This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

Information Security in a World of Technology

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

 

 

Information Security in a World of Technology

 

 

 

Student’s Name

Institutional Affiliation

Course and Number

Instructor’s Name

Assignment Due Date

 

 

 

 

 

 

 

Information Security in a World of Technology

Introduction

The application of technology by individuals and businesses has become an obvious step for organized and high-quality work. Today, technology is applied in hospitals, companies, individual businesses, and schools, just to mention a few. However, information is threatened by various cyber insecurities like a virus, malicious programs, phishing, and denied service. Hence businesses stand to lose customer information and confidence when their technological systems are attacked. Consequently, businesses are spending much money to ensure that they are protected from the attacks. Cybercriminals such as hackers often target huge businesses, and if the threat is not detected early enough may cause extreme damage. There is a need to educate organization staff on some security mechanisms through educational methods such as instructor-led class, computer-based training, and job training. This paper is a discussion of some elements of information security in a world of technology.

Section 1

Instructor-led Class

This is the action of limiting access to an organization’s network resources by keeping them in locked areas to protect them from unauthorized users and natural disasters. Putting physical security can protect the vfrom being misused by untrained contractors and employees (Xu et al., 2017). Other than the internal threat, this security could protect the resources from external threats such as terrorists, competitors, and hackers. Depending on the level of physical security adopted by a company, the technological resources could be protected from natural disasters like fire, storms, and floods, as well as other events like radioactive spills and bombs. This type of security is aimed at covering servers, modems, cables, hosts, routers, and demarcation points. An excellent example of physical security is an authorized users’ only room full of computers in a firm. A single person is put in charge of this room, and the user must need to approve the reason to access the resources. Assurance evaluation and particularly design evaluation could be used in checking whether the physical security system is providing the functionality security intended to provide.

Computer-based Training

This is a security measure to identify whoever is requesting a network service. The process could be done on the identification of users, devices, or even software (Xu et al., 2017). Some security policies demand a user to provide id or passwords before allowing access to the system. If the password or id is not authenticated by the security server, then the user cannot access the system. Authentication is aimed at ensuring that the person accessing the network is authorized. For example, most companies have system passwords and codes which are changed from time to time to protect the resources. Evaluation could be done through security characteristics, especially for security functionality, whereby the security service is provided to the user only.

On the Job Training

Authorization security dictates what the user can do when they access a network service. Hence, it gives privileges to users and processes (Xu et al., 2017). This type of security allows the security administrator to control a segment of a network, such as files on servers. Authorization varies from one user to another, depending on the department they belong to. For example, the HR system could be designed that only the department employees could see the salaries records of other employees. The security functionality method could be used in the evaluation of this security service whereby the system is checked, whether it only allowed certain people to access certain information.

Peer Training

This is the scrambling of data to protect it from being accessed by the unintended person. An encryption device encodes data before putting in on a network (Xu et al., 2017). The receiver of the encrypted message then uses the decryption device to decode the data. Devices such as servers, router, a dedicated device, or a system could act as a decryption or encryption device. For example, a company could encrypt data in terms of numbers and send it to the receiver. Assurance evaluation could be done in encrypted data whereby implementation evaluation is done to ensure that the intended purpose of the security was met.

Section 2

Security Mechanisms in Hospitals

Healthcare facilities use security policies that are aimed at accessing control and authentication. Besides, security policies achieve integrity, availability, and reliability of data to authorized persons (Tsao, 2017). The facilities adopt the use of electronic medical records, which eliminates paperwork. This physical security ensures that the patients’ data can only be accessed to specific individuals. The facilities organize physical security for the available electronic system by ensuring that each patient’s information is stored in the computer and that paperwork with sensitive or most confidential information is destroyed. This information is retrieved only when there is a need. In these electronic systems, various security measures such as authentication and authorization are used to control access to various information. Passwords and id codes are put in various computers to protect unauthorized users from retrieving patients’ information. Also, authorization is used mostly by doctors, whereby there is a need to protect patients’ confidential information, which not even nurses should retrieve.

Administrative and Personnel Issues security in Hospitals

According to Tsao (2017), it is crucial to keep patients’ information confidential, whether they are confidential to them or not. Healthcare administrations are ethically obligated to keep the patients’ information confidential. Hence, in cases where the insurance policies and other hospitals may want to access the patients’ information, the administration is supposed to ask for the patient’s permission before sharing it. Healthcare personnel is mandated by keeping patients information to themselves. Often, the administrators put passwords to the system and only allow certain personnel to access the information. Hence, they would be accountable for the use or misuse of this information.

Level of Access

Tsao (2017) states that hospitals use information systems that enable them to limit the number of personnel who can access patient information. Such systems include electronic medical records, practice management software, remote patient monitoring, and patient portals. These systems are designed only to allow their users to access patients’ data; hence if people within a department do not have access to the system, they cannot retrieve the patients’ data. Some of this software is only used by the doctors hence denying nurses access to the patients’ information.

Handling and Disposal of Confidential Information

Most healthcare facilities have designed ways of disposing of patients’ information. Most facilities transfer data from paper to electronic systems then destroy the paperwork. Major facilities shred the paperwork immediately; the data is fed in the computers. Other facilities without paper shredders contact other facilities and hand them over paperwork for destruction. Some sensitive information is not stored to protect the confidentiality of the patients. Such documents are either shredded or disposed of in waste containers without transferring them to the facility system.

Section 3

Protecting information from phishing and spam emails using security mechanisms could be done in the following ways examples and evaluated in the respective ways. An example of a physical security measure is putting computers in a room whereby only trained staff can access them. This way, the trained employees would recognize a spam email or phishing and delete them or destroy them accordingly. Design evaluation is used to account for assurance of the security (Gukal & Varadarajan, 2017). During the evaluation, the evaluator finds out whether only the authorized users were allowed to access the system.  For authentication, an example would be using passwords in electronic systems to ensure only authorized users access them. The use of passwords would mean that only authorized personnel access the emails and other elements of the system. The security functionality method of evaluation should be used to evaluate the functionality of the security provided. If the spam emails were replied, it would mean that the system was accessed by unauthorized personnel.

An example of biometrics is the use of facial patterns to unlock computers. These are used to recognize particular people; hence only that person can use the system at that time hence would be responsible. The security functionality evaluation method could be used in this case, whereby the level of security provided is examined. The application of firewall security may include designing the system to allow traffic from any IP addresses but the flagged ones (Gukal & Varadarajan, 2017). For wireless network security, a firm could use WPA to encrypt data before sending it to the receiver. An excellent method of evaluation is assurance evaluation. An application software example would be for the software to request for identification code before accessing. The security functionality method of evaluation would be excellent to use. An organization could use Avast antivirus software to block malicious programs and viruses from reaching their system and design evaluation method used to evaluate the security. A spyware detection example can be the use of adware to spy on malware, and the design evaluation method should be used to examine the security offered. The other example is of administrative and personnel issues whereby trustworthy personnel should be employed, and the security functionality method of evaluation is used. Lastly, a level of access example would be role-based access control, and the design evaluation method would be used for evaluation.

Conclusion

In the world of technology, security issues are very common, and the ability to control them is what matters. Businesses use security mechanisms such as encryption of data, authorization, authentication, physical security, and level of access to limit access to various information. Evaluation methods such as design, functionality, implementation, and assurance are used to evaluate the provision of security by the applied mechanisms. In healthcare facilities, various methods, such as the level of access and authentication, are used to protect patients’ information from unauthorized users. Limiting the access of such information increase the respect and confidentiality between the facility and the patient. Security mechanisms are used to protect organizations from spam emails and phishing by limiting access or taking action against the malware. Many companies use these security mechanisms and other customized security policies to protect their information from hackers, viruses, and unauthorized users. In the future, there will be more improved methods of securing information from hackers and other threats.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

References

Gukal, S., & Varadarajan, R. (2017). U.S. Patent Application No. 15/274,600. https://patents.google.com/patent/US20170093910A1/en

Tsao, Y. J. (2017). The effect of the Information Security Management System in Hospitals on the Maturity of Information Security. https://etd.lis.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0717117-212100

Xu, M., Lu, K., Kim, T., & Lee, W. (2017). BUNSHIN: Compositing Security Mechanisms through Diversification (with Appendix). arXiv preprint arXiv:1705.09165. https://arxiv.org/abs/1705.09165

 

 

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask