Securing and Protecting Information
Michael Anthony Horton
University of Phoenix
August 18, 2014
Instructor: Dr. Stephen Jones
Securing and Protecting Information The specific purpose of this paper is to describe the authentication process and to describe how this and other information security considerations will affect the design and development process for new information systems. The authentication process is a necessity for safeguarding systems against various forms of security threats, such as password-cracking tools, brute-force or wordbook attacks, abuse of system access rights, impersonation of attested users, and last but not least reply attacks just to name a
…show more content…
Sadly, there is no way to alleviate the numerous amounts of threats that haunt networks and computers worldwide. The foundation and framework for choosing and implementing countermeasures against them are very important. A written policy is vital in helping to insure that everyone within the organization understands and behaves in an appropriate manner with regards to the fact that sensitive data and the security of software should be kept safe. When a security policy is developed, it should be well defined and the information in it should be clear and plainly understand and the objectives should be well defined so that there will be no confusion. Conversely, a data system with security policies is probably going to have an assortment of countermeasures that address a range of threats. Policies, standards, guidelines, and coaching materials that are known to be obsolete and not enforced could be dangerous to a corporation due to the data being outdated. As a result, management is basically drawn into thinking that security policies do exist within the organization when actually that is not the case. Counter measures which are outdated does not do an organization any good because without the appropriate patches in place, the organization’s network could have holes which would leave them extremely vulnerable. All organizations need to be compelled to actively
Distributed operating systems pose a serious issue of security and therefore need to incorporate Authorization and Authentication mechanisms. Many of the information resources that are made available and maintained in distributed systems have a high intrinsic value to their users. Their security is therefore of considerable importance. Sufficient information regarding this aspect is not available for
Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.
A security policy will be in affect starting today. As a set of new rules are to be abided by that will protect our organization from cyber theft and harm. We will cover an area that where are lacking in strength to protect our company from computer viruses. These areas will protect us from virus and spyware, firewall, and intrusion prevention.
Previous studies showed that the more an organizations’ top leadership engage in creating the information security environment, the more employees are willing to be compliant with the policies (Chen, Ramamurthy, Wen, 2012). This is because more commitment, monitoring and training are being in place with respect to information security policy and preparation. Therefore, in this study the three hypotheses will be a positive relationship between management engagement, regulation and training of information security and employees compliance with these policies.
Information is the most valuable commodity that individuals and global corporations use to grow financially, economically, and independently. The protection and security of the information is essential. One of the most vital foundations of protection information is the authentication process. The authentication process is utilized to protect computer and network systems against various types of security threats, such as password-cracking tools, password dictionary attacks, mistreatment of user access rights, and any potential unauthorized attacked. Understanding how to authenticate users and the accessible information that is readily available on system networks can help prevent future issues as well as provide insight into the developmental process for new systems. In addition, authentication is simply determining whether someone or some machine is, in fact, who or what they declared there to be. This process directly reflects on and correlates to the readiness and ease of access to information and the protection of it.
Security policy is a document that contains rules and regulations on how to protect the network and its resources. It covers areas such as password, Internet and E-mail policies, administrative and user responsibilities, disaster recovery and intrusion detection. Effective security policy reduces risks and protects data and information. The aim of security policy is to create a secure organization by protecting the privacy, integrity and accessibility of systems and information, as well as explaining the members how they are responsible for protection of the company’s resources and how important secure communication is for the whole organization. Every security policy should take into consideration the organization’s culture and structure so that it can support productivity without having a negative impact on the members and the organization’s goals. Security policies protect from external threats and reduce internal risks (SANS, 2015).
The concerns about security are a major deterrent to companies considering the use of technology (Kearney, Chapman, Edwards, Gifford, & He, 2004). The security threats are caused by angry or disgruntled employees, dishonest employees, criminals, governments, terrorists, the News and press, competitors of other businesses, hackers, crackers, and natural disasters or unforeseen events that may occur. The vulnerabilities are the areas that have yet to be found, updated, or patched. The vulnerabilities are caused by software bugs, broken processes, ineffective controls, hardware flaws, business changes, old or legacy systems, inadequate business continuity plan, and of-course human error.
The primary goals of an enterprise’s information security efforts are to ensure that data are available to the users, the data maintains its integrity, and that the information remains confidential. However, this means that their information systems and networks are vulnerable to an increased number of malicious and opportunistic risks (Stanciu & Tinca, 2016). The research conducted by Dahbur, Z. Bashabsheh, and D. Bashabsheh (2017) describes the basic security elements that require consideration in an enterprise as the people, technology, procedures, and policies. Among these, the role of technology is of interest when considering a passive authentication model.
People, process, and technology are the main pillars for Information Security framework. Security controls are designed on the fundamental principles of confidentiality, integrity and availability. The orchestration between people, process and technology provides control mechanism and helps in mitigation or reduction of risk for critical assets. Any failure with security orchestration can expose the systems for vulnerabilities and attacks. It is evident from recent data breaches from security incidents that failure of people who are behind the security controls is the number one reason behind process and technology.
Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.
Security is imperative factor in today’s world. Most of the daily activities such as education, searching are dispensed through the web. It is fundamental for getting to private information and security parameters. The most important fundamental is authentication to ensure data security issue is that the trouble of recollecting passwords provided by user. Studies have demonstrated that clients have a tendency to pick
Information systems encompass an enterprise security architecture composed of a top-down set of identified trust modules that define the infrastructure for the system. Prioritizing security threats for each module add an appropriate security level to help mitigate potential security breaches during the authentication process. Challenges reveal themselves and are apparent when a high level of security restricts greater usability by individuals. Therefore, much resistance is voiced from
Compliance with information security policies and procedures is one particular area with many implications in the research literature of information security management. Consistent with other scholars (eg., Ifinedo, 2012; ), we identified user participation implications that prevent user compliance with information security policies and procedures. To start with, Ifinedo (2012) influences his argument in his research paper by stating, as suggested by other researchers like Herath and Rao (2009), that multi-perspective methods for defending the IS assets and resources should be the responsibility of the organizations.
Numerous users can utilize the modern computer services which require the identity of the users to be checked precisely. Authentication is the procedure of checking the identity of the users and it produces a critical information that can be used in securing the PC frameworks. In conventional frameworks, secret word based validation was utilized for confirmation, yet these passwords can be intercepted by hackers when sent across the PC systems. Kerberos is a solid validation strategy where verification depends on cryptography and this technique is suitable for unstable situations as it protects passwords efficiently (Neuman & Ts, 1994).
User Authentication plays the key role for the users to make use of the resources available in any environment. With the advancements in technology, it has become quite easy for a person to find out ways to access the data of the other person. It is very important to verify the true identity of the person trying to access his/her data. The concerned organization or the business group has to make sure that the person trying to access is the right user of the data and care must be taken in such a way that the resources are not used for the wrong purposes. Making use of the correct resources by the right person in a right way is the purpose behind the authentication. A customer is mainly concerned about the security of his data