|
Use of Security Technologies for Business Organisations
Abstract
Security is a significant concern for any business organization, especially in the case of information storage and management. There are several threats possessed by computers and used for information storage. Therefore, it is essential to apply security technologies so that information is secure and does not go into the wrong person’s hands. This paper will strategically discuss significant security issues that a company faces every day. For example, the report highlights cyber threats, phishing attacks, viruses, data breaches and lack of security management.
Furthermore, we propose some technologies such as access control, firewall and intrusion detection systems. From such technology’s security mechanism can be implemented by the companies. Additionally, we also provide advantages of security to the organization. Therefore, the purpose of this report is to highlight the importance of security technologies for removing issues.
Table of Contents
Security Issues Inside Organisation. 3
Advantages of Security Technologies. 5
Appendix 1: Access Control Mechanism Example. 10
Appendix 2: Intrusion Detection System Overview.. 11
Appendix 3: Electronic Building Access system.. 12
Introduction
Information is the biggest asset for organisations to consider seriously. Several reasons make companies watch out for information that is extremely confidential and personal internally. Two important reasons are security and privacy to the available data by them. According to research studies, one billion people in western Europe connect on the digital platform so that information and knowledge sharing as well as marketing opportunities could be seen [1]. It shows that companies use the internet for information gathering and thus requires the possibility for data security. However, it has become a more significant concern because of supposed threats and cybercrime activities.
According to a report, an organisation was made website phishing target; while 52 out of 120 employees give a response by sharing their sensitive login credentials [2]. This could cause several other challenges for an organization to maintain and manage. Hence, security technologies are implemented by the organizations so that such problems could be overcome. Therefore, the purpose of this technical report is to analyse security and privacy concerns and issues, propose security technologies as well as their advantages to an organisation.
Discussions
Security Issues Inside Organisation
There are several issues inside an organisation that are much more responsible for security issues. Users and company insiders are considered one of the reasons for not taking data privacy seriously. Research shows that even people inside organisations do not change their attitude towards security policy implementation, even if the password breach has a slight possibility [3]. Also, though, policies are implemented, no company would take a significant role in it. For example, general data protection regulation or GDPR is a new policy which establishes that users will know, understand, consent to data collection from their personal lives [4].
Hence, the lack of management for security and privacy of data is a huge issue that must be resolved. The management activities can be implemented so that threats possessed by companies could be controlled effectively. Secondly, insider threat is considered another security concern for the businesses. According to 2016 cybercrime survey, 27 per cent of electronic crimes happened due to insiders working as employees [5]. Therefore, employees working inside the company can manipulate security due to personal vendetta.
The third security concern is data breaches which occurs due to hackers accessing private information. According to MITRE corporation’s report, data breaches mostly occurs when hackers exploit different software vulnerabilities [6]. Hence, the organization should consider that software implemented are highly secure or not. Some companies achieve geological data for their operations through GPS, which is the fourth concern. However, information such as nearest cell tower, wireless access point, speed, IP addresses and indoor positioning is misused [7]. Thus, companies should consider this security issue seriously by implementing protocols for wireless access points.
The fifth and new privacy issue is unwanted interference of highly proficient technologies. Machine learning is used by researchers to understand the text through patterns which could accidentally release personal history [8]. Hence, all these security and privacy issues should be taken seriously by the organisations to protect their most important asset information.
Security Technologies
Following security, technologies are recommended for organisations. It will be helpful to take preventive measures against security and privacy issues effectively and efficiently in a company.
- Access Control
Access control is a security technology which provides authority to use resources within specified limits. Access control is beneficial to gather errors and immediate update over them. For example, even if the log file of a computer skips errors, this technology is getting aware of the error and update policies to aid specific machine errors [8]. Usually, this model is implemented in two ways of providing security. The physical access control allows access to campus areas, rooms, IT assets, and buildings. Whereas, logical access control provides use of resource for computer devices, networks, access to system files as well as confidential information. Access control is implemented through types of role-based and attribute-based. While RBAC provides access according to the user’s role inside the organisation. On the contrary, ABAC provides access as per user attribute, whether it is an employee or manager and helpful in a distributed environment [9]. Hence, both access control mechanisms are used so that information could be accessed only by limited people. Besides, it could remove insider threats that happen due to personal motives.
- Firewalls
The firewall is a network security device that monitors traffic from incoming and outgoing through software and hardware-based platforms [11]. Further, it has security rules so that traffic can be accepted, rejected and dropped. Firewall came into existence when technical issues were found in the access control list on routers. ACL only decide permissions over IP addresses but lacking information retrieving from information packets [10]. Therefore, the firewall was incepted that provided a layer from untrusted sources inside a network.
Furthermore, working of software and hardware-based firewall system is very simple. The firewall has rules which are rechecked with network traffic match to grant control of information (appendix 1). Therefore, the firewall is another security mechanism which could protect the information in companies.
- Intrusion detection systems
Intrusion detection system analyses network traffic whenever a suspicious theft occurs as well as alerts such unauthorized access [12]. IDS is a software which gathers harmful activities and data breach on the network. If something suspicious occurs that admin is directly reported (Appendix 2). Further, the reports get stored through security information and event management system. The organisations implement IDS so that malicious cyber threat could be reported. Another critical aspect of the intrusion detection system is to monitor network packets and check malicious activities on information packets. Several types of IDS could be implemented, for example, Network Intrusion Detection System (NIDS) and Host Intrusion Detection System (HIDS) [13]. While NIDS works on checking the intrusion activities on a computer network; the latter checks all the updates on the host or guest intervention. Further, IDS work as an intrusion prevention system where it saves load from the traffic flow of information. Hence, computer networks are entirely safe and protected from traffic issues.
- Electronic building access systems
The automated building access system is a security technology which provides the facility to managers in the form of alarm so that they could control door entry access in a building [14]. The proposed system architecture demonstrates how the device is connected to the computer network in the office. Whenever something suspicious is found instantly, security managers get alerts. The regulation and control of the system become more effective from a remote location. The system works and has an electronic door lock, card reader, and electronic controller; whereas, when someone enters the building premises, he or she is recognized through punching card, face or thumbprint [15]. Even if there is some intrusion, permission is strictly prohibited. Therefore, electronic building access systems are useful because they provide safety from computer theft.
- Security Management Committee:
This approach is not present in the literature; however, it can be considered more effective. The biggest issue for any organisation is the lack of management for security principles. The managers do not manage or monitor security for information accurately. Therefore, companies should develop a management committee so that such issues could be removed. For example, items such as viruses and hacking could be controlled by placing a professionally qualified security expert and their teams. The regular control for network every week will be helpful so that organisations could be understood how privacy can be saved.
Advantages of Security Technologies
There are several advantages of implementing security tools in an organisation. Firstly, people feel safe while working in a secure culture and lack of disturbance for intrusion on privacy. The employee concerns for the leaking of personal data gets removed, and they work in a non-pressured manner. Secondly, monitoring and reporting for security aspects become easy as tracking could be done. With a secured mechanism, organisations could work adequately and process more information.
Furthermore, quality assurance for products could be done effectively. Therefore, security technologies provide benefits to an organisation in different ways. Further, proposed tools help control the information present on the company database. Hence, security and privacy is an essential concern which we have tried to establish through the means.
Conclusion
To summarize, the purpose of this report was to initiate the use of security tools and mechanisms so that information could be protected. The organisations today consider security and privacy as their primary concerns. The report highlighted some of the drawbacks such as cybercrime threats, lack of security management, data breaches and highly interfering machines. Thus, it is necessary to look into new technologies.
Furthermore, we propose different types of technologies. Access control mechanism provides control to only people involved in the company. Additionally, firewalls will monitor intrusions through hardware/software-based platforms. Whereas, the intrusion detection system and electronic building access systems are also helpful. Lastly, the advantages of using security technologies are also highlighted. Additionally, another new security technique is proposed, which lacks literature. However, organisation do need a management committee wholly dedicated to security and privacy concerns.
References
[1] E. Schomakers, C. Lidynia, D. Müllmann and M. Ziefle, “Internet users’ perceptions of information sensitivity – insights from Germany”, International Journal of Information Management, vol. 46, pp. 142-150, 2019. Available: 10.1016/j.ijinfomgt.2018.11.018.
[2] B, Tran, and M. B. Murtaza, “Online Security and Privacy Concerns: Issues and Recommendations.” International Journal of Computer Science and Information Security vol. 16, no. 8, (IJCSIS), 2018.
[3] N. Safa, M. Sookhak, R. Von Solms, S. Furnell, N. Ghani and T. Herawan, “Information security-conscious care behaviour formation in organizations”, Computers & Security, vol. 53, pp. 65-78, 2015. Available: 10.1016/j.cose.2015.05.012.
[4] N. Niku, “How Europe’s New Privacy Law Will Change the Web, and More”, wired.com, 2018. [Online]. Available: https://www.wired.com/story/europes-new-privacy-law-will-change-the-web-and-more/. [Accessed: 07- Dec- 2019].
[5]”Insider Threat”, Sei.cmu.edu, 2017. [Online]. Available: https://www.sei.cmu.edu/research-capabilities/all-work/display.cfm?customel_datapageid_4050=21232. [Accessed: 07- Dec- 2019].
[6]”Top Five Privacy Issues Organizations Must Tackle | ITBusinessEdge.com”, Itbusinessedge.com, 2011. [Online]. Available: https://www.itbusinessedge.com/slideshows/show.aspx?c=91946&slide=7. [Accessed: 07- Dec- 2019].
[7] The MITRE Corporation, “Secure Systems Prevention: An Enhanced Approach to Cybersecurity”, The MITRE Corporation, 2016.
[8] A. Burt, “Privacy and Cybersecurity Are Converging. Here’s Why That Matters for People and Companies.”, Harvard Business Review, 2019. [Online]. Available: https://hbr.org/2019/01/privacy-and-cybersecurity-are-converging-heres-why-that-matters-for-people-and-for-companies. [Accessed: 07- Dec- 2019].
[9] S. Seifermann, and W. Maximilian, “Evolving a Use Case for Industry 4.0 Environments Towards Integration of Physical Access Control.” In Software Engineering (Workshops), pp. 106-108. 2019.
[10] V.C. Hu, D.R. Kuhn, D.F. Ferraiolo, and J. Voas, “Attribute-based access control.” Computer, vol. 48, no. 2, pp.85-88. 2015
[11] M. Mihalos, S. Nalmpantis and K. Ovaliadis, “Design and Implementation of Firewall Security Policies using Linux Iptables”, Journal of Engineering Science and Technology Review, vol. 12, no. 1, pp. 80-86, 2019. Available: 10.25103/jestr.121.09.
[12] S. Sheenam and S. Dhiman, “Comprehensive Review: Intrusion Detection System and Techniques”, IOSR Journal of Computer Engineering, vol. 18, no. 04, pp. 20-25, 2016. Available: 10.9790/0661-1804032025.
[13] N. Boskany, “Design of Alarm Based Network Intrusion Detection System”, Journal of Zankoy Sulaimani – Part A, vol. 16, no. 2, pp. 65-69, 2014. Available: 10.17656/jzs.10294.
[14] “Remote Electronic Building Access Control Systems & Management”, Dpstele.com. [Online]. Available: https://www.dpstele.com/access-control-system/index.php. [Accessed: 10- Dec- 2019].
[15] W. Deutsch, “An Introduction to Electronic Access Control Systems”, The Balance Small Business, 2019. [Online]. Available: https://www.thebalancesmb.com/introduction-to-electronic-access-control-394578. [Accessed: 10- Dec- 2019].
Acknowledgements
Filled by Student
Appendices
Appendix 1: Access Control Mechanism Example
Source [10]
Appendix 2: Intrusion Detection System Overview
Source [12]
Appendix 3: Electronic Building Access system
Source [14]