In its basic terms, a computer based information systems are essentially all the information systems which use computer technology to accomplish all the planned tasks. Such an information system comprises of several basic components which include but not limited to: hardware component, software component, database, networks and procedures (Jones, 2014). The hardware component entails devices lie processors, monitors, keyboards, printers and all other physical components working together to accept, process and display data as well as the information.
The software component on the other hand entails all the programs allowing the hardware component to accept, display and process information while the databases are responsible for gathering all the associated tables and files containing related data. The last component comprises of the procedures and which can be seen as the commands used to combine all the other components of the entire information system to process raw data and come up with the preferred outputs. The first four (hardware, software, database and network) comprise of what is commonly referred to as information technology platform and are used by security experts to create information systems with the capability of watching over risks and data management within an organization framework (Stair & Reynolds, 2017).
With the influx under the current generation and the increased demand for more flexible working conditions, most of the organizations have begun to shift from the policy that hindered employees from using their own devices for work purposes and are now freely allowing the employees to comfortably bring in their own devices at the workplaces and use them for work purposes (Garba,Armarego, Murray & Kenworthy, 2015). Bring your own device (BYOD) policy has however appeared with massive impacts as far as organizations data security is concerned., although considered as workforce mobility is a complex development for organizations data security because it is accompanied by high risks of data loss and protection barriers.
Adopting the BYOD policy will increase the risks of organizations data leakage. This is because more reliance on mobile devices will lead to more floodgates of organization data leakage which translates to more threats. When it comes to security concerns and prone to attacks, tablets and mobile phones are among the weakest links which can be easily exploited by attackers to gain access into the organization data (Faulds et al, 2016, p.58). For these devices to be in a position of ensuring safety of organization data they must be taken through regular patch updates but because the responsibility is bestowed on the employees, most of them may ignore the policy and that exposes the device on the risk of easy attacks.
As a result of CIOs having less or even no any control over mobile devices being used with the organization, it is a clear indication that the organization information systems becomes more vulnerable to attacks. This is in consideration to the fact that employees are constantly downloading applications and connecting different Wi-Fi hotspots away from the workplace areas without putting in place the necessary security protocols that may help in preventing any attacks. These and other behaviors of the employees outside the workplace premises expose their devices into serious security loopholes that are easily exploited by the hackers (Wason, Gupta & Adler, 2014, p.11). Coupled with the fact that most of the employees may not have anti-virus protection on their devices or an up to date firewalls on their devices is an implication that they are highly vulnerable to external attacks and which can compromise the organization data.
Since corporate data and personal data have to be stored on the same device, this poses another security challenge as far as BYOD policy is concerned. At the end of it all, certain types of organization data is exposed to the public domain. Again, since malware programs can be installed on the mobile devices of the user unknowingly, this becomes an easiest way of the malware to get into the organization network infrastructure (Medvinsky, et al, 2015). In addition to that, keyboard loggings can be recorded by the hackers easily through specific programs which cannot be easily noticed by the user of the mobile phone. Through such programs, the hacker gains access to login credentials of an organizations information system and from where he can easily facilitate an attack.
Employee devices are prone to theft or getting lost and incase of any of these two incidences, the security of the organization’s data is exposed into a huge risk. Statistics based on the organizations which implemented BYOD policy long ago indicates that over half of the security breaches are as a result of employee devices getting lost or being stolen and that signals the organizations on the importance of implementing encryption tactics to secure employee devices against threats. Prompting the use of Pin codes by the employees is another effective way of ensuring that employee’s devices are secure (Mishra et al, 2015, p.28).
Certificate-Based Authentications works in line with the following principles; When the authentication server is presented with a certificate, it ensures that the certificate meets the following four criteria (1) confirms whether the digital certificate was issued or signed by a trusted CA, (2) checks both the start and end dates of the certificate to ensure that it has not expired, (3) ensures that the certificate is free of any revocation and (4) ensures that the client provides a proof of possession.
Some of the ways by which certificate based authentication are applied in ensuring optimum security on organization data are Database Mirroring and Service Breaking although the approach is only possible if the servers involved belong to different domains and the default windows based authentication is not applicable. For the case of Service Broker, the scenario is more of a norm than an exception but for Database Mirroring it is fully an exceptional case (Juels & Richards, 2016). In order to configure the endpoints to allow usage of certificates for authentication, the keyword CERTIFICATE must be used to CREATE or ALTER ENDPOINT statement as shown below:
CREATE ENDPOINT [mirroring]
STATE = STARTED
AS TCP (LISTENER_PORT = 5022)
FOR DATABASE_MIRRORING (
AUTHENTICATION = CERTIFICATE [MyCertName],
ROLE = PARTNER);
Some of the benefits of using certificate based authentication when compared to using password based authentication include but not limited to: it does not call for transmission of a secret, it is usually issued by a trusted party, and the non-repudiation factor is strong and serves more purposes than just authentication. Its two additional purposes is that it provides integrity of data as well as confidentiality (Wason, Gupta & Adler, 2014, p.28).
There are several differences between password based certificate based authentication methods. To start with, password based authentication is essentially a symmetric key to imply that same key is used by both the client and server in order for authentication to be completed while on the case of certificate based it uses asymmetric set of keys. It is based on the principle of public key cryptography where the client is issued with only one key (private key) and that is not shared with any other person.
Considering the fact that passwords are no more reliable methods of user authentication, combining that issue with ever-present risks associated with bring your own device (BYOD) policy and the threats of rogue machines has left people wondering how to limit access to their information systems (Wason, Gupta & Adler, 2014, p.19). Luckily, Digital Certificates have addressed the two cases, user and machine usage. A closer look at the certificate-based authentication indicates that this approach will maintain privacy of the person interacting with an information system while maintaining full control over the corporate data and networks. Through it, Organizations can easily revoke certificates a device gets lost, stolen, or an employee is no longer an employee of the organization.
On the other hand, a spam is an unsolicited message that is sent over the Internet either to a single person or to many by an attacker and whose main aim is usually to spread malwares or phishing. A good example is a message send through a mail with a link that when clicked directs you a page similar to that of a Gmail account but a fake account and when a person is lured to enter his or her details, the attacker directly obtains them. Also it has been spread through attachments on email which when clicked directly installs some kinds of malwares which can either be used to record credentials of different platforms especially which are password protected (Wason, Gupta & Adler, 2014, p.40).
To be on the safe side as far as spam cases are concerned, people should install anti malware and antivirus programs on their devices and will be in a position to reveal those spam messages as well as their attachments. Safety can also be achieved through ensuring that messages from unknown sources are handled with great caution. The attachments must also be handled with great care because any slight mistake will lead to installation of unwanted programs which may cause a lot of harm on the devices being used as well as the entire corporate network.IT administrators should ensure that firewalls protecting the organization networks are functional to prevent penetration of malwares and other dangerous programs into the organization information systems which may have huge negative impacts.
References
Faulds, M. C., Bauchmuller, K., Miller, D., Rosser, J. H., Shuker, K., Wrench, I., … & Kerr, D. (2016). The feasibility of using ‘bring your own device’(BYOD) technology for electronic data capture in multicentre medical audit and research. Anaesthesia, 71(1), 58- 66.
Garba, A. B., Armarego, J., Murray, D., & Kenworthy, W. (2015). Review of the information security and privacy challenges in Bring Your Own Device (BYOD) environments. Journal of Information privacy and security, 11(1), 38-54.
Jones, C. B. (2014). Geographical information systems and computer cartography. Routledge.
Juels, A., & Richards, G. (2016). U.S. Patent No. 9,515,996. Washington, DC: U.S. Patent and Trademark Office.
Medvinsky, G., Nice, N., Shiran, T., Teplitsky, A., Leach, P., & Neystadt, J. (2015). U.S. Patent No. 9,055,107. Washington, DC: U.S. Patent and Trademark Office.
Mishra, D., Das, A. K., Chaturvedi, A., & Mukhopadhyay, S. (2015). A secure password-based authentication and key agreement scheme using smart cards. Journal of Information Security and Applications, 23, 28-43.
Stair, R., & Reynolds, G. (2017). Fundamentals of information systems. Cengage Learning.
Wason, P., Gupta, N., & Adler, R. (2014). U.S. Patent No. 8,707,043. Washington, DC: U.S. Patent and Trademark Office.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download