How secure
are you?
The
widespread use of information communication technology in government,
business and everyday life has resulted in most social functions
depending on efficient, secure and uninterrupted access to global
communication networks.
Cost-effective and easy access to those communication
networks have made it accessible to a significantly large portion
of the population. The network itself is a repository of knowledge
and information that was once exclusive to the learned, now made
freely accessible to everyone. In combination, these two factors
have created opportunities for users with malicious intents to exploit
these communication networks to engage in criminal activity that
would jeopardise the efficient, secure and uninterrupted service
of those networks with the potential to cause sever damage and losses
to business, governments and social safety. Thus the need for a
rigorous information security discipline is being widely recognised
by businesses and governments all over the world.
Security is a current topic in our society with
the resurgence of terrorism-related violence. Security of information
in an organisation is a critical factor – especially depending
on the type and function of the organisation. For example, there
is a clear need to secure information related to military intelligence,
but it is equally important for many businesses to protect their
trade secrets, which give them critical advantages in the corporate
world.
No matter what the type of organisation is, whether
it is a corporate giant or a small family, we all deal with various
kinds of information and data on a daily basis. Some of this information
needs to be shared and even advertised, in order for it to be useful
and meaningful, while there is information that needs to be kept
secret. Here are a few basic principles that can be applied to information
security in an organisation.
Access rights issues
Since all staff do not work on all projects, information should
be dispersed on a need-to-know basis.
In order to ensure that all the appropriate information
and only the appropriate information is made accessible to each
staff member, it is important to accurately classify staff members
into relevant groups and manage their rights to access relevant
segments of the data/information repositories. Even in a family,
the children need not know everything that their parents know.
User authentication
It is vital in an environment where different people are collaborating
remotely to work on sensitive projects, to ensure that the sensitive
data in question is made available to the intended personnel and
to them alone. Therefore it is necessary to authenticate the identity
of the person behind the remote machine, in order to ensure that
it is not being exploited by unauthorised persons to breach the
secrecy of the information.
Secure communications
When collaborating over a communication network on sensitive projects,
it is extremely important that the security of the communication
is ensured. This involves maintaining the secrecy, integrity and
authenticity of the data/information that is communicated.
Security of data repositories
It is very important that the data repositories (ex: database servers,
web servers, email servers, etc.) are secure from physical theft,
unauthorised access on-site and remotely, as well as for the data
to be backed up appropriately in separate locations, as a safeguard
against damage from natural disaster.
Security of hardware
All hardware used on the project should be safe from theft, wire-tapping,
eavesdropping and unauthorised access, either on or off the site.
Their safety should also be ensured in terms of destruction –
intentional or otherwise.
Social engineering
Social engineering is a threat that is spreading rapidly. As digital
information systems become more secure and hard to breach, attackers
resort to breaching the information security of an organisation
through its employees by luring them into divulging sensitive information
either voluntarily or involuntarily. All staff members should be
aware of the threats of social engineering, and should be adequately
trained on appropriate defenses against its threats, such as ethical
and organisational best practices, and personal security measures.
Is information security a concern for you? Write
in to technopage@gmail.com
and share your views.
|