IT Security in the 21st Century

The most dangerous attack on any infrastructure does not come from an outside source; the most damaging attacks on business will come from within the business itself. These internal threats are often posed by trusted members of an organization. It is a simple correlation where the more clearance and access to information a person has the more damage they are capable of inflicting. This truth has caused businesses to invest in not just external security measures that prevent outside attacks, but in internal security measures that prevent the people within the company from inflicting mayhem as well.

Implementing cyber security measures in order to protect a business from itself internally is not a one-and-done action, where a business implements an internal security system that results in the business being magically protected for the entirety of its existence. Operating an internal security system is an ongoing process that must be sustained as long as the business wishes to be secure. In his book IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms, author Simone Fischer-Hübner describes this ongoing process. The book provides a detailed plan for businesses to maintain a privacy model for businesses looking to enforce privacy rights. The plan is a great resource for businesses looking for a way to maintain security in the continuously evolving field of IT (Hubner, 2001). In order for a business to be continually protected from within it should follow a four-step cycle. This cycle includes developing, implementing, managing, and validating the solution to the potential security risk.  

One continuous, preemptive security measure used to prevent internal attacks is the event viewer security log, these logs work on a system of success and failure audits. For example, when an employee accesses his/her work account using the proper user name and password a success audit will be tallied. On the other hand, if an employee attempts to access an account and fails to do so, a failure audit will be tallied. Logs such as these must be continually checked for irregularities in employee logins. These logs are very useful because, if a certain employee has a large quantity of failed logs this can mean that the employee has been attempting to access information in an account where the employee has no business being. Passwords have been significantly helpful in protecting information over the years. A research article titled A High Security Log-in Procedure discusses advances made in information-sharing systems and evolving techniques as the shift to password coding in IT has been made (Purdy, 1974) After identifying the log in inconsistencies further measures can be taken through personally investigating the employee or if necessary terminating his/her employment in order to further ensure the security of the company. These logs are also very secure only allowing administrators to view them.  

Event viewer security logs provide additional information beyond simply the exact time and date that a specific employee fails to log in correctly. These logs provide the administrator with the name of the exact computer that was used and the name of the application that was used to trigger the event. Security logs will also provide each event with a unique event ID number and categorize each event for more convenient monitoring of employee activities. 

Two activities that can be warning signs of an impending internal attack that businesses must stay wary of are installation and deletion as described in the article Detecting Attacks on Network in the information technology journal Computer. The installation of foreign software into a closed network can wreak havoc and must be investigated and removed by an administrator as soon as possible (Herringshaw, 1997). Deletion is a slightly more problematic situation if an employee is deleting information that he/she is already authorized to access an attack may already be occurring. This means that the security measures have been altered from attempting to prevent an attack to damage control while making an effort to regain the deleted information. 

When these violations occur it must be determined whether the violations were either accidental or intentional. Under the happenstance that these violations were, in fact, an intentional measure must be immediately taken. Just like any attack it is helpful to look through the attacker perspective this can be done by ranking what are the company’s highest value targets, the areas of the network where if attacked would cause the greatest amount of damage. This security measure is where potential risk is determined. The article Attack  Modeling or Information Security and Survivability discusses how engineers prepare for potential risk. Where engineers can utilize failure data to improve their work, the field of IT does not allow for security systems to fail for them to make improvements upon. Therefore, it is the primary concern of the information security specialist to focus on assessing risks and preparing for them ahead f time (Moore, 2001). Risk can actually be determined by businesses through a mathematical equation. Risk equals the probability of business exploitation multiplied by the potential business impact. Naturally, the area with the highest level of risk will most likely be the attacker’s next target.  Once the next target can be identified so can the attacker. These security measures are designed to distinguish real threats from false flags so that once the real threat can be found and then promptly neutralized.   

Another security measure that a business can utilize in order to ensure the safety of its assets is to continually run background checks on its employees. A great number of businesses run background checks on prospect employees during the hiring process however few continue to run routine checks after employment has been established. Especially with regards to administrative positions, it is a prudent idea to take extra measure to make sure that a company’s employees stay on the up and up. If suspicious activity appears on an employee’s background check, the company should then take the correct disciplinary measures to make sure that the employee is not a threat to company security.

In conclusion, with all of the benefits and advantages of the advancing world of electronic information technology presents to us, an added dimension of risk is presented as well. Instead of information being recorded with ink and paper, only able to be accessed physically, the virtual world of the internet makes information instantaneously accessible around the world. As the saying “with greater privileges comes greater responsibility”, the wealth of information we have been able to unlock in the previous year’s comes with its respective level of responsibility. It is the responsibility of IT professionals to be aware of security risks and find solutions to these risks before they even take place. Several methods in being aware of and addressing these risks were discussed in this paper. As security measures evolve, so will hacking and malpractice efforts, after which security measures will have to evolve again and so on. Perhaps one day we will live in a world where people no longer have a reason or motive to hack into one another’s information. Until then, IT security becomes an increasingly important issue as we continue using electronic information systems in our daily functions.

References

Herringshaw, C. (1997). Detecting attacks on networks. Computer, 30(12), 16-17.

Hubner, S. (2001). IT-security and privacy: design and use of privacy-enhancing security mechanisms. New York: Springer.

Moore, A. P., Ellison, R. J., & Linger, R. C. (2001). Attack modeling for information security and survivability. Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst, 001, 32.

Purdy, G. B. (1974). A high security log-in procedure. Communications of the ACM, 17(8), 442-445.