequent back-ups and disaster recovery mechanisms. There shall also be advanced access control and identity management that shall be used to make sure that the attacks related with the violation of access and authentication are not executed. There are various anti-malware tools and packages that have been designed that shall be installed so that the malware of any form may not attack the information that is present in the organizations. Social networking channels are required and mandatory for the organizations. However, restrictions shall be applied on the information in terms of the rights to view the information that is posted by the users (Conteh and Schmick, 2016). Encryption of the information is a great measure that shall be used so that the attacks and threats associated with information security and privacy do not result in significant damage. There shall be ethical and professional trainings that must be given to the employees so that they may make sure that adherence and compliance to the standards is always maintained and followed. Legal policies and rules shall also be explained to the employees so that they adhere to the norms that are stated in the same (Hatwar and Chavan, 2015). Conclusion Information security and privacy are the two most important parameters that must be followed and it becomes the responsibility of the CIO to make sure that these attributes are always maintained. There are however various issues that may have an adverse impact on these two parameters in terms of the network related attacks, issues related with Big Data, social networking issues, legal, ethical and professional issues and many more. These issues may negatively impact the security and privacy of the information that is associated with the organization. There are likewise various countermeasures that have been developed to put a check and control on all of these categories of issues. These countermeasures shall be applied to make sure that the security and privacy issues do not take place and the security and privacy is always maintained. The CIO and the other resources engaged with the organization shall carry out the practices that do not violate any of the information properties. References Cassini, J., Medlin, B. and Romaniello, A. (2008). Laws and Regulations Dealing with Information Security and Privacy. International Journal of Information Security and Privacy, 2(2), pp.70-82. Conteh, N. and Schmick, P. (2016). Cybersecurity:risks, vulnerabilities and countermeasures to prevent social engineering attacks. International Journal of Advanced Computer Research, 6(23), pp.31-38. Erlich, Z. and Zviran, M. (2010). Goals and Practices in Maintaining Information Systems Security. International Journal of Information Security and Privacy, 4(3), pp.40-50. Hatwar, S. and Chavan, R. (2015). Cloud Computing Security Aspects, Vulnerabilities and Countermeasures. International Journal of Computer Applications, 119(17), pp.46-53. Kumar, D. (2013). Security Issues in Social Networking. [online] Available at: https://paper.ijcsns.org/07_book/201306/20130619.pdf [Accessed 13 Jun. 2017]. Moura, J. (2015). Security and Privacy Issues of Big Data. [online] Available at: https://arxiv.org/ftp/arxiv/papers/1601/1601.06206.pdf [Accessed 13 Jun. 2017]. Pawar, M. (2015). Network Security and Types of Attacks in Network - ScienceDirect. [online] Sciencedirect.com. Available at: https://www.sciencedirect.com/science/article/pii/S1877050915006353 [Accessed 13 Jun. 2017]. Sridevi (2011). Wireless Lan Vulnerabilities, Threats and Countermeasures. Indian Journal of Applied Research, 3(9), pp.123-126. Totterdale, R. (2010). Globalization and Data Privacy. International Journal of Information Security and Privacy, 4(2), pp.19-35. Warren, E. (2012). Legal, Ethical, and Professional Issues in Information Security. [online] Available at: https://www.cengage.com/resource_uploads/downloads/1111138214_259148.pdf [Accessed 13 Jun. 2017].