Free Security Implementation Plan Essay Sample
Security can have many different terms. It can be said to be the defense mechanisms put in place to protect one against danger or injury. Information security on the other hand defines strategies that are in place to prevent unauthorized access to data. It preserves the information integrity, privacy and availability.
Social networks can be defined as a common forum whereby people come together with a main objective may it be discussions, sharing of information or for friendship purposes. They are popular online communities consisting of individuals with either a common background or similar intentions. Examples of social networks include twitter, facebook, youtube, Bibo, MySpace, chat room among others. The origin of social networks can be traced back to the creation or the start of the internet as a focal point of social interactivity. It can also be said that social networks also emerged under the ALO (America Online). Social networks are designed such that they will break the barriers of work, ethnicity, physical boundaries and help in the cross pollination of ideas between people with speed and efficiency.
Comprehensive information security
Comprehensive information security involves implementing strategies and ways that protect information systems and the information itself from unauthorized access and tampering with the data. This can be achieved by both the individuals pertaining to their own security and that of the government agency's assets. It is also to be achieved by the information and technology administrators in ensuring that they are always updated with the latest version in terms of protection against threats such as active antivirus. It should also be ensured that the computers are not easy to hack into. Effective information security systems are an incorporation of technologies, security products, procedures and a range of policies. Software applications provide a firewall by which it denies access from the outside to secured information
The United States government is on the verge of creating and releasing its own form of social network called "statebook" which will be used to relay information within the government agencies mainly for government officials and diplomats. It will also be used to post information by potential employees that other potential employers can validate. Such social networks as released by the Homeland Security Department it networks various departments such as law enforcement, emergency medical services, and emergency management personnel among others. The Camp Pendleton Scout News Online hosts the twitter ands facebook accounts that provide useful information to the base community. They are opening these social accounts as a way of boosting the marines' morale to work and helping out those who use the internet to do their work effectively. According to a recent marine release, it will help in expanding their knowledge and information for the Marine Corps Institute.
The very main threat to information security is the users themselves as they can compromise the security policies knowingly and unknowingly. Simple procedures may come in handy such as changing of passwords often enough. These computer users should constantly be reminded on the importance of security and of what value the data and information is to the company, organization or even the government. They should also be aware of the kind and degree of damage that may be brought about by either misusing the information or making the in formation available to unauthorized people and personnel.
Pros and cons of social networks
In order to understand the extent to which security is important we have to understand in what way social networks can affect information security. There are many pros and cons when it comes to social networks. The advantages include getting job offers when one post information concerning themselves on these social networks. Some networking sites allow people to advertise their business and it is very easy to make sales. People are also able to reconnect with lost loved ones or even friends that one has not seen in so long. Social networks also provide a relaxing way to unwind. It also allows of creating communities with a common or uniting factor such as common interest. This of late has brought the growth of groups such as artists together. Also groups of people with the common interests such as conservation have also come together. His has lead to the expansion of knowledge to many areas some of which are remote.
Social networks have also made the allocation of help to those in need very fast. For a good example, when Haiti was struck down people were able to come together and review ways in which they could help. Many groups were formed on the social networks with some asking for financial aid. Also social networks help in politics. In the very recent elections in the United States, presidential candidates used social networks for their campaigns. It also has opened up ways in which the public can mingle with those of higher authority. Companies and organizations have taken up to advertising themselves on social networks and are receiving great sales as they are seen as flexible.
Schools have also benefited from these social networks. Chat rooms such as gmail chat rooms, facebook chat rooms among others have been of benefit to students as they are able to hold discussions online. Lectures have also been simplified as students do not need to physically attend the classes. They can hold discussions online over social networks with other students and their lecturers. Among the disadvantages of social networks include stalking by strangers. This happens especially when one has posted information about themselves such as home address, phone number and so much more. It becomes a serious reflection of character considering the information that one has put up on their social networks. Employers for example take this seriously and students especially those looking for employment or internship may be turned down. Social networks greatly affect the output by employees as majority, if not monitored, take a lot of time on these site.
Among the most dangerous use of social networks is the threat of viruses and Trojans. These can be activated through downloads in which case the user does not understand that some downloads through acceptance of the terms of agreement specify the distribution and access of the threat. Social networks are rich in applications that allow a user to upload and also download information. This poses a threat as one can unknowingly who download viruses whereby by clicking or signing of terms and the conditions would be consenting to the deployment of the viruses or Trojans
Social engineering attacks are a way of manipulation through which one is tricked into doing the attackers bidding. A good example could be in response to a phishing email and entering your credentials to a fraudulent website. There are also many other ways of social engineering attacks such as responding to lottery winnings. As a result it may lead to identity theft and even finance fraud. Social engineering attacks may also trick one into infecting their own system. They can come in many forms but it all turns out to be either backdoor Trojans or keystroke loggers.
New threats are emerging such as those of public-facing websites and proliferation.
In order to understand the extent to which security is important we have to understand in what way social networks can affect information security. It is becoming increasingly important to have information security as social networks continue to grow as types in risks and other ways of accessing the information increase. Organizations reactions to social network are mixed as some see them as an effective way of disseminating information to customers, staff and partners. Those with this mentality use technology to build better relations and also maintain contact. In other organizations, such technology remains below the radar while in others it is totally banned. The perspective many organizations and companies have is not mainly on the potential risk that they subject themselves to, rather they are mainly concerned by the time wasted while on the social networks.
Ways in which a social network may affect a company are numerous as through social networks people or employees can post negative comments about the company. There can also be legal consequences if they use the sites to view illicit, unethical and offensive materials. Threats are changing and so is security. Take for example someone who relays information about a company's losses way before the company informs the market. This information can bring bad reputation to the company, though the leakage may be accidental. Data aggregation is also another problem that concerns security of information over social networks. This means the many ways in which data can be collected and could bring about identity theft for either an individual or a company as a whole. With all the possible risk that manifests themselves through social networks, it is important to undertake risk assessment test in order to know which information is most crucial and how to protect it. This will help in knowing what security policies need to be implemented. It would be logical to close down all social networks but on the other hand its illogical based on the much one can achieve from them too. Organizations should find balance between usability and security. Usability defines how well a user can use the system and too much security can render a system unusable. Excessive security or what is known as lock-down may hinder productivity and innovation.
The government in its upkeep with the trends in technology has upgraded itself into using computers to efficiently and effectively meet their desired goals and objectives. The information stored therefore in government computers is of most importance and should be protected no matter what. How then can the users of these social networks be kept safe, both the individual and the information itself?
System security threats to data and information
Common security threats to data and information security include bugs and backdoors. A software bug is anything that causes unexpected behavior. Software bugs are caused by bad programming techniques. They pose a threat in the matter of which they expose data and information to greater opportunities to attackers. They can cause a computer system to crash and therefore give the hacker a chance to bypass access control. It should therefore be of concern to all government agencies to ensure that their computers do not have computer bugs as they could make information security hard to implement when the users are on social networks.
Another form of threat is the back door. This means a direct entry point into software that bypasses all of the present security control protocols. Impersonation and identity theft is having control through compromising someone's password. If government agencies have their employees using the social networks that contain information concerning themselves, experienced hackers can determine how to manipulate the information and hack into the government agencies' computers.
Comprehensive plans to information security for social networks
1) Information security awareness and training
Social networking might be the only way to become accessible to the public. Further more government agencies cannot let themselves become vulnerable to information insecurity but on the other hand it cannot totally shut out this form of communication with its citizen. In the latest release by the Department of Defense, it has allowed the incorporation of internet based capabilities within its DoD components. It however has to gear up ways in which it can defend itself against malicious activities on the information networks and also prohibit the access to unethical content sites such as gambling and hate -crime related activities. The goal of training should be to protect the government's confidentiality and integrity as an entity and also on its assets. As precaution the government agencies employees are not allowed to post sensitive or classified information on the social networks. As a way to combat this, any offenders of this are punishable under the Uniform Code of Military Justice. Training should be continuous.
Such training should entail aspects should include that one should not reply to pop-ups or emails that ask you to send confidential information such as phone number, home address and even account information. Though at times one may end out losing if they do not share some personal information, one should only do that with a company or a trusted person. Also one should be aware of whom he or she is dealing with. Over social networks one can easily share documents that are stored within the government agency computer that he or she is using in such cases it becomes very easy for any hacker, professional or otherwise to hack into the computers and access important information and data. Precaution should be taken by posting the address available to the internet and if the resulting information is unfavorable then the business may be a scam.
File sharing has a lot of risks that come along with it. Lack of proper settings would give access not only to the intending information that one has to share but to also information that may be in the hard drive. It may also bring the downloading of malware and other threats that might be labeled as other things. Within the government computers there should be automatic updating software. This is inclusive of anti-virus and spyware software. Information and technology administrators should understand that the best protection from current threats is only if the software is also updated currently. During the training and awareness of the information security, the users should be also taught on how to scan their computers to ensure that all threats that are detected are completely deleted and the computer protected. Spyware software is installed within the victims' computer that monitors the users' activities in the internet, redirecting the user to other websites, keeping records of keystrokes which in turn will be used which could be used later for theft and identity theft.
This can be accomplished through many ways. This involves monitoring how employees behave on social networks and the amount of time that they use on these social networks. First and foremost these sites should only be accessible only when the workers or employees are at their free time and not during working hours. Information security policies, as a preventative measure, should be included in the employees' employment terms and conditions. This means that there should be a business justification for one to use these sites during working hours and any breach in security policy will definitely be a breach of contact. Target attacks through cyber attacks are also very common and as the federal government continues to open gates ways to social networking it is also very important to defend themselves against such attacks.
Other ways include use of emails as they are relatively more secure though not a hundred percent safe. Government agencies should have email servers that help monitors, filters and retains the departments' emails. This technology also prevents the users from downloading viruses and Trojans. The government should also prevent access of third-parties communication sites. This can be implemented through the use of "Lockr" a technology that helps the user retain only one of the user's social networks. In order not to miss out on the positive effects of social sites, the government can use technologies such as Nutshellmail which converts all out-going and incoming messages into an email format which is more secure. It therefore monitors and retains the messages using the same. Through Total Information Awareness the government can create a database in which it can monitor the activities of its employee's security.
3) Enforcing access control.
Through enforcing of network access control (NAC) makes it easy to recognize which end user is in compliance with the company's security policies. Upon this one can refuse a user's computer to access the company's LAN until a feedback report from the user's PC shows that it has the latest updates of the company's antivirus. Furthermore the latest NAC has evolved in order to making sure that there are automated ways in which the end user's software's are updated. It also is an advantage to the government agencies on the look out for information insecurity as it periodically monitors the user's behavior while on the network.
4) Implementing prototype architecture
Through this way, users of social networks are able to keep control over their information and data without the influence of third parties. In this case each user has a trusted circle through which they can access the information.
a) The government on its computers should install a way in which it is able to filter the information that is being transmitted over the social networks within its premises. Filtering controls which can be implemented include email filtering, IM filtering and web filtering. Filtering threats that are brought by web 2.0 or social networks include both the IM and web filtering.
b) IM filtering enables the scanning for malware, data leaks and illegal or inappropriate use, phishing, spyware, increased bandwidth usage and lost productivity. IM should be noted that it's a prime area for data leakage either accidental or intentional. Although it is logical to lock down on the IM, it would mean that the government will miss out on the many benefits that are associated with it such as rapid file transfer. Parameters should be set in which it will ensure security when the employees use it for the rapid transfer of information.
c) Web filters on the other hand can be implemented as they easily and quickly detect and terminate threats of adware, malware and spyware. Web filters blocks the download of these threats through customized used of limit download bandwidth by users when they are most prone to use the internet. It is also through this filtering software that the government agencies can keep track of requested user sites which can be compared to a list of allowed sites (Montgomery, 2002).
d) Payload identification. Government agencies can also deploy the use of web filtering through which it can use the concept of payload identification. This means that it detects the amount of damaging material that is contained within a given packet. Payload identification ensures that the system controls are not fooled by the false type data types. It also determines contents that breach policies majority of which bear watermarks, words such as confidential information and personally identifiable information.
6) Use of vulnerability management.
This defines any kind of malware that might pass undetected by the web filtering gateway. Detection is based on analysis of data behavior which might seem abnormal in any way rather than tracking down the vulnerabilities. This kind falls under the zero-day variety. This means that it takes advantage of vulnerability of the security on the very same day that the vulnerability becomes publicly known. It poses a big threat as there might not be any way of handling until a period of days after.
7) Use of antivirus
An antivirus can be described as any software that can be used to detect malware, viruses, Trojans, and other threat and delete them or protect the computer system from the damages. In a cited case dated 2008 showed that US military laptop used in the Middle East was infected by a malware that allowed data transfer from the infected the infected machine to foreign machines and according to the Pentagon this has been the worst case of computer breach. If there was an antivirus the malware would have been detected.
8) Implementation of wireless network security
Those in the government agencies that access social network through laptops or through any other kind of wireless should be configured to strong data encryption as a way of preventing data breaches.
9) Strategic ways of disaster recovery
It is not always that information security techniques that are in place will detect and protect the information with the government computers. Therefore it is wise to have in place a strategy that will enable recovery should bad come to worse.
10) Comprehensive risk management and assessment
It can be defined as the net measure of vulnerability considering the impact in occurrence. Risk assessment is the process of identifying threats and the likelihood that those threats will make the organization's information vulnerable. Risk treatment on the other hand is ways in which we respond to the identified threats. Risk analysis is also known as risk assessment.
11) Use of backups
In this case any work that is in the government computers should have backups in different areas that are not located in the user's computers. This is because through social network it could be very easy for a hacker to hack into the computer and illegally access the data and information. The government should use cloud storage. It is sure enough that the information stored by the government is of high importance and the formats used continue to increase. It therefore becomes an architectural importance to have the right way to store and retrieve this information. Technologies are available that will help in reducing the expenses and infrastructure cost. Cloud storage therefore helps the government to pay online for the space they need to store the information and data off site. They are advised to put non important information on such cloud sites in order to test the efficiency and reliability of such sites. Storage virtualization is used to optimize the storage space. This happens in such a way that administrators are able to manage technology from different vendors by putting intelligence in front of them. Other storage efficiency technologies include products that can involve cloning, duplication and replication of information and data. This helps the agencies by minimizing the amount of data while also preventing under-utilization of storage. Agencies should think critically about all the information they are going to store according to the set of expectations and business rules.
12) Implementing keystroke logging
The reason for using this is that:
It is used for testing and quality assurance- this mainly for testing software so that they are not prone to human errors and attacks. Malicious attackers can use the keystrokes to generate passwords, credit card numbers and other personal information. The keystroke requires the attacker to compromise the computer by installing their software and then compromise the computer in order to retrieve the information. This two-factor authentication minimizes the attack to data and information.
13) Use of firewalls
This helps to keep off hackers from your computer from sending information without your knowledge or permission. It acts like a guard of which it denies outside attempts to access the computer system that the user could be using in which case, the government computers may be storing very important information.
14) Keeping of the web browser and operating system up-to date
This is by making sure that the operating system is frequently if not often updated. In addition the online security can be changed or upgraded by the changing of the in-built security and privacy settings that exist in the operating system and the web browser.
15) Use of passwords
This is often regarded as common sense but many ay not realize the importance of passwords. Passwords should be kept in very safe places and should not be shared on the internet or with other people apart from those that are intended to know. Hackers may try to get a hand on the passwords and should therefore be made hard to crack. Passwords should consist of more than eight characters inclusive of numbers and symbols. One should also not use common words as some hackers use software that can try every existing word in the dictionary. Also one should not use personal information as a password and the passwords should be changed often enough maybe in every three months.
16) Comprehensive back-up for important information
It should be understood that every system is not always completely safe. Therefore backups should be created in either other external hardware, flash disks and other forms of backups.
Looking therefore at various advantages that come with having social networks within the society, the government agencies that are opening door ways to this new technology should brave themselves for the threats and information insecurity that comes along with it. Should it plan to open the networks or create their own social networks in the hope of administering efficient and effective ways of communication, they should make sure that those who intend to use the social networks are made aware of the policies and ethics behind social networks. The information and technology departments within these agencies should be top notch on the current means of protection against threats such as malware, Trojans and viruses. They should also be aware that as long as new technologies are being invented, those wanting to penetrate the security systems are still trying to create better ways of hacking. Therefore offering protection should be a daily thing.
Training of the users should also be done frequently enough so that they may always be informed on the trends. Those who go against the set codes of conduct should be punished as the information leaked out if of outermost importance and can jeopardize a lot of people, companies, organizations and the government as a whole. The agencies should be ready to handle all these kinds of threats. It should think clearly whether it wants to really protect its people by not intending to open social networks on government computers or should it fall victim to the wants and demands of the public without considering the effects that that will bring about. The best advisable way the government can protect itself should be to involve those that have cracked its system and attained information though the enforcement law has caught up with them. It is clear enough that they have seen the flaws or loops that the system had and that was the only ways in penetrating to those systems. The government should use these 'geniuses' who have surpassed those information technologists whose main aim is to protect the system. It could also be an idea to open up institutes that will specifically be for training people in areas that concern government information security. These people should also be trained in ways to combat future or day zero kinds of threats. It is not always that the systems will a forever be safe, but efforts that are put out to protect the government information and data will make the agencies feel better and safe.