1. 0 INTRODUCTION2 FACTS AND FINDINGS2 2.
4. 1 Passwords6 2. 4. 2 Data Encryption and decryption6 2. 4. 3 Historical and Statistical Logging7 2.
4. 4 Closed User Groups7 2. 2. 5 Secure Transmission Facilities7 2.Order now
2. 6 Firewalls7 2. 2. 7 Physical security8 APPENDIX B9 APPENDIX C9 Security: How do you secure business Information 1. 0 Introduction As we know the need of data communication becomes vital in the 20th century as we call it ‘Information Age’.
Both business and government were concerned with security and the need for data security becomes evident. Therefore the computer processing, centralised database storage techniques and communication networks has increased the need for security. The concerns about security of an organisation is not directly depend on the data communication related areas but also the control mechanism which implements, restricts and protects the threats from in and out side the organisation. This report proposes the need of security and ways in which the organisations secure their business information will be discussed.
Facts and findings 2. 1 What is Security? “ Security is the state of mind” 1 An example is mission impossible one of the detective movies who show how easy it is to tap a telephone- Although it is illegal unauthorised access is gained, damage can be done to sensitive data if leaked from one company to another which can provide criminals with the electronic gold mine of fraud opportunities. 2 so this justifies the need for security. Many definitions say that security means “…. .
unauthorised access, such as preventing a hacker from breaking into your computer” (Fitzgerald and Dennis, 1996, pp426). This statement shows the importance of the computer security, because the computer data storage device such as hard drive and other computer storage devices, which contain the information to use efficiently within organisations, should be prevented. The means of security can also be the physical control of the information that should be prevented from loosing and to be prevented from natural disasters which is called ‘traditional security’ according to Fitzgerald and Dennis (1996). 2. 2 Why Organisations need security? As discussed above, the organisations in this century more increasingly depend on data communication for the daily business communication, database information retrieval and the internetworking of LAN’s.
This led the management into more consideration on converting manual operations into computerised systems and relay on them. In fact, organisations then considered that “…. many potential hazards such as fraud, errors, lost data, breaches of privacy and the disastrous events that can occur in a data communication” (Fitzgerald, 1984, pp620). The above consideration statement was considered about fifteen years ago but still holds valid reasons. Computer and network address three requirements 1 Securecy Requires that the information in a computer system only be accessible for reading by authorised personnal or parties. This type of access includes printting, displaying , and other form of disclosure, including simply revealing the existence of an object.
2 Integrity Requires that the computer system access can vbe modified only by authorised personnals. Modification includes writting, chaning, changing status, deleting, and creating. 3 Avalibility Requires that the computer system access are avalible to authorised personnel. 2.
3 Do Organisations need a security policy? The essence of security operations is managing and controlling access to equipment and facilities within an organisation. The crux of the security problem is providing simple and inexpensive access on a wide-reach basis even protect the physical securities from harm and sensitive information from unauthorised users. Therefore, the organisations can define their own security policies and responsibilities for various aspects of security within, which would lead to a great successful in reducing the threat of the organisation. (Keen, 1994).
In an article called ‘PC Magazine’ by ‘Lindhe’ (1997) brings the same argument that the first step should be either to devise or to revise a comprehensive security policy for the organisations and that should be educated to the employees about their responsibilities for protecting the organisation’s information. (Appendix A) Types of Attacks There are two types of attacks involved in release of message contents and traffic analysis. A release of message contents is easily understood . A telephone conversation, an electronic mail message, a transferred file may contain sensitive or confidential information. We would like to prevent the opponent from learning the contents of these transmissions. The second .