1 / 3

IT Security

Information technology security aims at guarding networks, data, computers and programs used in an organisation or by individuals from inadvertent and illicit access, damage or change. As progress continues to be made in information and technology, creating new programs, applications and data networks, IT security has become an important aspect of many organisations since the opportunities for abuse through hacking, computer viruses and other related incidences continue to pose a threat. <a href="https://superbessay.com/articles/lab-report-writing/">https://superbessay.com</a>

Nicolesauer
Download Presentation

IT Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Information technology security aims at guarding networks, data, computers and programs used in an organisation or by individuals from inadvertent and illicit access, damage or change. As progress continues to be made in information and technology, creating new programs, applications and data networks, IT security has become an important aspect of many organisations since the opportunities for abuse through hacking, computer viruses and other related incidences continue to pose a threat. With the wanton and sophisticated threat posed by cyber attack, IT security has become an important aspect for business firms, government institutions and corporations. Access Control Systems In implementing IT access control measures, there has to be a significant differentiation between threats and attacks. According to Stallings (2011), a threat is an infringement of security, through an action, a circumstance or a situation that may cause harm in case of occurrence. Conversely, an attack is an intelligent purposeful attempt to evade security services through methods and techniques. System attacks are categorised into an active and passive attack. Passive attacks endeavour to learn or utilise system information without changing system sources or interrupting their performance. This may take the forms of monitoring transmissions or eavesdropping. The two types of passive attacks include releasing the contents of messages to the third parties and traffic analysis. These are most difficult threat to identify since it does not involve data alteration, and hence neither the sender nor the recipient detects third party access to the information. Active attacks involve data alteration and are categorised into four, namely, replay, denial of service, masquerade and message modification. The active attacks are easily distinguished due to information alterations involved. IT security measures start with the authentication process aiming at assuring accuracy of the communicating entity. Authentication may be achieved through peer entity and data origin authentication. Authentication is followed by access control procedures to prevent the use of resources by unauthorised third parties. Data integrity follows data authentication to ensure that the data was received. Access control limits and manages admittance to host systems and applications through communication links. This is achieved through recognition, endorsement and tailoring access rights to individual user. According to Stallings, security mechanisms and services become important when it is imperative to protect information between different players. These security techniques may include message encryption, where different codes, only understood by the sender and potential recipient, thereby eliminate unauthorised persons. The other technique of providing security is encrypting information before sending and decrypting it upon reception. The sender and recipients have encryption key unknown to opponents. However, in IT security engineering, a trusted third party may be required to ensure authenticity. The third party will also act as an arbitrator between the opponents. Threat-Model Security Policy Where possible, a top-down security approach to IT security, engineering takes the form of threat- model-security policy. Security policy is a well defined manuscript that expresses in a more lucid and succinct way the achievements to be attained by the instituted security mechanisms. These security policies play an imperative role in informational technology security by stating the users of the stored information and the level up to which the specified user will access specific information. Information technology security and policies are based on an engineer’s understanding of threats facing information security. Security policy could be a part of system specification component thereby takes the role of communication as its primary role, just like other system components. According to Anderson, security policy is an implied mechanism that users are supposed to follow. These policies are to be obligated by the system, which discovers security breaches and reports them to the top management of the system. This policy must be pre agreed by a whole community of users such as clients and the top level management. Even though the term security policy is used by many organisations to mean collections of security statements, the term is increasingly becoming futile with IT security engineers. Security Tools, Designs Systems and Techniques

  2. Information security put across tools, systems and techniques applied to control and manage those that use the IT system and the information contained in them (Anderson 2010). The first step in building a water tight security system is finding out the potential threats. Security expert Anderson has categorised security threats into three, unauthorised information discharge, modification and denial of use. This occurs when individuals read the information stored in a computer without permission. The intruder in all these three categories of threat reads and modifies information or prevents an authorised individual from making modification to information in a system even if that person may have the authority to do so. There are many tools and techniques that are used in modern times to provide security to computer system and other information technology programs (Anderson 2010). These include: Redundant Cross Check Programs Redundant cross check programs provide security when the software or hardware collapses or fails; protecting computers in order to prevent intruders from intercepting electromagnetic radiation; and controlling persons who have access and those that are permitted to make changes to a software or hardware and cataloguing files with a directory of authorised individuals who should have access. There exist many designs that are meant to protect computer programs from intruders and other unauthorised individuals, who might change and access information that is meant to be constrained within the domain of certain quarters (Whitman & Mattord 2012; Al-Khouri 2013). These designs are based on the types and levels of access control, which can be articulated freely or through obligation. These are referred to as functional properties, and they determine to a large extent the access control. Using these functional properties, there is unprotected system, which is devoid of conditions that may prevent an intruder from accessing the information available in the system, and controlled sharing systems, which have complex provisions that prevent individuals from accessing the information in a computer system. Therefore, it provides a list of individuals that are authorised to access the system; for instance, the digital equipment corporation system, all or nothing systems, which ensures that a specific group of individuals has access to information in a system. It isolates a certain group of persons and grants them permission to access, use and sometimes contribute with the provision that each member in the group has equal access. An example of all or nothing system is the IBM’s VIM /370 systems. Program Sharing System Finally, there is the user program sharing system whereby the users in their own capacity may wish to limit accessibility of a system or program by others without applying the standard method that control sharing of such information. In this case, the user develops a subsystem that controls access to items that are made in it. The CAL system in the University of California is a good example of user sheltered subsystem. In a database system where information is supposed to be held at different levels, from top to bottom and where data should be secure such that it can only be read by individuals in a specific level, a multilevel security system can be used. This system was developed to ensure the security of military information, but is largely used by many government institutions and corporate bodies to ensure the integrity and confidentiality of information and data. This system enables operators to see whatever is happening in their systems. In addition, in this system, a high tech operating system is used to control and monitor other operating system calls access, and determines whether to grant access or not. The modern multilevel system offers a wide range of systems at every level on the same computer. Accordingly, a given database may be on the same computer, one running high and the other low, and ensuring that the low database is progressively replicated on the database running high. To reinforce security of information, a sophisticated system of code words and passwords is used to limit individuals who can access the system. To ensure that information is safeguarded at every level, a complex system of code words is created to restrict those that can access the information.

  3. In organisations where the flow of information is lateral, a multilateral system is most apt. This type security system prevents information from flowing from one point to another across the same lateral line. It is used in government agencies such as the national intelligence and in cases, where the confidentiality of a patient or client is under threat from intruders (Anderson 2010; Oliva 2004; Khadraoui & Herrmann 2007). To ensure that future system are watertight and do not leave loopholes that can be used by intruders and hackers to distort and change information, programs can be put in place to reconcile access control pronouncements. It should create a computing base that would encompass software and hardware that would properly function as a security system and whose failure would lead to a violation of security policy. About the author: Nicole Sauer works in a team of dedicated writers and tutors belonging to diverse fields to serve you in the best manners. This research paper writing staff is efficient, versatile and expert in conducting profound research in the light of their broad knowledge and experience.https://superbessay.com/articles/lab-report-writing/

More Related