Introduction
Information technology has changed the business world. As James V.McGee, Laurence Prusak and Philip J. Pyburn (1993, p. 3) point out the wayorganizations perform their operations, design their products, and market theirproducts have all changed dramatically since the serious introduction ofinformation technology in the mid-1950s.
There are no doubts that the Internet has strongly located in allfield of activity of a society in a role of the irreplaceable tool for workwith the basic value – the information. Especially in business the Internet isinteresting as the tool for communication and information transfer. TheInternet gives to firms variety of possibilities: creation of favorable imageof a firm or production; increase of availability of the information on firm orproduction for hundreds millions users of a network the Internet, includinggeographically removed; cutting-down of costs on advertizing and etc.
According to Kenneth C. Laudon and Jane P. Laudon (2006, p. 9),the Internet and related technologies make it possible to conduct businessacross firm boundaries almost as efficiently and effectively as it is toconduct within the firm. In other words the companies are not limited bytraditional ways to conduct a business. Nowadays the firms maintain closerelationships with suppliers, customers and business partners at great physicaldistances.
At the present time it is very difficult to overestimate the valueof the Internet in ability of the companies, the organizations or the enterprises.Every day this service occupies more and more an important place. The Internetbecomes the basic business tool, really making profit.
The Internet main task remained the same, as at the time of itsorigin – accumulation, storage, distribution and an exchange of the diverseinformation.
Nowadays, there are a lots of managers of the enterprises considerapplication of information technology as possibility to increase the efficiencyof the basic business. It is reflection of a certain stage of development ofthe company: the importance of a competition grows, the companies search foradditional means of increase of profitability of business. For this reasoninformation technology is some kind of a mode of development and advancementfor peak efficiency of activity of the company.
An increased reliance on the Internet is an issue which frequentlygenerates a great deal of heated debate, with supporters maintaining thatinternet is crucial for the modern business and safe enough, whilst opponentsfeel that it is internet lead to risk in terms of threats to informationsystems security. I find myself in the later group. This question is more vital today as ever before, as in the recent years a plenty ofdifferent threats and risk using the internet have increased; therefore, it is worth discussing. In thisassignment will be considering threats of using the internet and how companiescan protect their information systems.
1. Reliance on the Internet
In recent years there is a rapid development of systems of thetelecommunications, one of which key elements is the global computer networkthe Internet and its main service WWW (World Wide Web). Use the Internet as oneof elements of system of marketing can make considerable impact on positiveimage of firm and on awareness of the consumer about the goods and services.For years of the existence the Internet began to carry out set of variousfunctions. The main function is communication facility possessing the majoradvantages among which efficiency, reliability, ability to accumulate theinformation, possibility to supervise communications process, to influence itsquality, etc. Another function of the internet is that internet is an integralpart of many business processes. It became a place and simultaneously means ofinteraction of subjects of market relations – commodity producers, sellers andbuyers. The most indicative examples of it are electronic commerce (e-Commerce)and the Internet-banking (Internet banking). Speaking about electroniccommerce, mean retail trade through the Internet more often. TheInternet-banking is a complex of the bank services given in a mode online:informing of the client on a condition of its accounts, remote steering ofaccounts; payment of utilities, purchase or sale of non-cash currency;crediting, operations with securities, steering of the personal finance, etc.
The Internet has already turned to the original market on whichthe whole industries work, creating the goods consumed by it and services.
Thus, the Internet became the working tool without which it isalready impossible to imagine daily activity of set of people. It and globalreference system, and an access mode to technologies, and transport for datatransmission, and, at last, an operative and accessible communication medium.
One of the main advantages of Internet technologies is full accessto information resources of the company from any point of a global or corporatenetwork. Another aspect that should be mention is that simplicity of use whichallows combining the evident form of representation with the simple gear ofinterrelation of documents. Moreover information systems allow to facilitatesteering of the information and to improve communication possibilities.
2. The main risks and threatsto information systems security
Risks of the Internet are connected exclusively from it not bycontrollability. Being an enormous source of the information, the Internetdoesn't divide it on good and bad, or useful and useless.
On the one hand, the Internet provides mass character of its use,and with another – generates a number of problems with serious consequences.
First, the Internet is the port in an external world, it becamethe basic source of distribution of a harmful mobile code (viruses, Trojanprograms).
Secondly, the Internet began to be applied actively as means ofthe latent penetration into corporate local computer networks.
Thirdly, now the Internet can be considered as one of the basicports of escape of the confidential information. For example, informationresources of the companies are exposed to serious threats because of use byemployees of these companies of free mail boxes. Employees of the variouscompanies besides internal corporate mailing addresses actively use the freemail boxes given by various providers (hotmail.com, mail.yahoo.com, gmail.comand etc.). Having access to the Internet from the workplace and knowing thatthe port isn't supervised, any user can free send any confidential informationfor organization limits. But even understanding it, not all companies forbidthe employees to use free post services. Ports of information leakage from thepoint of view of prevention of insider incident are various enough: usb-flash,an instant exchange of messages (ICQ, MSN, etc.), photoaccessories and others.
There are a variety of threats such as computer viruses, worms,spyware and Trojan horses.
Gordon B. Davis and Gordon Bitter Davis (1999, p. 239) point outthat a computer virus is a computer program designed to destroy other programs,corrupt stored data, or interfere with the operation of computer system.Computer viruses were and remain one of the most widespread reasons of loss ofthe information. Despite huge efforts of anti-virus firms competing amongthemselves, the losses brought by computer viruses, don't fall and reachastronomical sizes in hundred millions dollars annually. These estimations areobviously underestimated, as it becomes known only about a part of similarincidents.
Another kind of threat is Trojan horse. According to Kim Berquistand Anrew Berquist (1996, p. 150) the Trojan horses is an apparently usefulprogram containing hidden code which allows the unauthorized collection,falsification, or destruction of data. The wide circulation of Trojan programshas given to the hacker rather effective tool for reception of the confidentialinformation and destructive activity in relation to users of network Internet.
Programs-spies (Spyware): the software, allowing to assemble dataon separately taken user or the organization without their permission. Spywareis applied to a number of the different purposes. The core are marketing probesand target advertizing. In this case the information on a configuration of thecomputer of the user, the software used by him, visited sites, the statisticanof inquiries to search cars and statistics of words entered from the keyboardallows to define a kind of activity and a focus of interest of users veryprecisely. However the assembled information can be used not only for theadvertizing purposes – for example, recieved information about the computer canessentially simplify hacker attack and breaking of the computer of the user.And if the program periodically updates itself through the Internet it does thecomputer very vulnerable
The deliberate threats-threats connected with malice aforethoughtof deliberate physical collapse, subsequently system failure. Internal andexternal attacks concern deliberate threats. The modern history knows weight ofexamples of deliberate internal threats of the information are tricks of thecompeting organizations which introduce or hire agents for the subsequentdisorganization of the competitor, revenge of employees which are dissatisfiedwith a salary or the status in firm and other. It is possible to carry threatsof hacker attacks to external deliberate threats. If the information system isconnected with a global network the Internet for prevention of hacker attacksit is necessary to use firewall which can be built in the equipment. Hackerattack is an electronic equivalent of breaking of a premise. Hackers constantlycrack both separate computers, and large networks. Having got access to system,they steal the confidential data or install harmful programs. They also use thecracked computers for spam sending. The outstanding examples of hacker attacksare attacks Jonathan James. He cracked the serious organizations such asDefense Threat Reduction Agency which is part NASA. After that he has got accessto names of users and passwords, and also possibility to look through theconfidential information. According to NASA, cost of the stolen software isestimated in 1,7 million dollars. Another example, in the summer of 1995, theRussian hacker by name of Vladimir Levin has cracked electronic protection ofCitybank and has stolen 400 000 USA dollars.
There are plenty of natural threats, such as fires, flooding,hurricanes, blows of lightnings. The most frequent among these threats arefires.
3. Security policy
The lack of security may lead to various consequences andproblems, such as loss revenue, lowered market value, legal liability,lowered employee productivity and higher operational costs
Information security is understood as security of the informationand an infrastructure supporting it from any casual or ill-intentionedinfluences which result drawing of a damage of the information, to its ownersor a supporting infrastructure can be.
Information security problems are reduced to damage minimization, andalso to forecasting and prevention of such influences.
Only the understanding of all spectrum of threats will allow toconstruct the effective safety system.
It is necessary to give particular attention to e-mail protectionas harmful programs often dispatch themselves of nothing to suspecting users.
Necessarily it is necessary to put an antivirus on the corporateserver of e-mail. The companies shoulddevelop correctly an anti-virus complex in scales of the network, and than tosupport its working capacity. Only last versions of anti-virus products arecapable to protect users from modern virus threats reliably. To support theprotection up to the mark it is required as it is possible to update anti-virusbases is more often. At the enterprise it usually isn't a problem – correctlyadjusted anti-virus decision will download and establish updatings in anautomatic mode.
The updating of the product is very important. There are newanti-virus modules with each new version, small defects, and at times and errors,in old modules are corrected. That is even more important, in new versions thetechnologies essentially raising efficiency of struggle against new kinds ofcyberinfections are realized. Thus, only last versions of anti-virus productsare capable to protect users from modern virus threats reliably.
For information safety, a necessary condition is the equipment ofpremises in which there are system elements (carriers of figures, servers,archives and etc.), fire-prevention gages, appointment responsible forfire-prevention safety and presence of fire extinguishing means.
Observance of all these rules will allow to reduce to a minimumthreat of loss of the information from a fire.
The described modes of maintenance of information security of thecompany are effective enough to secure the company against set of threats ofinformation security both from the outside, and from within. Though there arealso other modes, like total shadowing employees, their efficiency much morelow and doesn't get under a category of simple means. Besides, it is notnecessary to forget that information security maintenance shouldn't harm toactivity of the enterprise or create hindrances for work of employees, afterall finally any business processes of the enterprise should be directed onprimary activity maintenance, instead of auxiliary services.
The information in the company should be divided into some levelsof access. The employee should get access only to those data which arenecessary for it for work. The principle of the minimum powers should operateboth for electronic, and for other data. It is necessary confirm the list ofthe most critical information carried to the category confidential, employeesshould to be acquainted with it under a list. Access to the confidentialinformation is possible only after entering of the employee into thecorresponding list confirmed by a management.
Conclusion
Rapid development of information technology has also the negativeaspect: it has opened road for new forms of antisocial and criminal activitywhich were impossible earlier. Computer systems comprise new uniquepossibilities for fulfillment before unknown offenses, and also for fulfillmentof traditional crimes, however, more effective modes.
Threats of safety of information field induce to working out of acomplex of the actions directed on drop of risk of occurrence of an emergencysituation. For this purpose it is necessary to define first of all set ofthreats with reference to a concrete segment of information field and anadmissible risk level of their realization and to estimate expenses forlocalization and liquidation of consequences.
The problems connected with increase of safety of informationsystems, are difficult, multiplane and interconnected. It demands constant,indefatigable attention from the state and a society. Development ofinformation technology induces to the constant appendix of joint efforts onperfection of methods and the means allowing authentically to estimate threatto safety of information sphere and adequately to react to them.
As standard model of safety often result model from threecategories:
• Confidentiality – an information condition at which access to itis carried out only by the subjects having on it the right;
• Integrity – avoidance of unapproved version of the information;
• Availability – avoidance of time or constant concealment of theinformation from the users who have received access rights.
Modern anti-virus technologies allow to reveal almost all alreadyknown virus programs through comparison of a code of a suspicious file with thesamples stored in anti-virus base. Besides, technologies of modeling of thebehavior are developed, allowing to find out again created virus programs.Found out objects can be exposed to treatment, be isolated (to be located inquarantine) or to leave. Protection against viruses can be established onworkstations, file and post servers, the gateway screens working under almost anyfrom widespread operating systems, on processors of various types.
From all aforesaid it is possible to draw safely a conclusion thatnecessity of protection of the information at present costs on the first place.If correctly to choose the anti-virus software, regularly to update it, and toobserve all necessary security measures it is possible to avoid loss, damage ofthe valuable information and accordingly all consequences.
Bibliography
risk threatconfidential damage
1. LAUDON, K.C., LAUDON, J.P. 2006. Management information systems:managing the digital firm. 9th edn. New Jersey: Pearson EducationLtd.
2. McGEE, J.V., PRUSAK, L., PYBURN, P. 1993. Managing informationstrategically. The Ernst & Young information management series.
3. GGORDON, B. DAVIS, GORDON BITTER DAVIS. The Blackwell encyclopedicdictionary of management information. Oxford: Blackwell Publisher Inc.
4. BERQUIST, K., BERQUIST, A. 1996. Managing Information highways:the prism book. Dublin: Springer