Information technology has introduced new concepts of meeting organizational objectives, these concepts use automated technologies that facilitate the analysis of information to develop better and conclusive decisions. Moreover, the same concepts enhance risk management by providing factual results that facilitate users to make better future decisions. However, information technology stands as an important asset on its own and will face various problems, more so, security threats and vulnerabilities. These threats will stem from illegal access as propagated by intruders who use these assets to further their illicit courses. Moreover, the threats are also caused by system vulnerabilities which are caused by user ignorance or by developer’s faults (Stoneburner, Goguen, & Feringa, 2002). This report highlights IT security as witnessed in different settings of the digital world. In fact, a detailed analysis is given on the security concepts of technology and the threats/risk it faces.
Technology landscape: from the inception of information technology, the industry has always envisioned on transformative operational architecture by continuously shifting the landscape of information access. In essence, this shift has continuously moved IT infrastructure from mainframe system (architectures) to client/server systems (OCLC, 2010). In the past, this was achieved by personalised computers which were served by mainframe systems accessed using client/server applications. However, the modern technological landscape sees’ direct access to information where portable devices use different units of Softwares to access data, the so called apps. Therefore, irrespective of the industry or field, the technology landscape seems to acquire a common pattern where the end users, who lack technical ICT knowledge, are at liberty to access extensive technological systems. This outcome raises many security challenges as outlined below.
Fig: Technology landscape and IT security
To assess the threats facing the modern landscape of technology, one must demystify the elements of IT. For one, there are three main elements, hardware, software and the users.
Hardware threats: In 2011 Dell, a computer system manufacturer, announced to the world that its servers had been attacked by powerful malicious malware. This attack was unique in nature as it affected a critical aspect of technology, the motherboard system. This malicious software had embedded itself into the flash memory of the servers used in the company. Now, in the past, such attacks were only done on the firmware (application) and were easy to manage, however, this attack singled a new threat that affected physical components (Dehigaspege, et al., 2016).
Software: most of the security threats experienced today are focused on firmware elements where malicious codes infect devices and alter their operation modes. This outcome is further intensified today because of the internet which provides endless connections that intruders can use to attack (Liao, 2011). Furthermore, the advances in software development have increased the content of information available today which makes it difficult to manage the IT infrastructure.
Users: The main culprits of the security problems facing IT and the technology landscape. Consider the end users, who have good intention with technology but are naïve to use sub-standard security measures. Their minimal security efforts facilitate intruders which increase the security problems. Intruders, on the other hand, adapt to security models in order fulfil their objectives (PTAC, 2011).
There are various approaches that are used to mitigate security threats in technology and most of them rely on protecting the user’s information, lets highlights a few of them.
Despite the security measures put in place, they can never assure users of complete protection from the threats facing IT. Risk assessment outlines a process of evaluating and identifying vulnerabilities facing systems. This assessment also identifies the consequences of security threats and provide recommendations based on the security programs outlined. Therefore, risk assessment is a process of identifying, implementing and managing effective countermeasures to security problems (Jenkins, 1998). The diagram below outline the process used to perform IT security assessments.
Fig: IT security assessment
In the past, computer users could verify applications before installation as they were provided by verified sources using recognised administrators. This verification process is no longer available today owing to the degree of connectivity where users can readily acquire Software packages online which raises the security threats experienced. Moreover, the threats experienced affect all devices and systems used in IT as outlined below:
Network threats– this category of threats affect the access infrastructure of information technology, they interfere with the confidentiality, integrity and availability of information. They include flood attacks, DoS (denial of service) and man-in the middle attack:
Flood attacks will jam traffic in the channels of communication by sending high volumes of unnecessary information/data. The same approach is used to conduct DoS where processors, storage and networks are bombarded with unnecessary information thus denying legitimate users access to content. Man in the middle attack is propagated by intruders who eavesdrop on connections and in the process alter the content of the information (Gharibi & Mirza, 2011).
Malware threats –propagated by black hats, malware are illicit codes developed to interfere with the operation of verified Softwares. They can harvest information or interfere with access, a proponent of DOS. Several malware types exist, for instance, adwarewhich exists as short advert programs that consistently pop up in browsers and application connected online. This malware can be used to track users and acquire their confidential information. Ransomware, malicious codes that hold computers and applications hostage while the users are demanded to pay ransoms, this programs restrict users from accessing information. Trojan horse, the most famous and common of them all. This malware pretends or disguises itself a legitimate program while conducting its illicit actions. Moreover, it will also disguise itself to facilitate its installation in users machines (Dupal, 2014).
Most of the threats identified above depend on the vulnerabilities existing in computer systems. For instance, unprotected network nodes/ports and ignorant users who fail to protect their assets using the necessary security procedures. In other instances, the users will be tricked while using legitimate service applications e.g, phishing attacks that duplicate emails and website so that users can provide their confidential information (Pearsoned, 2012). Therefore, the mitigation procedures will use the assessment made, as highlighted before to establish the necessary security procedures such as:
Conclusion
In the analysis given above, a broad view of the security issues facing IT has been given starting from the technological landscape seen today. Moreover, the immediate threats facing IT have also been given, while having a greater emphasis on the most common forms of attacks/threats. In all, a common trend is highlighted, that of user vulnerabilities as most threats are fuelled by user negligence or lack of information. Furthermore, the mitigation techniques highlighted have outlined the importance of using multiple control measures as none is guaranteed. Therefore, IT security is a factor of time and the resources available. The users should implement effective security strategies that are regularly revised and updated to keep up with the time. Through this model, the security aspect of information technology will be maintained within reasonable terms as complete protection is not guaranteed.
References
CDN. (2012). Hardware based security . Retrieved 24 August, 2017, from: https://cdn.ttgtmedia.com/searchSecurity/downloads/0321434838_Ch16.pdf.
Dehigaspege, l., Hamy, U., Shehan, H., Dissanayake, S., Dangalla, H., Wijewantha, W., & Dhammearatchi, D. (2016). Secure Authentication: Defending Social Networks from Cyber Attacks Using Voice Recognition. ijsrp, Retrieved 24 August, 2017, from: https://www.scribd.com/document/330395895/ijsrp-p5820-pdf.
Dupal, N. (2014). Common Malware Types: Cybersecurity 101. Veracode, Retrieved 24 August, 2017, from: https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101.
Gharibi, W., & Mirza, A. (2011). Security Risks and Modern Cyber Security technologies for corporate networks. International Journal of Computer Science and Information Security, REtrieved 24 August, 2017, from: https://arxiv.org/ftp/arxiv/papers/1105/1105.2002.pdf.
Golchha, P., Deshmukh, P., & Lunia, P. (2014). A Review on network security threats and solutions. International Journal of Scientific Engineering and Research (, Retrieved 24 August, 2017, from: https://www.ijser.in/archives/v3i4/IJSER1567.pdf.
HSE. (2014). Information Technology (I.T.) Security policy. HSE, Retrieved 24 August, 2017, from: https://www.hse.ie/eng/services/Publications/pp/ict/Information_Security_Policy.pdf.
Jenkins, B. (1998). Security risk analysis and management. Countermeasures, Retrieved 24 August, 2017, from: https://www.nr.no/~abie/RA_by_Jenkins.pdf.
Liao, C. (2011). Security threats from hardware. Retrieved 24 AUgust, 2017, from: https://www.cs.rochester.edu/~sandhya/csc256/seminars/chao_malware.pdf.
OCLC. (2010). Technology Landscape. Major trends, Retrieved 24 August, 2017, from: https://www.oclc.org/content/dam/oclc/reports/escan/downloads/technology.pdf.
Pearsoned. (2012). Security Risks and Threats. Chapter 2, Retrieved 24 August, 2017, from: https://catalogue.pearsoned.co.uk/samplechapter/0321349946.pdf.
PTAC. (2011). Data Security: Top Threats to Data Protection. Privacy technical assistance center, Retrieved 24 August, 2017, from: https://ptac.ed.gov/sites/default/files/issue-brief-threats-to-your-data.pdf.
Smart, N. (2002). Cryptography: An Introduction. Retrieved 24 August, 2017, from: https://www.cs.umd.edu/~waa/414-F11/IntroToCrypto.pdf.
Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk Management Guide for Information Technology Systems . National institute of standard technology, Retrieved 24 August, 2017, from: .
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download