Itm 431 Module 1 How to Achieve Business Information Security in Cyberspace

Only available on StudyMode
  • Download(s): 119
  • Published: January 27, 2013
Read full document
Text Preview
In the 21st century, a business without a network mirrors a city with no roads. Small businesses, in particular, arguably have a greater need for network connections and information systems. Small businesses rely on information systems for several things, to include their communication and customer database. Small businesses rely on network connectivity for communications. With the advancement in Voice Over Internet Protocol (VOIP), many businesses are using the internet to save on phone costs. Additionally, it is common for a business to have an in-house communications system. Take some installations in the Air Force for example; they use an Instant Messaging (IM) service for member-member contact. Many times, it is easier to reach someone through IM or social networking. However, these commodities present their own challenges about IT security. However, that is not all that needs protection. In fact, in a more broad view, communication is viewed as a small bite. When a business sells its product/s online, it is at distinct advantage over mom and pop stores because they have to collect certain data to complete the transaction; shipping, credit card, billing, and personally identifiable information (PII). (Bradley, 2010) This system is located on a network accessible to employees in order to conduct business. Companies are not only morally obligated to protect customers’ information; it’s the law. The May 2002 Financial Information Safeguards Rule requires businesses to develop a written information security plan that describes, among other things, the specific ways their employees should protect consumer information. The plan must be appropriate to the business's size and complexity, the nature and scope of its activities, and the sensitivity of the information its employees encounter, and must be regularly monitored. (Federal Trade Commission, 2002) The company must consider all areas of its operation, including three that are particularly important to information security: employee management and training; information systems; and managing system failures. (Federal Trade Commission, 2002) These rules are in place to provide customer protection from theft or misuse.

The top ten most common database attacks are excessive privilege, privilege abuse, unauthorized privilege elevation, platform vulnerabilities, SQL injection, weak audit, denial of service, database protocol vulnerabilities, weak authentication, and exposure of backup data. (Schulman, 2012) The majority of these attacks can be mitigated by firewalls, password protection, and appropriate permissions. A firewall is a system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet (i.e., the local network to which you are connected) must pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. In protecting private information, a firewall is considered a first line of defense; it cannot be the only line of defense. Firewalls are generally designed to protect network traffic and connections, and therefore do not attempt to authenticate individual users when determining who can access a particular computer or network. Furthermore, firewalls can be set up to prevent employees from accessing certain content or downloading programs onto the system. (Indiana University, 2012) However, firewalls only prevent and block so much. Since the firewall is the first line of defense for cyber attacks on a network, there has to be something in place in the event the firewall fails; the password. Today, good password security strategy is more important for the business owners to keep any kind of their business information privacy...
tracking img