Information Security


Because of the proliferating cyber crime cases, different organisations today are now considering the development of computer programs that will counter hacking and virus spreading among computers. As seen, the development of those type f computer programs helps the organisation to guard their network from unexpected crime occurrences. With regards to the current environment setting that is the dominance of modern technology in business environment, the operations of businesses like production organisations, banks and IT organisational are too much dependent on internet and computers. Despite of too much dependence on new technologies, it helps the organisations to manage their operation more efficient. Organisations will able to speed-up transactions to split-seconds time interval and because of the easy-to-use feature of computer and internet, these technologies are prone to abuse and threats to information.

In some way, people being so unfamiliar with information and computer safeguards are one cause why scam and protection leaks come out. In accordance to this, today's businesses and organisations are now creating and formulation ways concerning protection counter-measures that will prevent and avoid cyber crimes. Actually, time is the most vital force needed in finding solutions concerning on how to hider this kind of unlawful activities. The best solution created by the government was through the implementation of laws and legislation concerning cybercrimes. Let's consider the huge event of computer hacking in the current era. Acceding to the report of Burnett (2006), banks and different financial institutions in America scramble due computer hacking. It was recorded that event led to loss of millions of dollars to business organisations like Citibank, SunTrust and other financial institutions. However, despite of this devastating event, the government of America a well as the concerned companies created counter measures and solutions to problems by means of updating numerous numbers of of debit-card accounts and providing their customers new cards, account numbers and PINs (Burnett, 2006). In addition, vital data/information being passed around due to lack of sturdy protection measures among government organisation and business companies. Actually, the previous event was also similar to the reported information of Bielski, (2005) in which the Bank of America suffered similarly to the loss of its government employee information and combined to it a dash of Choicepoint's “data leaks” happening in April. Aside from this, there were also occurrences of the so-called Troj/BankAsh-A virus. It is a Trojan-type of virus that stole bank account passwords (Bielski, 2005). With respect to this event and in order to prevent this in ESCWA region, they created guidelines and legislations that will prevent information hacking and increase protection of data. For instance in Dubai, Federal and local laws have in general established the electronic confirmation of credentials and revealed the legitimacy of e-contracts. Law No. 2 of 2002 (Dubai) requires the formation and validity of e-contracts. In the area of e-signatures, the Law demands that an e-signature positions as a written signature with the matching evidential authority when the said signature fulfills with substantiation requirements as stated in the Law. With regards to the event of cybercrimes, there was an initiated convention known as Convention on Cybercrime (Budapest, 23.XI.2001). The said convention aims to battle head-on the cybercrimes occurrences.


The implementation of information technology (IT) in organisations is a remarkable achievement; its preserving competitive advantage has by now been discussed earlier. IT can either be a product or service offered by the organisation, or a part of the organisational support for a product or service. As previously argued, the good benefits created by the creation of new technologies in helping our daily chores has been tarnished and endangered with diverse malicious acts with just as malevolent group. Therefore the need for protection among organisation - public and private - is essential. According to Bosworth, & Kabay, (n.d), protection refers to the condition of being free from hazard and not open to harm from devastations or attacks, or it can be defined as the process for achieving that pleasing state (Bosworth, & Kabay, n.d.). It is certainly one of the main considerations in Information Technology these days. The lack of protection always demoralises the information integrity in accordance to its direct impact on the organisation itself. Virtual businesses necessitate that appropriate and sufficient protection systems are in position to guarantee that threats can be brought down to a bare minimum. Additionally, computer protection simply conforms to the procedure of denying unlawful persons access to information whereas a total protection technique go with the need-to-know constraints of a user to the secrecy of the information he or she is permitted to access (Crawford, 1992). Bosworth, & Kabay, (n.d.) stated that computer protection is divided to various components namely: Physical and environmental protection, personal protection, operations protection, communications protection, and network protection. Physical and environmental protection responded to the cases about protection of the physical items, objects or areas of an organisation from not permitted access and/or damage, misuse, and interference to business grounds and information. On the other hand, personal protection is more on the protection of individual or group of individuals who are permitted to have access in the organisation and its functions. This means that operations protection focuses on the protection of a definite operation or chain of actions. In fact, communications protection addresses the defense of an organisations communications technology, media, and content. Network protection, on the other hand, is the protection of elements, links, contents, systems, and hardware that are used to store up, and broadcast information. Exploitation of tools by hackers as well as staff has presented a threat to financial organisations from the earliest days of computers. In Europe, various ways and means have been employed by various organisations to counter measure anomalous activities and also to respond to the legislation of Council of Europe concerning “Offences against the confidentiality, integrity and availability of computer information and systems”. Various organisations have made rigorous measures in their computer system to prevent hackers entering the organisations' systems, they have installed various anti-virus computer programs to fortify the “wall” of the system they are using from viruses, and, again, from hackers. It is inevitable, as well, that some of the banks or any organisation's personnel need to have high-level access to the network by the nature of their work for they will be the ones who will be operating it. Thus institutions must very well know the firms they hire as well as the backgrounds of the individuals who will handle the job (Spivey, 2001). With regards to the accounting systems of every firm, there will be system of checks and balances to protect from hacking attacks. For instance, bank use a dual control system similar to the one they use in money handling, teaming up a contractor with an internal employee. The two would work together, but the organisation staff would be responsible for reviewing and remaining aware of what the contractor was doing.

Password Guidelines

Government offices, banks, and classified sectors often have rigorous measures when it comes to passwords for their computers, online records or even their vaults. Some of these guidelines are: sharing passwords is a protection threat. In Albert Einstein Cancer Center, the management made it a point that sharing passwords will have their accounts disabled. Putting passwords in a file on any computer system (including Palm Pilots or similar devices) without encryption is extremely prohibited. It is also similar with the the use of the same passwords for AECOM accounts as for other way in, or using ‘remember password” attribute of interaces (e.g. Outlook, Eudora, and Netscape Messenger (Password Policy, n.d.). Furthermore, in the same institute, passwords for their employees are requested to truncate at eight (8) characters, with an acceptable password of at least seven (7) characters, shorter passwords are easier to guess, longer passwords are harder to guess; with five alpha-numeric characters, repeated characters can make for palindromes and reduce the seek out room; with an acceptable password that have characters from at least three various character sorts - upper case, lower case, punctuation, digits etc., a password that comprises an example from a rich character set is not easy to crack, as they seek out space is extremely huge. Also the acceptable password for the institute to their employees must have alphabetic series any longer than three (3) characters, the aim is to make sure that dictionary words are avoided; a digit series any longer than two (2) characters, long digit series decrease the search plate; and a few characters that will cause troubles if used in a password, for example, the “delete” character is one of the evident ones. Passwords that should not be are the following: dictionary terminology (as well as foreign and technical dictionaries), a place, a proper noun, pattern of letters on keyboards, a phone number or anyone's or anything's name, or any of the above upturned or concatenated, and any of the above with digits pre-pended or appended. The potential technique for selecting a good password is to create some acronym. For instance: gPanth2c, it is difficult to decide. As with the imperative of the thumb no one should write down a password, someone might find out the password. For the access codes inside the bank, passwords and access codes are changed daily, for example when it comes to authorisation codes for their employee to gain access to their tasks. Banks would perhaps use the four seasons of the year and the current day's date. Like today was the tenth of May: Summer 10. Moreover, reusable, or static, passwords offer weak protection. To address that problem, banks are turning to dynamic passwords, which are created by a user token and verified using an algorithm synchronised with a central computer server. The user's token generates a password that can only be used in a one-minute span. If this password were stolen by someone looking over a coworker's shoulder or monitoring the system electronically, the network would not be at risk, because the password's usefulness would expire before it could be used by the thief (Spivey, 2001). From this illustration, Albert Einstein Cancer Center was actually following the legislations illustrated in Convention on Cybercrime (Budapest, 23.XI 2001).

Internet Access Guidelines

And as for the internet access guidelines, banks like Citigroup Private Bank used “cookies”. A “cookie” is a little quantity of information that a web site stocks up on web browser of PC and can later recuperate. These cookies are used for a quantity of administrative reasons, including storing the client's choices for explicit types of information. No cookie, though, will be set by the website on the web browser that will enclose information that could allow any third party to make with the client via telephone, email, or postal mail. Basically, there are relevant legislations that can be applied in this case, i.e. written in Article 10 of Convention on Cybercrime (Budapest, 23.XI, 2001) which is about the offences related to infringements of copyright and related rights. According to Citibank's Private and Protection guidelines the techniques how to protect online protection is strong encryption, securing user name and password (the client preferred user name and password for the client website, and these items must be entered every time the client sign-in to the Priva, automatic “time-out” (when there is no activity 15 minutes, the session will be concluded to help defend against unauthorised access, and Client-Driven Authentication Questions. (with questions about the web-site, the bank must first confirm the client's identity on the phone before discussing his account information. Other ways to combat fraud and malicious assaults in opposition to are firewalls, verification, encryption, and dial-back, among others. Encryption is used by most banks to ensure the protection information during transmission and transactions. It is used for in-house protection as well as for online banking services. Not only financial information but also account information being encrypted while being stored and in transit (Spivey, 2001). As indicated in Plant Engineering, (2002), it involves the translations of information into secret code, in such a way that merely the computer with the key can decipher it. For the most fraction computer encryption structures are either public-key encryption or symmetric-key encryption. Confirmation, on the other hand, is another information protection procedure being used by various agencies to confirm that the information comes from a reliable source. This is very important especially in banks so as to know the message come from the allowed correspondent and no other information is being disclosed to a culprit. It involves adding an extra field to a record, with the contents of this field derived from the remainder of the record by applying an algorithm that has previously been settled between the senders and recipients of information. Moreover, verification and encryption play hand-in-hand to produce a protected environment. Verification can be completed using passwords, passcards, or digital signatures (Plant Engineering, 2002). Basically, the DSS or the so-called digital signature standard is based on a form of public- key encryption system that uses the digital signature algorithm (DSA). And as for Firewall, it is being used by some big organisation to prevent unwelcome intrusions into organisation systems. A firewall is an instrumental component in helping to formulate secure corporate communications. It can be furnished with parameters to make sure that repeated attacks formed around the same code cannot be successful, so it is a useful damage limitation tool (Communicate, 2000). Or, the organisation could somehow install Virtual Private Networks. VPN is a private network that's surreptitiously owned and used. Meaning, it's a network that's not open to the public. Most office networks are private networks. As an organisation grows, it might expand into several countries. The main drawback, however, with VPN is that it's public, one that raises question of information protection. In order to solve the problem, protection measures such as encrypting the information are used to protect the integrity and protection of the information transferred from one office to another. Furthermore, dial-back is necessary for the organisations to have protection that operates by requiring the person wanting to the system to dial into it and identify themselves first. The system then dials the person back on their authorised number before allowing them access. As for the troubles of spam and virus contagion in the computers, so many antivirus programs and hardware have been developed to combat viruses by top corporations. Research for evidence of a virus program (by checking for appearances or behavior that are characteristic of computer viruses), isolate infected files, and remove viruses from a computer's software. Other techniques to combat viruses and hackers are Adware/Spyware scanners. Pop-up ads, spam e-mail, viruses and worms make the use of computers annoying enough at times. With "spyware," a predicament that isn't new, but increases disrepute and concentration as use of free, downloadable software augments. Spyware and "adware" describe software that ends up on computer, maybe without the knowledge that can track where you go online and report the trends back to a organisation or advertiser. This way, the user's routine in his PC is recorded. Other way is to disable unnecessary services. Especially during online, it happens often that the site you visited asked you to install a program so you can go on with your surfing. It could be a virus-infected software that is not recommended to install. So much connection online services have the wider chance to “catch” various viruses. Evaluation There are always a problem regarding protection and more so, in computers. Now that computers play a bigger part in today's technology, its role in the advancement of humanity is increasing, but just how increasing its role, its vulnerability has always been tested. Assaults like virus, spamming, hacking, and other nasty episodes embellish too. Thus, the need of heightened cybercrime related laws should be considered by different nations around the globe. It is vigilance among agencies in the knowledge of computer protection to be able to combat. Without these, although programs/software e.g. firewall, spyware, and encryption are there, hackers will always find their way to break into the system to sow destruction, and in a way, rob truckload of cash. Employees in the banks, financial firms, protection agencies, among others, have to be well-trained about protection. Banks must continue to develop new techniques for fighting cybercrime as the threat evolves. For example, cooperation between Internet service providers (ISPs) and financial institutions needs to increase. This way, there are ways how to combat hackers. And in this way, they can exchange information about techniques. Also, e-commerce products created by financial institutions are not typically thoroughly tested for protection hasards within the institution's computer environment, a situation that will change as financial losses, as well as blows to banks' reputations, persuade them to strengthen protection systems worldwide.


Security and privacy are seen to be main factors on attitude in the context Information technology development. As the more products and services offered via new technologies grow rapidly, users as well as consumers are concerned about security and privacy issues. No doubt, privacy and security are seen to be significant obstacles to the development of Information technology. But as seen, the creation of Information Technology is one of the best creations of mankind. In previous decades, computers were not so beneficial. At the moment advantageous would be an understatement to illustrate the benefits of information technology like computers and internet. Computers and information technology are now essential. Bank could no longer function without computers these days. And just how the information technology came in a long way, the threats of destroying it and taking advantage of this brilliant work has gone a long way also. Hackers will no longer just peeped through someone else's information and vital files, but they can disrupt superfluity of financial institutions and earn them millions suddenly. And so, rigorous procedures are made to combat these devious people and wicked programs in sabotaging the system of currents top businesses. Password guidelines are being executed, anti-virus and anti-hacking programs are being set up, and other strict ways and means made to happen. But even if an organisation invented the most potent tool to protect their system from irregular occurrences, without awareness among their part, hackers and virus programs would always find their way to rupture through that system. It is persistent vigilance of today's computer shield that would thwart, if not resolve, these cyber crimes.

Source: ChinaStones -

About this resource

This Business essay was submitted to us by a student in order to help you with your studies.

Search our content:

  • Download this page
  • Print this page
  • Search again

  • Word count:

    This page has approximately words.



    If you use part of this page in your own work, you need to provide a citation, as follows:

    ChinaStones, Information security. Available from: <> [19-06-19].

    More information:

    If you are the original author of this content and no longer wish to have it published on our website then please click on the link below to request removal:


    у нас