Wednesday, October 9, 2019
Evaluation of Data and System Security Coursework
Evaluation of Data and System Security - Coursework Example The difficulty in getting this right depends upon the company and its products, if it manufactures then there is an added problem building security into its Information Technology and Telecoms (IT & T) structure on the shop floor which is not present if it is something like a bank or college which has a whole set of differing demands on security and who and where to watch for major attacks. Key words: security, networks, PC Humans in the Loop Like so many areas of IT, security would be invincible if it were not for letting people use the systems and applications, sadly this has to happen and so systems get corrupted, hacked and generally brought to their knees. Both by users and external attacks by hackers, etc. Security has been stepped up over many years as better understanding of where problems can come from and what must be done to stop them. But, now very often the very security is itself the biggest problem as it gets in the way of productive work and can cause major problems f or IT personnel trying to control users and still give them sufficient mobility to do their job well. Problems come from areas such as giving someone permissions to do a task on a mission critical application, the person goes on holiday and gives another person in the department the passwords to get into the application, that person is not well trained and promptly crashes the system on Monday morning, what then? The holidayer and substitute person will be punished then they say ââ¬Å"oh well its impossible to get permissions for something as short as a week off, but the reports have to be doneâ⬠what should managers think, it has been done for the best of motives, but the outcome is a disaster for the company security systems and for productivity. Making staff aware there can be bad outcomes is all very well, but if they find they cannot work well then human nature says find a way around the problem system or process as itââ¬â¢s no good. The other way will be for staff to say well we cannot do it because of the system and then productivity takes a tumble. Managers are left swearing at the whole mess, which has an apparently impossible set of outcomes. Security officers in various companies have tried some very harsh tactics to ensure they get rid of the bad guys, Carol Dibattiste states that as security officer in ChoicePoint where it had been attacked by a Nigerian person by the name of Olatunji Oluwatosin, who had posed as a legitimate set of enterprises and he was then able to set up 50 bogus accounts and got hold of ChoicePointsââ¬â¢ customers personal data, including names, addresses and social security numbers. When he was arrested he had to pay back $6.5 million in restitution. The problems for ChoicePoint had barely begun though, as the customers had no confidence and disappeared in droves. It was only when the company could show how well it had beefed up security that customers started to return. It now has a very harsh security system bu t feels that is better than being lax. But is it being to harsh, according to reports it will now check existing customers and if it finds something it feels is questionable even though the customer has already been through rigorous vetting it will cut them off, human nature though shows that things can get away from a small, busy company. So maybe a little to harsh today? There are measures that must be taken and then there are those that
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.