Electronic Security Risk Analysis

Electronic Security Risk Analysis

Electronic Privacy

[Student’s Name]

[Institution Affiliation]

Introduction

There are a lot of issues that can be depicted from this description. There is minimal if not none of electronic privacy policies that have been implemented in various companies. There are a lot of loopholes that intruders can use to get into the electronic systems. With the popularity of the Internet which has become one of the popular medium of communication. There two categories of precautions and steps that need to be implemented in an organization in order to curb electronic privacy issues at stake. These two are the technical issues that need to be taken into consideration and the people issues. The technical issues can further be subdivided into two which will comprise of the physical issues and the logical issues in an organization. The physical issues include the physical precautions that should be done or bought like buying intelligent routers and building a protection in the organization’s premises. The protection will eradicate the outside world from getting into the premises of the organization. The logical issues include things like installing and implementing firewall in the network.

Electronic Security Risk analysis

One of the risks that an organization stands falling in is that the intruders can get into the electronic system without much struggle. This is because there is no firewall which has been installed in place. The firewall is a logical setup where the network will filter connections that are being made to the network. Only authenticated connections are allowed to the network (Charles, & Shari, 2001). This is a very important precaution which should be implemented soon. The firewall will also help an organization to monitor their employees; there are some sites like Facebook which rob an organization of work time because many of the employees using an organization time. The use of the firewall helps in regulating the use of such sites. Another risk is that of losing the integrity of data. This is because the professionals, that organizations deals with, like the lawyers and the medics have no data privacy. Each Dick, Tom and Mary can access the information and thus the data they deal with loses their integrity.

Another risk is that the data is not properly guarded and monitored in the electronic networks of organizations. If there is a problem that will arise in the network, it will be difficult to diagnose the problem. This is because there is the use of one switch which does the connection to all the nodes in the network. If there is an infection in one of the computers, it will be easy to transmit the viruses to the rest of the network. Company information which is confidential is not guaranteed of their safety. There is some information which should remain with the management alone. With the use of one switch, gaining access to this information will not cost any much effort even for the most amateurish computer user (Charles, & Shari, 2001). Hacking into networks is a reality now than ever before. Having a company with this setup is a ticket for inviting trouble to an organization sooner than expected.

There are no clear policies which have been set in place for the usurers to follow. These rules should be imparted to all the employees and will involve the implementation of passwords that should conform to the national or even international standards. The passwords should not be shared with anyone. All employees to an organization should be educated to get the importance of authentication in the network. The presence of instances where the employees do not log out of their machines is not good because someone can use somebody else accounted to cause malice and harm to the network. All users should have a profile in the electronic system of an organization so that they can be tracked in the electronic system to look for those engaging in suspicious activities on the network.

Electronic Privacy and Security Enhancement Act

The major sections what were amended include sections 101A which mandated the body in charge to submit a report to the national congress on any undertaking and proposed punishment. The other second was sections 102 and 103 which demanded that any entity that belongs to the government should be made open via service providers who provide electronic communication and any disclosure made should not be with an ill intention.

It also demanded that in section 104 of national data center where there will be maximum electronic data security infrastructure and sophisticated tools for threat detection, fraud investigation and appropriate measures to protect sensitive information such as those for hospitals and the government. There was also a ban in the spread of material that can corrupt individuals mind such as pornography via the internet and any communication media in section 105 (Choi 86)

In section 106, the punishment that individual that uses a computer to physically hurt another person or tries to commit a felony with an aid of a computer was made severe. There was also a provision of extensive security to media group that gave hand to the police while carrying out the investigation while the vulnerable attacks that were frequent were blacklisted so that more security concern were availed in those areas. These two amendments are in section 107 and 108 respectively.

Lastly more vigilance was given to bridging of one’s privacy via the mobile phones unauthorized interception of conversation and in addition, the severity of the punishment was increased. Furthermore, the requirement of presence of a police officer before a warrant of arrest is issued was ruled out in order to raise vigilance (Lingihn 56)

I feel that the enforcement of electronic Privacy act of 2002 has helped the citizens of the federal republic to regain the glory of data and information privacy. The fear of one’s information getting into the hands of unauthorized individual has been drastically reduced due to enforcement of severe penalties to any person found breaching this right. In addition, it has enabled more secure computerized financial transaction which had become a nightmare. With the enforcement of this law, the use of information technology has become better (Theohary 126).

Steps/ procedures of ensuring Electronic Privacy

The security of information electronic systems is crucial to the performance of each and every company or organization. It is therefore the responsibility of each and every employee to ensure that the laid down procedures for protection and safety of the electronic systems is adhered to with utmost care. Information electronic systems security measures are implemented to ensure that both the integrity, confidentiality, authenticity and availability of the data stored in the electronic system is not compromised. A balanced approach is used to ensure that administrative, operational as well as personnel controls are implemented equally. The nature of the information secured determines the level of security imposed (Salomon, 2007). Human safeguards for employees are meant to control their behavior in relation to access and use of information in an electronic system. Through identification and authentication management, employees would be restricted to the modalities of accessing and using the electronic system.

Each employee should be assigned a unique password used to enter into the electronic system. The identity should not be used by multiple employees since audit measures are put in place and every employee is accountable to their individual actions. Identities require authenticators such as passwords, biometrics and smart cards at login or accessing the electronic system. However the level of “threats” might determine the usage of these authenticators. High-risk workstations or LANs might require an employee to have additional access rights and/or clearance in order to access. Employees with lower clearance might require personnel escort within such areas (Salomon, 2007).

Password protection safeguards against unauthorized access. No employee passwords should be written down on notebooks. Default passwords should be changed immediately upon the creation of accounts. Passwords should also be created using alpha-numeric digits more than eight in number with different case styles. Employee passwords should be regularly changed and where passwords are being echoed such as in half-duplex connections, overprint masks are used before the passwords are entered to conceal it. Safeguards are establish to detect and safeguard the unauthorized access or use of media to alter or introduce changes to the information electronic systems.

In summary human information security measures are meant to control the access privileges of humans while accessing the electronic system. Electronic storage devices should be monitored by the chief security officer to ensure that unauthorized information is not passed to unauthorized persons. Likewise, human readable output classified as high-security information should be reviewed before release. Electronic files released out of the security boundary should be cleared. Generally the manner in which humans utilize the information electronic system is a matter of concern and sufficient controls should be established (Salomon, 2007).

Electronic information security policies

There is also a need to have information security policies which will be used to govern the use of the information resources in a secure manner. This will ensure that the resources that are used are secured. From the assessment, there is lack of policies that would govern the use of resources on the network. It is important to understand how this is possible with the creation of policies that will be followed in an organization. This will address the aspect where nurses share passwords, personnel leaving passwords on top of their desks; this will also solve the aspect of having users not changing their passwords for a long time. This should be solved so that there is effective use of information resource in a manner that it will ensure that the flaws that have been identified will be the responsibility of all the users within the organization. The use of information resources by all the users in the organization will be governed by the following policies:

Password use policy

The password policy will be developed to cover the aspects of password use within any organization. All users will be provided with username and passwords. The password will be changed automatically after seven days. The first password in the organization will be automatically generated. The users will be required to change the passwords that have been provided within the first seven days that they have the passwords. There will be a reminder that will be set in order to remind the users to change the passwords after a period of seven days. This will ensure that the users are able to protect the compromise to the passwords that they have.

Users will be required to be responsible for the security credentials that they have. It is important to understand this principle and ensure that the users will be able to protect the passwords and the issues that will come under the security policy that will be set.

Account management policy

Users will be required to protect their accounts so that they will be only ones who will be using these accounts. This will be achieved by ensuring that the users will be responsible for all that happens while their accounts are active. They will be held responsible for any illegal or malicious procedures that will be done under their accounts. This will ensure that the users will be able to have the security of the accounts under control. With this policy, it will be an offense to share password information with other people. The users will be required to have one password and will be able to have the security of the account under control.

Policy enforcement

The users who will be found to have contravened the set security policies while they are using their accounts will lose their accounts for a period of one month. This will be considered a security offense and the users might get other disciplinary actions from the senior management. This will ensure that users are responsible for their actions.

Recommendations for a Better Electronic Privacy

Things to do immediately

There should be a firewall in the network that will be used to filter the connection and for administrative configuration purposes. The use of the firewall will make it easy to keep suspicious programs at bay (Charles, & Shari, 2001). An organization should also invest in utility programs like the anti-virus software. They help to detect and heal computer viruses which could have spread in the network.

There should be the buying of many switches so that the network can be segmented. Segmentation of the network has many advantages because there will be autonomy in the network. The section which has administrative purposes can be giving a different subnet from the rest of the network. There should be the use of routers also so that the flow of traffic is intelligent. Traffic should be monitored and should not be allowed to flow anyhow.

Another issue which is equally important is the setting up of security policy within the organization where the users are supposed to be having their own passwords that will be used to authenticate their identity. These employees should log out from the electronic system after they are through with what they were doing. This should be made a rule in the electronic system.

Long term improvements

There should be a remote data center that will be used to store the data in an organization. This will help safeguard the information from the professionals. Remote data backup is becoming the best way of cushioning oneself from unforeseen disasters which can wreak havoc to an organization and bring a lot of legal complications.

There should be the use of bidet in the authentication process of an organization. This is the use of biological data in the logging into the e electronic system (Charles, & Shari, 2001). If the current popularity of the Internet is anything to go by, then an organization has to invest in the use bio-data to get the authentication process work for most of the people.

An organization should also develop a private tunnel where an organization network is on its own and is separated from the public domain. This will help eradicate mixture of the public traffic and the private data.

Authentication and access control of Electronic Data and Information

Authentication management

From the assessment, it is clear that there are no controls that have been set in the electronic system. This is because there are no plans for the information electronic systems personnel. One of the issues that should be enacted with immediate effect is the access control to the database. This is an area that is the heart of an organization. This should be secured for better security of the database. There is a need to ensure that the database is secured and accessed by few individuals. The database should be accessed by the people who are authorized to access and manage. The first step that should be done is to have different and strong security credentials for the database. The database administrator will secure the database with the credentials that is known to the administrator alone. This will mean that if someone will want to access the database, they will have to go through the database administrator so that they get the authorization and the vetting. This will mean that the database administrator will evaluate all the requests to access the database. This will help in the process of getting the required security of the database. The access to the database should lie with the database administrator (Peltier 281).

Access control

One way in which the access to the database will be managed is to have access controls. Controlling the access to the database is an important step that should be undertaken so ha the security of the database will be managed. Only the users who are authorized to access the database should be allowed to access the database. There will also be the need by the database administrator to have users access the database on request and on the levels that suit their needs.

Conclusion

From the assessment of the electronic privacy security, it is important to take action to safeguard the organization from future attacks and privacy breaches. The steps that have been undertaken to correct the mistake that has been shown will ensure that the users will be responsible for all the issues that pertain the use of the resources of the organization. It is important to understand that most of the security issues and challenges that organizations face are because of negligence and reluctance of the users to observe the set security standards and policies. With the stipulated steps, it will enable the users to be aware of the security issues that they face when they do not observe the security issues of the organization.

References

Charles, P. & Shari, L. P. (2001). Security in computing. Prentice Hall