Computer Security Information Risk Assessment & Security Management - Essay Example

Before computers became ubiquitous, confidential information was stored in documents, photographs, audio or video tapes, etc. The confidentiality was ensured by keeping these items in locked safes, bank vaults, dual control safes, etc. This is prevalent to some extent even today. With Computers becoming ubiquitous, documents are now largely electronic. To preserve their integrity and confidentiality, recourse is made to password protection, data encryption, firewalls, intrusion detection software, etc. (Parker. B, Donn.

Microsoft Encarta, n. d.) This is the age of the World Wide Web. Nowadays, almost every person having a vehicle loan, a housing loan, a credit or debit card, and automated teller machine card, a social security number, a passport, a driving license, a telephone connection, etc, has to provide detailed personal information to the agency or authority, which provides that particular facility or service. Most if not all such information is in electronic form and stored in some centralized Computer's Database.

The crux of the problem is this electronic form of personal data. If a hacker succeeds in his hacking attempt then all such confidential data can be viewed, changed or destroyed by the hacker. There exist a vast number of such co. software such as automatic computer virus generators, internet eavesdropping sniffers, password guessers, vulnerability testers and computer service saturators to further their criminal ends. Adoption of such methods makes identity theft, fraudulent withdrawals from a bank account, fraudulent electronic funds transfer, etc, possible.

A vast amount of confidential data is regularly exchanged between governmental agencies and financial institutions like banks and other corporations. This transfer of information usually takes place between computers located in different and far off places. In the 1970's Horst Fiestel of IBM, developed an encryption system known as Lucifer. In 1977, the U.S National Bureau of Standards developed an encryption standard known as the Data Encryption Standard. In 1997, the NIST developed the Advanced Encryption Standard.

The use of these methods makes the encrypted message almost impossible to decipher. Unfortunately, this is used by terrorists and international criminals to plan and execute their nefarious activities. (Sutton. G, William, Rubin .D, Aviel, Microsoft Encarta, n. d.)The world is becoming increasingly networked. In this scenario, data encryption algorithms of increasing complexity are ensuring the secure transmission of information across Computer Networks. Password protected logins, firewalls, anti - spy ware like intrusion detection systems, anti - virus, application safeguards like generation of checksums, use of maker checker concept in financial transactions, authentication message source, use of roles and privileges, limit on transaction amount, redundancy of backups, parallel databases and the physical security of hardware.

In addition to this, a mock disaster recovery drill should be conducted on a regular