Information Security in a World of Technology - Essay Sample

Introduction

The application of technology by individuals and businesses has become an obvious step for organized and high-quality work. Today, technology is applied in hospitals, companies, individual businesses, and schools, just to mention a few. However, information is threatened by various cyber insecurities like a virus, malicious programs, phishing, and denied service. Hence businesses stand to lose customer information and confidence when their technological systems are attacked. Consequently, businesses are spending money to ensure that they are protected from the attacks. Cybercriminals such as hackers often target huge businesses, and if the threat is not detected early enough may cause extreme damage. This paper is a discussion of some elements of information security in a world of technology.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Section 1

Physical Security

This is the action of limiting access to an organization’s network resources by keeping them in locked areas to protect them from unauthorized users and natural disasters. Putting physical security can protect the resources from being misused by untrained contractors and employees (Xu et al., 2017). Other than the internal threat, this security could protect the resources from external threats such as terrorists, competitors, and hackers. Depending on the level of physical security adopted by a company, technological resources could be protected from natural disasters like fire, storms, floods, and other events like radioactive spills and bombs. This type of security is aimed at covering servers, modems, cables, hosts, routers, and demarcation points. An excellent example of physical security is an authorized user's only room full of computers in a firm. A single person is put in charge of this room, and the user needs to approve the reason to access the resources. Assurance evaluation and particularly design evaluation could be used in checking whether the physical security system is providing the functionality security intended to provide.

Authentication

This is a security measure to identify whoever is requesting a network service. The process could be done to identify users, devices, or even software (Xu et al., 2017). Some security policies demand a user to provide ID or passwords before allowing access to the system. If the security server does not authenticate the password or ID, the user cannot access it. Authentication is aimed at ensuring that the person accessing the network is authorized. For example, most companies have system passwords and codes that are changed from time to time to protect the resources. Evaluation could be done through security characteristics, especially for security functionality, whereby the security service is provided to the user only.

Authorization

Authorization security dictates what the user can do when they access a network service. Hence, it gives privileges to users and processes (Xu et al., 2017). This type of security allows the security administrator to control a segment of a network, such as files on servers. Authorization varies from one user to another, depending on the department they belong to. For example, the HR system could be designed so that only the department employees could see the salary records of other employees. The security functionality method could be used to evaluate this security service whereby the system is checked, whether it only allowed certain people to access certain information.

Data Encryption

This is the scrambling of data to protect it from being accessed by the unintended person. An encryption device encodes data before putting it on a network (Xu et al., 2017). The receiver of the encrypted message then uses the decryption device to decode the data. Devices such as servers, routers, a dedicated device, or a system could act as a decryption or encryption device. For example, a company could encrypt data in terms of numbers and send it to the receiver. Assurance evaluation could be done in encrypted data whereby implementation evaluation is done to ensure that the intended purpose of the security was met.

Section 2

Security Mechanisms in Hospitals

Healthcare facilities use security policies that are aimed at accessing control and authentication. Besides, security policies achieve integrity, availability, and reliability of data to authorized persons (Tsao, 2017). The facilities adopt the use of electronic medical records, which eliminates paperwork. This physical security ensures that the patients’ data can only be accessed by specific individuals. The facilities organize physical security for the available electronic system by ensuring that each patient's information is stored in the computer and that paperwork with sensitive or confidential information is destroyed. This information is retrieved only when there is a need. In these electronic systems, various security measures such as authentication and authorization are used to control access to various information. Passwords and ID codes are put in various computers to protect unauthorized users from retrieving patients’ information. Also, authorization is used mostly by doctors, whereby there is a need to protect patients' confidential information, which not even nurses should retrieve.

Administrative and Personnel Issues Security in Hospitals

According to Tsao (2017), it is crucial to keep patients' information confidential, whether they are confidential to them or not. Healthcare administrations are ethically obligated to keep the patient’s information confidential. Hence, in cases where the insurance policies and other hospitals may want to access the patient’s information, the administration is supposed to ask for the patient’s permission before sharing it. Healthcare personnel is mandated to keep patients' information to themselves. Often, the administrators put passwords to the system and only allow certain personnel to access the information. Hence, they would be accountable for the use or misuse of this information.

Level of Access

Tsao (2017) states that hospitals use information systems that enable them to limit the number of personnel who can access patient information. Such systems include electronic medical records, practice management software, remote patient monitoring, and patient portals. These systems are designed only to allow their users to access patients' data; hence if people within a department do not have access to the system, they cannot retrieve the patients' data. Some of this software is only used by doctors hence denying nurses access to the patients' information.

Handling and Disposal of Confidential Information

Most healthcare facilities have designed ways of disposing of patients’ information. Most facilities transfer data from paper to electronic systems and then destroy the paperwork. Major facilities shred the paperwork immediately; the data is fed to the computers. Other facilities without paper shredders contact other facilities and hand them over paperwork for destruction. Some sensitive information is not stored to protect the confidentiality of the patients. Such documents are either shredded or disposed of in waste containers without transferring them to the facility system.

Section 3

Protecting information from phishing and spam emails using security mechanisms could be done in the following ways examples and evaluated in the respective ways. An example of a physical security measure is putting computers in a room whereby only trained staff can access them. This way, the trained employees would recognize a spam email or phishing and delete it or destroy it accordingly. Design evaluation is used to account for assurance of security (Gukal & Varadarajan, 2017). During the assessment, the evaluator finds out whether only the authorized users were allowed to access the system. For authentication, an example would be using passwords in electronic systems to ensure only authorized users access them. The use of passwords would mean that only authorized personnel access the emails and other elements of the system. The security functionality method of evaluation should be used to evaluate the functionality of the security provided. If the spam emails were replied to, it would mean that the system was accessed by unauthorized personnel.

An example of biometrics is the use of facial patterns to unlock computers. These are used to recognize particular people; hence only that person can use the system at that time hence would be responsible. The security functionality evaluation method could be used in this case, whereby the level of security provided is examined. The application of firewall security may include designing the system to allow traffic from any IP address but the flagged ones (Gukal & Varadarajan, 2017). For wireless network security, a firm could use WPA to encrypt data before sending it to the receiver. An excellent method of evaluation is assurance evaluation. An application software example would be for the software to request for identification code before accessing. The security functionality method of evaluation would be excellent to use. An organization could use Avast antivirus software to block malicious programs and viruses from reaching their system and design an evaluation method used to evaluate the security. A spyware detection example can be the use of adware to spy on malware, and the design evaluation method should be used to examine the security offered. The other example is administrative and personnel issues whereby trustworthy personnel should be employed, and the security functionality method of evaluation is used. Lastly, a level of access example would be role-based access control, and the design evaluation method would be used for evaluation.

Conclusion

In the world of technology, security issues are very common, and the ability to control them is what matters. Businesses use security mechanisms such as encryption of data, authorization, authentication, physical security, and level of access to limit access to various information. Evaluation methods such as design, functionality, implementation, and assurance are used to evaluate the provision of security by the applied mechanisms. In healthcare facilities, various methods, such as the level of access and authentication, are used to protect patients' information from unauthorized users. Limiting access to such information increases the respect and confidentiality between the facility and the patient. Security mechanisms are used to protect organizations from spam emails and phishing by limiting access or taking action against the malware. Many companies use these security mechanisms and other customized security policies to protect their information from hackers, viruses, and unauthorized users. In the future, there will be more improved methods of securing information from hackers and other threats.

References

Gukal, S., & Varadarajan, R. (2017). U.S. Patent Application No. 15/274,600. https://patents.google.com/patent/US20170093910A1/en

Tsao, Y. J. (2017). The Effect of the Information Security Management System in Hospitals on the Maturity of Information Security. https://etd.lis.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0717117-212100

Xu, M., Lu, K., Kim, T., & Lee, W. (2017). BUNSHIN: Compositing Security Mechanisms through Diversification (with Appendix). arXiv preprint arXiv:1705.09165. https://arxiv.org/abs/1705.09165