The information systems identity crisis essay

For thousands of years already people need to exist in communities, this means, that communication is the key element, connecting them and coordinating their cooperation. Along with technological development in all our life spheres, the development of communication means was also moving quickly forward. Such inventions, as radio, television, telephone played vitally important role for making the process of communication quicker and easier. The greatest breakthrough in the field of communication technologies was brought without any doubts by the creation of Internet and all the means, which can be used with its help. Internet nowadays is one of the perfectly suitable and equipped means for storing and transferring any kind of information, including text, video, photos. The system is initially worked out as demanding the authorized access to any type of data, however, the preserving of privacy and security still remains the key task for our digital world. “Unauthorized access can be detrimental, resulting in financial loss, the release of confidential information, damages to computer systems, costly staff time to restore operations, diminished reputation, and embarrassing changes to a website by cyber vandalism” (Alter, 2006:12). Computer networks are in use almost in all businesses and organizations, state and private ones. This is the main reason, why high-skilled professionals in the field of computer network security have become an integral part of any organization. Further in this paper we are going to study the notion of information system, the possible ways of attacking it along with various security means, which need to be applied, to guarantee its operability and security.

Along with development of Internet and its resources, the notion “information systems” appeared; it is generally defined as “the study of complementary networks of hardware and software that people and organizations use to collect, filter, process, create, and distribute data” (Agarwal and Lucas, 2005: 2). Internet contributed to development of strong connection between the computer science and business, giving the possibility to use various computer resources and algorithmic processes for optimizing the work of business organizations. Computer information systems “is a field studying computers and algorithmic processes, including their principles, their software and hardware designs, their applications, and their impact on society, while IS emphasizes functionality over design” (Alter, 2006:16).In this case the information systems serve not only as means of exchanging of the necessary information, but also as a way to support all the processes in all business spheres. Computers and software are constantly involved into working out the business plans, into the actions for realization of these plans, in retrieving the information and manipulating with it and so on.

Long before the development of computer systems, various systematic approaches were considered and worked out with the aim to control the information flow as well as ensuring its secure flow, transmission and storage. Nowadays, the security of computer systems, information systems is of the highest importance for all businesses. There are a numerous ways of protecting the information, but first we are going to start from the main types of attacks, which could be done with the aim of retrieving the unauthorized access to information. The most general feature of all computer attacks is the usage of technical or human weak points. To human weaknesses usually belong the mistakes, made by inexperienced users, bad physical security for example. Technical weaknesses include not sufficient protection features, drawbacks of implementation and so on.

It is necessary to mention from the very beginning, that it is close to impossible to enumerate and list all the possible technical attacks. This happens because there are certain attack patterns, which could be used in multiple combinations and are limited only by the inventiveness of the attackers. Usually, serious attacks involve several techniques at a time. So, we are going to study only the general ones.

One of the first examples of attacks is the so-called “sniffing”, which means the presence of an uninvited listener, who doesn’t detect himself. Sometimes, it is substituted by the term “eavesdropping”. This attack type is based on the usage of a “covert channel”, being an additional channel, not foreseen in the initial version of the program, thus violating its security.

Reply is another form of attack, which involves inserting of information into the system and passing this information to the final point, as a result sending an attack towards the system. It is often used in order to get the access to some information, via making the receiver refer the attacker to a trusted party.

The process of transition of any data is also rather vulnerable to attacks, often the data can be modified and the necessary password is retrieved. Attack of data in the process of transferring is more sophisticated as attacks against persistent stores, it belongs to the category of “file manipulation” attacks.

Automatic detection of attack is often applied as the means, for securing the systems, at the same time it can be used as the means for intrusion, if only the response of the intrusion detection system is delayed and there is enough time for retrieving the necessary data (Rainer and Cegielski, 2009: 12). This type of attack got the name – denial of service.

Forced restart of re-installation can be used in case of necessity to introduce some malicious software. When the system requires the re-start because of some mistake, this software is installed during the process. This technique is widely used, because the general rule confirms, that backup resources usually are less secure, than the initial resources.

“The term “hijacking” is usually used to refer to an attack that involves disconnecting a server resource in some manner from a resource channel and replacing it with a different server resource” (Rainer and Cegielski, 2009: 13).

We have listed only some most well-known and used techniques for breaking the security of information. From this list, we can already assume, that there are numerous ways to get, to transfer and to delete the needed information, without permission of the official holder of this information. Thus this long list only confirms the idea, that strong information security system, operations, resources are remaining actual for any information storage, including personal data, as well as any business or social storages.

Passing to the research of the ways to secure information, we need to define the notion of information security in general. “Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction (Alter, 2006:23). Usually two key components of information security are pointed out: information technology security and information assurance. The first one includes the set of means, worked out by the IT security specialists, in order to protect various types of data for large business organizations, able to stop any kind of malicious attacks. Information assurance is used to save the information from being lost due to some critical situations, for example malfunction of a computer or server, natural disasters and so on. One of the methods here is to create a backup possibility for all important information. Both components are vitally important for normal operation of most military, health care, financial institutions, various types of businesses and finally for sustaining of privacy of all people, using computers.

Usual people are used to the advantages brought by Internet, unfortunately rather often they forget about the necessary steps to ensure their security. At the same time there are enough individuals, who see the advantages of Internet in the frames of some criminal activities. The simplest things, which people should always do, is to control their bank accounts and credit cards, be careful about giving out their personal information, such as telephone, address, personal data to some unknown online resources.

Certainly even if all these steps are taken, they can not guarantee complete security for information and data. In order to resist constant illegal attacks a whole system of Internet security was worked out to deal with “hacking, where unauthorized users gain access to computer systems, email accounts or websites; viruses and other malicious software (malware), which can damage data or make systems vulnerable to other threats; and identity theft, where hackers steal personal details such as credit card numbers and bank account information” (Agarwal and Lucas, 2005: 2).

Most of Internet users are used to the word “virus”; in fact this notion includes the malware, such as viruses, worms and Trojans. Viruses and worms are able to spread from one computer to the other via downloading of some data or using USB flashcards without previous checks. Trojans are used to steal the needed information such as passwords or financial data. In order to protect the computers from the above-described problems it is necessary to install the corresponding anti-malware Firewalls also help to control the incoming information, based on special rules, they define the dangerous information, such as malicious codes for example, also they are able to prevent uncovering of the information from networks.

All Internet users need to install browser to use the Internet resources, some of them have security flaws, that’s why it is so important to choose the secure one.

The most widely used way of transmitting of information today is electronic mail. In order to secure the information, which is sent, it is necessary to use special anti-malware applications. Thorough control of the incoming emails should help not to bring virus or worms to ones personal computer.

Most of the businesses, private organizations, as well as state institutions have their own web sites, this is the easiest way to present information and to attract people, clients. Often the owners of websites suffer from DoS attacks – Denial of service. This type of attack makes the usage and access to the web site impossible. Firewalls and special systems, called “cleans pipes” are able to solve this problem (Agarwal and Lucas, 2005: 3-4).

The last, but not the least important way of securing one’s information is controlling the data by the user himself. No anti-malware or firewalls are able to save the system and the stored information, if a user gives out the passwords, not carefully treating his information. Overall, in this paper were have studies the key notions, related to the modern information systems, including the nowadays ways of storing and transferring of information; we have stopped at some most widely used techniques of breaking the system security and ways of attacking the information storages; finally, we discussed the possible technical ways of securing information, along with influence of human factor.

Do you like this essay?

Our writers can write a paper like this for you!

Order your paper here.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...