Mirror Magazine - How secure are you?

The widespread use of information communication technology in government, business and everyday life has resulted in most social functions depending on efficient, secure and uninterrupted access to global communication networks.

Cost-effective and easy access to those communication networks have made it accessible to a significantly large portion of the population. The network itself is a repository of knowledge and information that was once exclusive to the learned, now made freely accessible to everyone. In combination, these two factors have created opportunities for users with malicious intents to exploit these communication networks to engage in criminal activity that would jeopardise the efficient, secure and uninterrupted service of those networks with the potential to cause sever damage and losses to business, governments and social safety. Thus the need for a rigorous information security discipline is being widely recognised by businesses and governments all over the world.

Security is a current topic in our society with the resurgence of terrorism-related violence. Security of information in an organisation is a critical factor – especially depending on the type and function of the organisation. For example, there is a clear need to secure information related to military intelligence, but it is equally important for many businesses to protect their trade secrets, which give them critical advantages in the corporate world.

No matter what the type of organisation is, whether it is a corporate giant or a small family, we all deal with various kinds of information and data on a daily basis. Some of this information needs to be shared and even advertised, in order for it to be useful and meaningful, while there is information that needs to be kept secret. Here are a few basic principles that can be applied to information security in an organisation.

Access rights issues
Since all staff do not work on all projects, information should be dispersed on a need-to-know basis.

In order to ensure that all the appropriate information and only the appropriate information is made accessible to each staff member, it is important to accurately classify staff members into relevant groups and manage their rights to access relevant segments of the data/information repositories. Even in a family, the children need not know everything that their parents know.

User authentication
It is vital in an environment where different people are collaborating remotely to work on sensitive projects, to ensure that the sensitive data in question is made available to the intended personnel and to them alone. Therefore it is necessary to authenticate the identity of the person behind the remote machine, in order to ensure that it is not being exploited by unauthorised persons to breach the secrecy of the information.

Secure communications
When collaborating over a communication network on sensitive projects, it is extremely important that the security of the communication is ensured. This involves maintaining the secrecy, integrity and authenticity of the data/information that is communicated.

Security of data repositories
It is very important that the data repositories (ex: database servers, web servers, email servers, etc.) are secure from physical theft, unauthorised access on-site and remotely, as well as for the data to be backed up appropriately in separate locations, as a safeguard against damage from natural disaster.

Security of hardware
All hardware used on the project should be safe from theft, wire-tapping, eavesdropping and unauthorised access, either on or off the site. Their safety should also be ensured in terms of destruction – intentional or otherwise.

Social engineering
Social engineering is a threat that is spreading rapidly. As digital information systems become more secure and hard to breach, attackers resort to breaching the information security of an organisation through its employees by luring them into divulging sensitive information either voluntarily or involuntarily. All staff members should be aware of the threats of social engineering, and should be adequately trained on appropriate defenses against its threats, such as ethical and organisational best practices, and personal security measures.

Is information security a concern for you? Write in to technopage@gmail.com and share your views.