Friday, 24 February 2012

Computer Crime And Security

Introduction
Data technologies poses numerous threats to businesses, institutions and people alike. Personal computer related threats might be either unintended or intended. Individuals with criminal intentions normally conduct the latter. Technology has transformed seemingly timid individuals into high tech criminals. In the past, one could simply utilize Security camera systems for protection, but not with these types of attacks. They have the potential to destroy the integrity or confidentiality of documents thus utilizing the information for their own ill intentioned purposes. The essay shall examine web crime and methods one can deal with it through IT security. (Honeynet, 2005)
How personal computer crime occurs
The world today is filled with malicious, careless or unscrupulous people. Some internet crimes are committed by members of the same organization although others could be committed by specialists who may have specialized in on-line crime. (Honeynet, 2005)
The initial category of criminals are disloyal staff members. These are individuals who have access to sensitive data and decide to dispense it to companies competitors or to company enemies. In such companies, employees have minimal sense of responsibility. It is likely that when they dispense sensitive data to competitors, they get material advantages in return. Ultimately, companies loose their competitive benefit.
Computer crime might happen in the form of unauthorized access to data. Here, people can gain access to information by figuring out passwords. In this case, passwords that are really obvious or those one that are shorter than six letters or also those ones that have been utilized for too lengthy are particularly susceptible.
Sometimes, the individuals who could bring about serious security threats are administrators themselves. Companies that face the highest risk are those ones that have 1 system both for normal production and for other specialized purposes. Also, such firms tend to give privileges to personal computer programmers who could abuse their positions. It is also likely that such businesses do not have a two-sided system of clarification. (Mandia and Prosise, 2001)
1 can assert that the worst threat emanates from external sources. For instance, some people may possibly specialize in permeating firewalls. Besides that, there are some personal computer wizards who know methods of dodging firewalls. Such wizards may access info or they may send harmful viruses, worms or other kinds of software program that might grow to be dangerously hazardous. There are pc wizards who dedicate a lot of time creating these viruses so that they can destroy innocent user’s info. The victim is then forced to contact them and invest substantial amounts of cash to eradicate the virus. Others have the capability of altering information with out knowledge from the user. Here, they master the architecture of the laptop or computer and then manipulate it. (Oaks, 2002)
At other times, it is likely that a malicious individual gets hold of back up storage data. Businesses that are most susceptible to this kind of crime are those ones are those ones that do not lock up their back up media appropriately or those ones with loose rules about accessing firm archives. (Viega and McGraw, 2004)
Approaches of enhancing net security
Prevention
This kind of approach refers to limiting the level of data available to personnel. In this case, businesses can guarantee that their employees only gain access to data that they will need to complete certain tasks. This indicates that even those who modify info really should only do this inside their own jurisdictions. Additionally, businesses really should restrict data availability fully for documents that are extremely sensitive. (Roily, 2007)
All the latter categories ought to be determined by the process of information classification. 1 can define data classification as the method of labeling information on the basis of security vulnerability or sensitivity. Organizations ought to location their documents into the following categories
Top secret
Open
Secret
Confidential
The classification system is the 1st step in protecting one’s documents because it lays out the significant framework for security. The person who really should do the classification is the owner of the details. Besides the latter, it is extremely needed for businesses to document all the classifications systems inside a security handbook. This is instrumental in the event that a security crisis occurs. (Fraser et al, 2005)
Policy changes
No approach of data security can be profitable without having changing the policies and procedures within organizations. Organizations should struggle to produce an environment where workers respect the problem of internet security. Here, it would be necessary to generate a disciplined environment where work practices foster details security. Additionally, those men and women who are given confidential info need to be capable of maintaining its integrity. This means that they should be trustworthy. Companies ought to also explain to their staff about the most vital data and information that is not. This means that a significant percentage of them will need to keep off sensitive data. (Garfinkel, 2001)
Organizations ought to train their employees about security threats. Here, the training sessions are supposed to inform the employees about how to use security tools, how to detect threats and how to deal with them. Here, employees need to know the experts they can contact in case of a perceived security threat. Besides that, they really should also be informed about how to make back up systems. Training is specifically essential for new employees within the company.
Clarification of problems
Security threats differ from company to organization. Some groups could be very vulnerable to internet crime even though some may possibly not. Consequently, guidelines ought to be laid out as to what constitutes a security threat and how vulnerable 1 is. The following should be outlined clearly
Security targets
Principles of info classification
Responsible personnel
Principles for reaching targets
In line with the latter, organizations really should develop a well laid out security plan. Even though curbing net crime can be carried out in variety of methods, businesses should prioritize the most essential security measures. Management and users will need to be told about their responsibilities. (Grimes, 2004)
Implementing web security
Security implementation can be carried out through a variety of methods. The 1st one is by means of authorization. Authorization ought to be accomplished via two key steps validation and identification.
Identification can be carried out via basic or far more complicated techniques. Some firms opt to use password systems. Here, particular people are given passwords that act as keys to info. Businesses that manage to use this system successfully are those ones that have one password for every individual. When everyone can use a password, then it makes it a lot less complicated for net crime to happen. Great passwords must be distinct, ought to be changed often and ought to not be repeated if they had ever been used in the past. Lastly, passwords need to be changed when people leave job positions or change departments. (Dekker, 2006)
These days, security systems have improved tremendously. The latter technique of passwords merely depends on something that a user possesses. However, far more powerful security measures depend on issues that one has and things that one knows. For example, an organization could ask for a password along with a magnetic card in order to enhance security.  The magnetic card contains some confidential details which can be identified by the personal computer system. Additionally, companies can use chip cards. The chip usually has memory. (Van and Forno, 2001)
A far more successful system is one that combines, some thing one has, with something 1 owns and some thing that is such as biometric systems. Here, people are only allowed to access particular categories of info soon after their physical functions have been verified. 1 of the examples consists of finger print and retina patterns.
Internet security can also be enhanced via backing up information. This is due to the fact some viruses have the capacity to destroy ones’ documents entirely. In order to counter such actions, then it is necessary for businesses or individuals  back up their data through another system of storage such as a removable device. The device can then be placed in a locked cabinet or a location that is completely secured.
Organizations should be careful about their back up systems since one can focus on the primary source of info and then ignore the other source of info. This means that in case the main details is destroyed, 1 would be forced to contend with obsolete info. Organisations need to be keen about editing and changing their back up details from time to time. This will go a lengthy way in promoting the reliability of the back up systems (Anderson, 2003)
Alternatively, organizations can choose to set up firewalls for their information. This is a system that prevents access to information between two networks. Firewalls can be divided into two. Some of them focus on restricting access although other people dwell on permitting selective access.  A packet filter firewall allows packets of details to enter a protected server or they may have the ability to block those respective packets. The other kind of firewall called the application gateway is 1 that acts as a go between two servers by addressing packets to user application. (Zwicky et al, 2000)
Conclusion
The proliferation of Information Technology into all aspects of life has made users really vulnerable. Personal computer crimes could happen via a number of strategies and seriously compromise the user’s functions. It is as a result needed to implement a wide range of security measures that can avoid world wide web crime. Some of these measures contain preventive measures, changing security policies, creating data back ups, making use of firewalls, using biometrics, employing efficient passwords and lastly utilizing tangible methods of identification such as magnetic cards.

No comments:

Post a Comment