The Cost Of Poor Quality Information Security Software
Information security is commonly defined as the procedure by which information and information systems are protected from unauthorized access or use. This term also mean almost the same thing as computer security and information assurance. Nevertheless, all strategies that fall under information security are implemented to protect and preserve the confidentiality, integrity and availability of certain electronic information that is processed or stored in computer systems and networks. Particularly with electronic data, many computer users and network administrators install information security software.
The increasing popularity of the Internet has its own set of disadvantages. Though it paved way for information to be accessible to a larger audience, it also becomes a tool for malicious users to access and manipulate electronic data. Because of this threat, many information security software using passwords, digital certificates and biometric techniques have become available for computer users to use. These became instruments by which the computer system is able to authenticate or identify certain computer users that are allowed access. However, information security software is not entirely flawless and may not be sufficient to ensure security since it does not have control over the actions of authorized users who may maliciously use and distribute electronic data.
Computer users, especially those belonging in business organizations usually employ three types of control in implementing information security policies. The first type of control which is administrative control involves the approval of policies, procedures, standards or guidelines in managing personnel and business operations. The two other types of controls which are logical and physical controls are applications of administrative control. Logical or technical controls, in particular, refer to the use of information security software and data to control information access in computer networks. Some of the forms of logical controls are passwords, firewalls, and data encryption methods. Physical controls, on the other hand, control the physical environment of work place and computing facilities. Examples are heating and air conditioning, fire suppression systems and air conditioning. Moreover, in order to control access of users to confidential information, identification and authentication mechanisms are integrated into computer system and applications. Identification is a one to many comparisons which means that user information is compared against all user information in the database to identify the user. Authentication, on the other hand, is a one to one comparison wherein the user information of a particular user is compared against his personal user information in the database.
Problems in information security have cost billions. Aside from the direct cost of installing and downloading information security software as well as information security services, millions of dollars are lost due to incidents of information theft, financial theft and theft of service. Information insecurity likewise resulted to productivity loss as it paved way to the malfunction or disintegration of computer networks. Many of the problems in computer security arise from the fact that many of the information security software available in the market have poor features and are very vulnerable to other software. The end result is that users spend money not to fix computer insecurity but to minimize risks from it. The only solution recommended to remedy this problem is for information security software vendors to improve the quality of their products.
|
