Before the advent of the internet, networking occurs in a closed system that exists within a particular organization (Computer Security, 2009). Under this system, a network administrator creates the username and password for the users (Computer Security, 2009). The internet, which is an open system, allows access to information even from home (Computer Security, 2009). Thus, a transaction passes through several computers before reaching the bank (Computer Security, 2009). The user would then want assurance that no one observes, collects or modifies the information that passes through the network (Computer Security, 2009). In ordinary practice, the organization that provides the website sets up the security features that includes the S/MIME (registration of user to a 3rd party service that provides a digital id attached to the message as in email) and PGP (application that is run in the computer of the user) (Computer Security, 2009). Organizations that offer ecommerce transactions can set up a secure server or avail of a 3rd party service (Computer Security, 2009).
Security features protect information from illegal access with passwords and scripts. Traditionally, only internet and programming/coding experts are concerned in the maintenance of network security (Curtin, 1997). However, the rapid growth of users belonging to the usual internet savvy group, they should learn the basic rudiments of security structures (Curtin, 1997). Implementation of the security policy of any organization or company should subscribe to the government’s concept on information security (Guidelines, n.d.). Setting up the security policy of an organization should be based on the system guidelines earlier established, the risk analysis and the standard of measures (Guidelines, n.d.). On the level of the organization, policy formulation should be participated by the administrative and managerial executives, the information system section, the accounting division, and such other necessary components (Guidelines, n.d.). Security becomes relevant especially against cyber attacks on information infrastructure of organizations and governments (Kurisaki, 2009). The gravity of cyber attack is exemplified by cases of. Estonia (2007), Georgia (2008) and Lithuania (2008) wherein key social institutions, financial system and defense infrastructure were incapacitated (Kurisaki, 2009).
It is becoming common in public websites to have contents being controlled and enriched by the users and community as exemplified by websites such as My Blog, My Web Portal, and My Community (Kurisaki, 2009). Information flow from “peer-to-peer” is on the rise while mass media dominance is decreasing (Kurisaki, 2009, para. 3). It can be gleaned from the recent contribution of people sending information, pictures and videos of disaster and calamity victims or state atrocities. Thus, monopoly of information can no longer be attributed to a single entity or organization. No organization can control information and the premise that “those who control the space and information control the world” is an outdated perspective (Kurisaki, 2009, para. 4). The current infrastructure allows individuals to create information that can be transmitted across boundaries out of control by governments (Kurisaki, 2009). People and organizations become more dependent on the infrastructure for information that its relevance to society is critical (Kurisaki, 2009).
Individuals who access information should know how to carry out simple tasks to uphold security (Cranor, 2009). Thus, despite presence of security features, safety may be threatened when the users themselves are unmotivated to subscribe to security rules or unable to make the needed security decision (Cranor, 2009). While designers prefer not to involve persons in the security loop, it would not be wholly financially feasible for some tasks, therefore the alternative of designers is to support the users and make them comply with the critical security functions (Cranor, 2009).
The human threat identification and mitigation process in the security set-up includes the communication-processing model wherein the user has to evoke a behavior based on the communication sent across the system (Cranor, 2009). The behavior may depend on the information processing steps undertaken by the user, as well as personal attributes and communication handicap of the user (Cranor, 2009). This threat identification and mitigation process that enables identification of possible causes of human failure and how to reduce the possibility of failure is a useful tool for system designers and operators (Cranor, 2009).
An organization’s information and privacy security must conform with its mission (DiBattiste, 2009). Written documentation will guide the implementation of the framework or checklist (DiBattiste, 2009). Constant evaluation and refinement of the framework/checklist will lessen risk (DiBattiste, 2009). The checklist can be based on the type of information collected, used and stored which includes the following: restriction of access to sensitive information; documenting of customers, staff, and vendors; accountability of the organization; execution of policies and procedures; internal audit and compliance; security and technology solutions; training and education; outreach solutions; and transparency with consumers (DiBattiste, 2009).
The security infrastructure, then, would depend on the needs, mission and services offered by an organization. Many models are available that can suit the particular needs of the organization and the user. Users must also comply with the security requirements and authentication in order to access information. System designers can assist users on how to proceed with the authentication process since not all users would have the same level of skills with regard to security features. It need not necessarily follow that more passwords would be integrated into the system that ultimately hinder users to access information. It is enough to design a model that fits specific purposes and objectives.
Since society, organizations and people are becoming more dependent on cyber space for information dissemination and exchange, it is proper that security features would be made simple for users to comply but secure enough to ward off threat of attack. Content of information is no longer monopolized by one organization or individual. Each person who creates and transmits information has the control of it. Since the infrastructure is already in place with many organizations contributing to Information Technology developments, it is much more difficult to control and monopolize information. Information is a vital necessity in life and society, it enriches and facilitates living. Therefore, security features should not deter access to information but only to prevent destructive attacks. A security infrastructure model that can facilitate access by legitimate users but would be difficult to break by hackers should be designed so that free flow of information and pattern of communication can be attained even for those who interact without knowing each other.
References
Computer Security. (2009). GrassRootsDesign. Web.
Curtin, M. (1997). Introduction to Network Security. Kent Information Services, Inc. Web.
Guidelines for Information Security Policy. (n.d.). 2009. Web.
Kurisaki, Y. (2009). Balance between Access and Security. icvoluteers. Web.