Introduction
Information Systems Security is one of
the biggest problems facing modern society technological inventions.
Information Systems are rapidly becoming one of the most important parts of the
daily life be it in the homes, businesses, organizations, and government among
other places. Additionally, Information Systems have significantly changed
people’s way of life, ways of conducting businesses and running of the
governments. Information Systems have become an integral part of daily life
because its many uses make it easier and faster to perform certain tasks or
even perform such tasks simultaneously.
Information Systems have gained huge
development and become detailed in the short time they have been in existence.
Societies have also developed along with the Information Systems thereby
gaining technological reliability in a firm digital era. As much as the digital
era has increased reliability on Information Systems, it has also increased
profitability, competitiveness, and efficiency for businesses regardless of the
size. The current technological generation has become dependent in Information
Systems. Therefore, the problems associated with Information Systems also
threaten the order of daily life activities that many people take for granted.
The critical role that Information Systems has been playing in everyday
activities has been developed near to perfection. However, there are various
problems like spamming, jamming, malicious software, sniffing, hacking,
identity, and spoofing. These problems are a threat to the reliability and
security of Information Systems.
The current problems that threaten
Information Systems have made users immerse themselves in the search for new
technology and techniques that will help in fixing the devastating outcomes.
Users of the Information Systems must look for ways of protecting themselves
along with the new technology and techniques of fixing the problems. There are
some ways that Information System users can protect themselves against the
mentioned problems. The future of Information Systems is unknown because it
lies in the hands of the users. The unexpectedness also means that there are
also unexpected problems that need a solution by the users (Ratzan, 2004).
Problems of the Current Security State
The problems facing the information
systems might have originated from either computer crime or abuse of computer.
Both computer crime and abuse have become a widespread problem since the
technology is helping malicious people to accomplish various illegal and
unethical tasks with ease. It is worth to note that there is a huge difference
between computer abuse and computer crime. Computer crime is a scenario in
which a person uses a computer in committing an illegal crime. Computer abuse
is a situation in which a person uses a computer in committing an unethical act
which may not be necessarily illegal.
Both acts have become a widespread
problem because of the evolution of the Information Systems. Before the
invention of Information Systems, data security measures were better since most
of the information were stored in paper files and some departments in an
organization where most of the users would not have an easy access to the data.
The evolution of the Information Systems has seen large amounts of data being
stored electronically instead in paper files. Therefore, data can be viewed by
many users. More users can access the data electronically instead of manually
making the data more prone to the threat of computer crime and abuse.
Spamming is one of the current computer
crime and abuse problems that threaten Information Systems. Spamming is the
practice of sending unsolicited electronic communications such as emails.
Spamming has grown because it is a cheap and easy method of abusing computer
system. Another problem under this category is hacking. Hacking is an
unauthenticated or illegal accessing of private information. The
unauthenticated access is done using Trojan horses and logic bombs among other
types of software that can easily get hidden. Sometimes the hackers may go to
an extent of crashing the entire network. Hackers crash the network by flooding
the network or Web server with thousands of false communications or requests
(Stewart, Tittel, & Chapple, 2008).
Another problem under this category is
jamming. Besides being a common threat, it can also be accomplished easily.
Jamming illegally finds a way to tie up lines to a computer. Upon tying of the
lines, the legitimate users can access the website. Therefore, illegal users
jam the lines. Malicious software is also a common problem with Information
Systems. The crime occurred when an illegal user sent computer viruses through
the Internet. The viruses infect the computer by disabling the programs or
crashing the computer thereby becoming inoperable. A computer virus can spread
easily once it is injected in the hard drive causing a widespread damage.
Malicious software destroys programs and data, crashing the operating system,
and clogging the computer memory. Malicious software causes small to a
devastating damage to a computer. Malicious software is becoming the most
common form of computer crime because of the spread of new computer viruses.
Other computer crimes and abuses are
sniffing and spoofing. Sniffing abuses a computer by letting unauthorized users
access private information about an individual. The unauthorized users use
pieces of software to cross the lines between users of the Internet and a web
site thereby intercepting sensitive data. Spoofing is similar to sniffing, but
it involves the spoofer developing a false website meant to collect personal
data and information from an Internet user and use it to commit crimes or
unethical acts. The effects of sniffing and spoofing are increasing the risk of
unsuspecting Internet users losing their personal information. Once the illegal
users collect the personal information, the unsuspecting user faces a serious
threat of misuse of the personal information thereby resulting in devastating
consequences. Identity theft is a side effect of sniffing and spoofing. It is
also the most devastating computer crime and computer abuse problem. It is a
serious computer crime, especially with an insecure Information System. It
occurs when someone else uses another person’s name, addresses, social security
number, or credit account number without the knowledge of the owner and often
with the intention of committing fraud. Identity theft can occur through either
low-technological or highly technological means. It occurs in most organizations
when illegal users access stolen electronic records from an employer. Identity
theft vandals can also gain unauthorized access to records by bribing an
employee in an organization that can access the records legally (Hawker, 2000).
Solutions to the Problems
The technological problems that have
emerged are posing many barriers to the flow of meaningful information as well
as the security of the information being transmitted. However, there are
solutions to the problems. Some of the solutions are designed as counter-programming
while others are legislations passed by governing bodies. In spite of the
solutions, there is no single solution that solves the problems fully plaguing
Information Systems and their security. Each of the unique problems requires an
equally unique solution.
The problem of junk email or spamming is
much debatable about the possible solutions. At the moment, many Internet
service providers offer user policies against spamming and some applications
that might curb the amount of spam a user’s mailbox has received. America
Online, particularly, prohibits sending of junk emails on their network cited
laws like the Computer Fraud and Abuse and the Virginia Computer Crimes Act.
There may be the application of civil and criminal penalties to email
transmission through the AOL Network that violates CAN-SPAM Act of 2003.
Furthermore, they offer Spam Blocker together with their main program which
helps to identify spam thereby preventing it from reaching the targeted user
accounts. MSN has similar prohibitions about sending of spam. It uses Smart
Screen technology from Microsoft in filtering spam from the incoming mail of
the users (Chang & Wang, 2011).
For some of the users, the level of protection
that Internet service providers present is not sufficient prompting them to
seek for alternative forms of prevention against spam. The users are forming
groups to lobby against anti-spam laws. The laws would prevent sending of spam
forms by attaching criminal charges to the culprits who send large amounts of
unsolicited emails. The United States Code 47.5.II, section 227 and commonly
referred to as The Junk Fax Law protects against mass unsolicited faxes. Much
of the language in the law applies to computers and emails. However, the
initial concept has not been tested in the court. There might be some
modifications to the junk fax law in the future to include an individual’s
electronic email address in the current prohibition against sending unsolicited
advertising transmissions to the fax machines. The law finds massive support by
a large number of consumers and the Internet service providers. Furthermore,
there are other proposed laws at the federal and state governments’ levels
which may bring a complete solution to the spamming problem.
Hacking has been one of the most talked
about topics in the government for a long time. There are various preventive
steps against hacking that administrators and users can take. One such
preventive step is the firewall. A firewall is software that closely monitors
specifically what information passes is transmitted through a computer or an
Information System. The firewall program can be to keep other users out thereby
preventing data and information from leaving the Information System or the
computer. However, the real solution to dealing with hacking is primarily
implementable through a new legislation. There are certain laws dealing with
different types of hacking. One such law is the Computer Fraud and Abuse Act.
The law covers subjects that range from knowingly accessing a computer without
being authorized to causing harm to computers without permission intentionally.
Unfortunately, there is no real solution to hacking because hacking programmers
will always match the programming skills of the program developers. The most
practical control to the problem is staying a step ahead of the hackers while
developing new and better protection mechanisms continuously (Kumar, Park,
& Subramaniam, 2008).
Jamming is one of the additional forms
of computer crime and computer abuse. Additionally, the problem is preventable
using various ways. Practicing jamming is illegal, and it is prosecutable using
some of the laws that govern hacking. However, jamming is difficult to detect,
prosecute, and define because it simulates real web page traffic. Most
administrators do not have time to check where most of the traffic to their
sites originates from. Furthermore, when administrators notice jamming, it
becomes exceedingly difficult for them to trace where it originates from or
where the sources responsible for the act originate.
Sniffing is another form of computer
crime and computer abuse that may not be detected easily. It also takes various
forms. It can be software that a user downloads either knowingly or unknowingly
onto his computer or system. It can also be a physical where a sniffing device
is placed onto a computer at the Ethernet port. A user can detect sniffing
software on a system’s hard drive by using special software designed to detect
sniffing applications. Furthermore, the sniffing programs can also be sought
out by the user manually. Sniffing applications are being constantly upgraded
making it hard to detect. However, it is not purely impossible. In the cases
where the administrators use the physical sniffing device, the sniffing
applications can only be detected by a person checking the Ethernet connection
on each machine manually. Penalties for engaging in sniffing fall under the
category of The Computer Fraud and Abuse Act.
Spoofing also referred to as phishing is
the most current and harmful computer crime and abuse. The sites and emails are
usually very difficult to spot because of the disguise form they assume. The
crime can be prevented by installation of new routers and firewalls. However, there
are instances where installation of new routers and firewalls may not be
available. In such instances, a user can use some signs to identify spoofing.
It is thought that the most dangerous form of computer crime and abuse is
identity theft. The crime comes in different forms and levels. It can range
from theft of email addresses from the message boards to stealing users’ social
security numbers, passwords, and bank account numbers. It is difficult to
detect identity theft as well as prosecuting it which may even be more
difficult. Prevention can best solve identity theft. A user should keep their
personal information close and guard it well as a way of protecting it (Thomas
& Dhillon, 2012).
Previous discussions have shown that
computer abuse can also assume the form of malicious software. Malicious
software is a program designed to harm computers and Information Systems. The
application can assume the form of a virus or a worm that disables a part of a
system or the whole system. Malicious software can be prevented and detected by
performing virus scans using programs for detecting such applications. An
administrator can perform the scans regularly in a scheduled maintenance
format. The scans can also be performed in points of entry format as in scanning
all removable disks, emails or incoming files before they are introduced into
the computer. However, the virus scan programs should regularly be updated for
them to work well (Cannoy, Palvia, & Schilhavy, 2006).
Conclusion
From the previous descriptions, there
are various current problems plaguing the security of Information Systems. Each
one of the previously mentioned problems fit under either computer crime or
computer abuse. There are various techniques that users and administrators can
use to keep the computers and Information Systems safe from the crimes and
abuses. Each of the discussed problems has certain ways through which they can
be prevented and protected against. Some of the ways may not be good for
another problem. Additionally, there are various preventive ways besides what
has been discussed in this paper. Therefore, there is a need for further
research to establish others which might be better than proposed. Additionally,
when conducting the research, the researchers should have in mind the evolving
nature of technology which also means that the complexities of preventing these
problems.
References
Cannoy, S., Palvia, P.
C., & Schilhavy, R. (2006). A research framework for information systems security. Journal of Information Privacy and Security, 2 (2), 3-24.
Chang, K.-c., &
Wang, C.-p. (2011). Information systems resources and information security. Information
Systems Frontiers: A journal of Research and Information, 13 (4), 579-593.
Hawker, A. (2000). Security and control in information systems:
A guide for business and accounting.
London: Routledge.
Kumar, R. L., Park, S.,
& Subramaniam, C. (2008). Understanding the value of countermeasures portfolios in information systems security. Journal of Management Information Systems, 25 (2), 241-280.
Ratzan, L. (2004). Understanding information systems: What they
do and why we need them. Chicago:
American Library Association.
Stewart, J. M., Tittel,
E., & Chapple, M. (2008). CISSP:
Certified information systems security professional:
Study guide. Indianapolis, IN: Wiley Publishers.
Thomas, M., &
Dhillon, G. (2012). Interpreting deep structures of information systems
security. Computer Journal, 55 (10), 1148-1156
Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in custom research paper writing service if you need a similar paper you can place your order for essay custom writing services.
No comments:
Post a Comment