Security and Enterprise Systems - Term Paper Example

Security and Enterprise System [Author Name(s), First M. Last, Omit Titles and Degrees] [Institutional Affiliation(s)] Author Note Contents Abstract 2 1.0.Introduction 4 2.0.Background 4 3.0.Security and Enterprise Systems 5 3.1.Visual Surveillance methods 5 3.2.Alarm Systems 9 3.3.Online Security Systems 11 3.4.Remote Controlled Systems 12 3.5.Access Control 13 3.6.Intrusion Detection Systems 15 4.0.Recommendation 16 5.0.Conclusion 16 Bibliography 17 Abstract Over the last two decades, the global business environment has undergone numerous changes technologically. As expected, security and other processes have become more demanding with this evolution. For instance, the 21st century has been plagued with a plethora of concerns in the ear of the internet. Many organizations have therefore cited struggles in trying to manage the security issue, therefore labelling it as imperative in any contemporary organization. Governments have embarked on activities aimed at protecting the integrity of their people’s assets. As such, they have instituted strict control measures over various companies to adopt strategies and structures that foster absolute protection of data on individuals. Companies that fail to meet these established standards are forced to the edge and eventually become recessive. To maintain competitive advantage, organizations have engaged themselves in moves that seek to protect their assets aggressively, instituting technologies known as enterprise security systems to thwart off any potential threats. 1.0. Introduction This report will embark on the issue of Security and Enterprise Systems, outlining the background of the practice as well as the basics of enterprise systems. Thereafter, it will focus on an in depth analysis of the various security and enterprise systems available in the modern world. Later, it will focus on issues with the systems that have successfully been implemented the schemes of their operations. The successes of the methods identified will then be harnessed to come up with viable recommendations pertaining to how enterprises can be effectively protected using the analysed mechanisms. Finally, a comprehensive conclusion will be made. 2.0. Background With the onset of E-business, security became a major concern for organizations. In this case, e-business is defined as any commercial activity that utilizes internet technology to help businesses streamline processes, improve productivity and increase efficiencies[Bre02]. The once peaceful mind-set that we as human beings had placed in our thoughts has become increasingly vague, as threats rise on a daily basis. Businesses increasingly faced new demands from the challenges posed to their existence. According to the Cambridge English Dictionary, security is defined as the ability to avoid being harmed by any risk , danger or threat. This is deemed as an unmanageable task especially in the 21st century. Due to these limitations, it is then required that organizations and institutions install the security that they need the most. Security systems have evolved from simple manual systems to sophisticated virtual systems with inherent capabilities that require in depth training of the organizational staff. It has reached a point where security requires a heightened level of awareness in all branches of the organization[Jen09]. This requires physical as well as virtual measures. However, it has become imperative to consider that the security of enterprise systems must be balanced with usability. In other terms, the security practices in the business enterprise should be useful to the purpose for which they were established. This is represented below: Optimum i.e. Most protected = useless Most useful= Unprotected Security for the business enterprise should be cost effective. Hartman et al. (2002) assert that the best security systems are those that are most cost effective. Cost of the security system will depend upon the assets to be protected, the dangers that the businesses is currently facing, the magnitude of the loss in case of an event, costs of the possibilities, and the cost of the prevention of the events. In the contemporary business environment, the customers, suppliers, employees and competitors all rely on the enterprise systems of an organization. Therefore, it is no surprise to find hundreds of universities worldwide creating courses dealing with security issues. It has become imperative for managers as well as other corporate leaders to hold some form of security certification before being entrusted to high profile jobs in organizations. Learning of these concepts has often followed a multi-disciplinary approach, integrating social with practical techniques and theories 3.0. Security and Enterprise Systems 3.1. Visual Surveillance methods Visual surveillance methods have their origin in the late 19th century[Ant10]. Back then, it was exclusively used in prisons to monitor suspicious convict behaviour. However, the 20th century, the 20th century saw inclusion of visual surveillance in monitoring people and property. The structure of cameras has evolved greatly over the past century. Historically, cameras utilized photographic films, which were mainly silver based. Nevertheless, these systems were limited to surveillance of government structures, casinos and banks. Source: internet Video surveillance was founded on four main concepts. The first is that of deterrence, where prospective criminals knew that someone was watching them. This function is still utilized in the contemporary setting, with wide usage of cameras in various countries globally. According to an Urban Eye study project, a large percentage of video surveillance installations (86%) are for the deterrence of theft. In the concept of deterrence, video surveillance may be either passive or active. In passive, footage is analysed later while in the active surveillance, footage is analysed in real time. The second principle is that if detection. This is one of the most imperative functions of a camera. It has the ability to record the happening of an event, thereby producing hard evidence in cases of crimes committed. Currently, all developed countries have adapted the use of cameras possessing the ability to track movements of individuals throughout the city. Furthermore, law enforcement agencies have relied on visual databases to identify offenders. The third theory is termed as that of being a capable guardian. Modern analytical methods have allowed for the upgrade of passive camera systems into active ones, allowing for reactions that are more responsive. As I will demonstrate later, CCTV IP cameras have the ability to intelligently track and mark specific objects, allowing for easier identification in cases that crimes are committed. Finally, video surveillance operates on the principle of efficiency. This is demonstrated in terms of the minimum number of resources that the technique employs in its operations. It streamlines processes of retrieval of evidence, enhances selectivity and sensitivity to certain actions. It is therefore considered as an effective method of ensuring enterprise security in work settings. 3.1.1. Types of Video Surveillance Systems A number of video surveillance methods are available. a) VCR based Analogue CCTV systems Introduced in the 1980’s, the Closed Circuit television cameras rely on traditional radio frequency photographic technology. It introduced an active and effective surveillance system, and pioneered modern CCTV-IP systems. The system incorporates a camera connected to a Cathode Ray Tube (CRT) television by means of a coaxial cable. The footage is usually black and white, and security personnel monitor it on a screen. In most cases, multiplexing technology allowed for multiple camera images on a single screen. The method has been criticized for its expensive nature, citing that the costs involved in wiring the cables and cameras. It is also time consuming. Currently, no facilities use this technology as methods of video surveillance that are more efficient have emerged. b) DVR-Based Analogue CCTV systems In the mid 1990’s, a new digital revolution, the DRR analogue CCTV system was introduced. Unlike the VCR systems, it consisted of a large amount of space that allowed for storage of even a week’s footage. Therefore, there was consistent recording quality, constant recording and quicker access to recorded video. However, the chief advantage was a large security coverage as the technology allowed the transmission of video signals over longer distances. Some traces of the technology remain. However, the footage is of very low quality and may be useless for in securing enterprise systems[Fre08]. c) Network Camera Based Network Video Systems (CCTV-IP) Network cameras refer to camera devices that are connected to a internet protocol network connection. In this device, the video signal is conveyed via an IP network to a PC with video management software installed. The system is devoid of any analogue inputs and is therefore the ideal network system. The system possesses the greatest advantages. Images are digitized inside the camera once recorded; therefore rendering high quality feeds contrary to those of the analogue cameras. In an attempt to market their products, most companies are labelling their cameras ‘digital’ while they are analogue in actuality. It should be noted that digital images can be converted to analogue or vice versa, but the process is accompanied by a loss in video quality. i) Advantages Digital signals, unlike analogue, do not degrade over conveyance to long distances. This makes it an ideal choice in the protection of business enterprise systems in the 21st century. Furthermore, digital cameras can be wired using the same cable, presenting a form of efficiency and cost effectiveness in installation than analogue devices. The fact that the cables can also carry power to run the cameras displays just how capable these cameras are. Incorporating other elements such as flexibility and scalability, the list of advantages continues. ii) Disadvantages The cost of resources in implementing this video surveillance system is the main downside. Costs of procuring the camera systems, connectors, installing the network systems, software, and PC servers are high. However, for a valuable business enterprise, one can make a compromise and incorporate the system as a central part of the security installations. 3.1.2. Issues associated with CCTV-IP systems Security cameras have often yielded numerous issues regarding privacy. It should be ensured that cameras are only used for the legitimate purpose they were originally intended to do. Due to their capabilities, they are often prone to misinformation and misuse. It is important to place security systems in places that do not put people in unnecessary compromising situations Below are some of the issues in Video surveillance Systems[Sam14]: i) Intrusion on Private life Surveillance is legit as long as it does not intrude details of one’s private life. For instance, installing cameras in toilets and bathrooms as well as bedrooms is considered as illegal. Therefore, it is vital to consider these elements in the design of an enterprise security system. ii) Confidentiality Breach A hidden camera in operation may take footage that may require confidence. Distribution of such footage using underhand approaches is regarded as a breach in ethics and legal principles tied to confidentiality of information. Such cases may lead to disagreements in which the employer may ultimately be held accountable. iii) Legal Issues The installation of camera should be within legal boundaries. This stipulates that devices should be within the acceptable limits of privacy. Therefore, no devices should be installed for malicious purposes, as there is the probability of yielding lawsuits. iv) Deception It is important to notice individuals that the area is under surveillance to avoid deception. This is a serious legal consideration that many laws internationally make clear. In summary, visual monitoring devices have been seen as effective gadgets in protecting enterprises. However, the key thing to remember is the fact that the level of surveillance should be within the level of expected privacy[Sam14]. Some places such as bathrooms require have what us regarded as expected privacy, presenting situations that do not need to be monitored except in extreme cases. 3.2. Alarm Systems Source: internet Alarm systems have become an imperative component of the 21st century. They have experienced wide usage in homes, institutions as well as business institutions. Capital (1999) defines an alarm as a system whose primary function is to inform or warn others that an intrusion or event has taken place in the premises. Alarm systems may be grouped into hazard alarm systems and fire alarm systems. Just like the video surveillance methods, the intruder alarm’s main purpose is to deter potential criminal activity from happening in a premise. The notification may either be delayed or immediate. The delayed signal allows for response from specialized units without the burglars knowing that their intrusion has sounded off an alarm. Consequently, a stronger sounding alarm has a larger success of deterrence than a weaker one. In the case of fire and smoke alarms, a warning sound is released in case of the detection of any fire of smoke. Fire alarms have often found use in various organisational settings; especially those handling heavy machinery or those dealing with fire-prone materials or chemicals such as acrylic or toluene liquid. They primarily perform two functions; alert the occupants to vacate the premises and transmit the fire signal to a near fire station. Furthermore, automatic fire systems shut down air conditioning, electrical and special operations equipment through special automatic suppression systems. There are three types of fire alarm systems. These include conventional, addressable and analogue addressable systems. Convectional systems have a lower installation cost, offer easier programming but fail on the aspect of expansion capability. On the other hand, addressable types are easier to install, and are very flexible in terms of programmability as well as expansion. However, they have high initial costs of installation. Analogue addressable systems are obsolete in the 21st century and are rarely used in fire protection. Automatic fire and smoke detectors rely on special thermometer and light refractive optics to detect fire and smoke. The most common systems include GE Security and fire, Fire-Lite, and Gentex Corporation among others. 3.2.1. Issues in Alarms i) Reliability Alarms are supposed to be always reliable methods of detection. In case an alarm system stops functioning for even the shortest period, losses experienced may well be over the roof. This aspect therefore requires considerations in quality of components, design, construction and control units. ii) False Alarms False alarm incidences decrease the effectiveness of alarms as a reliable means of intruder or fire alarms. Many are the cases in which the police or emergency departments respond to a call and find out that nothing s happening[Viv99]. 3.3. Online Security Systems One of the greatest threats in cybercrime involves libel or slander after hacking an unsuspected online identity. This form of perpetration is getting common in and unfortunately, negative information on from the internet is virally leaked. Unluckily, smears can be stickier than the truth; advanced skills and habits that help fight against slander is a major challenge for future social technology (Bertino & Takahashi, 2011). As a result of the common online identity situations, it has turned out to be a blow for the other countries and organizations in desire of a neutral environment. Ping sweeps and port scans are very important methods of detecting intrusions in a network system. However, cracking and hacking of systems is becoming a rising trend. This calls for the heightening and reinforcing of systems through a series of network probes. Ping stands for Packet Internet Groper. A ping sweep is a diagnostic technique employed to see what range of Internet protocol (IP) addresses that are in use by live hosts (Tipton & Krause, 2007). It is an important method for network administrators to locate active machines on a network as well as troubleshooting an issue. On the other hand, Port scans are attempts to uncover weak points in a network. It involves identifying open ports in a network and services that are then available on that network host. This technique may particularly come in handy when network administrators are auditing computers for vulnerabilities (Simpson, 2012). Those were just the positive uses of the two network probing techniques. The two techniques also come in handy for hackers and crackers; providing access to machines in the network. Ping sweeps are used by hackers to identify active machines in a network thus aid their decision in determining which machines to concentrate their attack on. An intruder sends an ICMP ECHO to a range of machines on a network (Tipton & Krause, 2007). Then the computers connected to via network send a warning sign back to the intruder to let him/her know that they are on. The machines that are not on or available do not send a signal. Trespassers may also use the port scans in a similar manner; in which he/she uses the data from open and running ports to initiate a system attack (Simpson, 2012). However, the above can be prevented in a company and should not be a threat too large to handle. All vital information related to the security of the system should be kept encrypted. The network personnel should keep up to date with new developments in security to keep their networks rock solid. Firewalls should also be used to keep the open ports protected and keep machines safe (Simpson, 2012). All in all, prevention is better than cure. The network administrators should perform regular checks to always keep ahead of the malicious persons. Deidentification of data stored on machines is also a viable method of security. Identity is a term stemming from the Latin root ‘idem’, which means ‘the same’ (Stets & Burke, 2002). Each and every individual in existence tends to have a unique sense of identity. It is this quality that therefore helps us as humans identify each other. It is grouped on several levels including cultural identity, gender identity and national identity among others. However, there exists several means in which identities are being threatened. Identity theft has become a rampant issue given the rapid technological advancements, posing a huge risk to 21st century enterprises. Almost all part of our identity is subject to change, especially in such a technology dependent and self-conscious generation. Surgery has become so finely practised that changes in gender, body size, face image and height can be done to satisfactory levels. It has therefore become clear to us that we have a wide range of identities to choose from more than ever before (Bostrom & Sandberg, 2011). It all lies in the perspective that a person has towards others and himself. It is evident that self-image may be different from the eyes of another person having a dissimilar perspective. Some of the elements bound to influence identity are social life, financial status, educational level and finally social life. 3.3.1. Issues in Online Security The progress of online identities established in the internet as well as virtual world’s raise a plethora of issues. Online identities have also been the main means to link our social identities. Identity theft issues have left thousands of persons and businesses at loss (Birch, 2007). The challenge of bringing together the data needed to create a meta-system is now on. Improving the identity management system also comes with some consequences. The first is unclear jurisdiction of the handling of the situations by the relevant authorities. Secondly, there may also happen dome data breaches. The current collective identity features a world in which persons are in constant connectivity (Bostrom & Sandberg, 2011). 3.4. Remote Controlled Systems The advancement of wireless technology in the 21st century has opened up doors for many sectors of the economy. As expected, the security docket has not been left behind, with a plethora of methods now available for remote controlled IDS system. The systems use wireless communications, telemetry and automation; making it possible to switch On/Off. The technology has its origins in the American military system, utilizing a system integration and engineering approach. Remote controlled systems also incorporate the use of satellite systems to monitor activities globally. It incorporates the use of server computers which are connected to other remote devices. Privacy protection is a debatable issue in some cases but is generally highly accepted (Stets & Burke, 2002). It may be done for ethical or legal cases, absolute privacy in the pirate form. Public service organizations must reduce the individual information they hold, only acquire personal information for which they have a defined and specific need and ensure that such information is held only as long as is stringently necessary for the drives for which it has been provided. RCS technologies are particularly advantageous because of the concept of real time alerts. One can receive text messages, emails or video messages in case of a threat happening. For this reason, they have gradually been adapted as the main security systems in business enterprises, fostering impeccable flexibility in security of business assets. In combination with other systems, they yield a solid security system laced with all the vital components that an intruder detection system may have. Remote controlled systems have the same issues as video surveillance and online security. Therefore, they do not offer any unique challenge. The ultimate solution to privacy issues is responsible use of the security method in the business enterprises. 3.5. Access Control The digital revolution came with a number of methods that reinforced the elements of human security[Eli11]. Various methods were employed in ensuring total protection of premises. These methods included access card control, biometric access, voice access, shock sensors, seismic intrusion detction, motion sensors and contact sensors. Modern facilities require the authorization and authentication of persons in the 21st century based on the level of security required in the premises. It also has the effect of minimizing costs accruing from a series of recursive tasks. The information and technology sector has the largest role to play if this matter (Stets & Burke, 2002). Security access cards are plastic cards used together with a reader to grant access into restricted premises in buildings and institutions. They are mainly employed as general access devices or in other cases, may be individually coded. In many cases they contain three vital pieces of information: i) Holder’s name ii) Identification number iii) Level of access The cards employ the use of magnetic technology in the form of a magstripe, having very minute particles. The data is written through alignment of the ultra-small dipoles in the card, making the dipoles align in different directions. There are three types of readers employed in the detection of access cards. These include swipe readers, insert readers and proximity readers. Contact and motion sensors are systems relying on infrared technology to detect any intrusion in premises. In this respect, they then send warning signals that activate alarms that trigger responses to the event. In most cases, they are coupled together with other security mechanism such as video surveillance and alarm systems. Biometric systems defer from traditional access systems in that they require the user to present part of their biometric for identification. In these case, biometrics may involve fingerprints, eye and face scans or voice commands among others[Bos11]. These features are stored in a database where the server accesses them on request of granting access to a premises. They provide very solid security in cases where they are applied rightfully. 3.5.1. Issues in Access Control i) Human dignity The technology has been accused of turning human dignity into a collection of biometric parameters. It has often been termed by ethical experts as dehumanizing. ii) Privacy and discrimination Similar to other methods of security in premises, access control data may be used for malicious purposes. This presents serious privacy threat to the subjects and likely to cause biases. iii) Security to owners of the access items The use of biometric functions to access various facilities poses dangers of stalking or assault. iv) Cancellable biometrics Unlike passwords, biometric access utilize body organs thus very hard to cancel in cases of problems. 3.6. Intrusion Detection Systems Source: internet Intrusion detection systems can be defined as a collection of individual entities that can be used to positively identify breaches in the security grid. They are a collection of all the above mentioned systems, wired together to form a reliable and dependable system. A PC or server system acts as the brain of the system. When a breach is detected within the premises, the detector sends a signal to the central computer. The computer then sends a signal to counteract the invasion. In most cases, the doors at the premises lock completely, while other escape routes are completely barred through stainless steel grills and sheaths. They are the ultimate security solution for an enterprise. However, costs of installing such as system are very high; involving the use of highly specialized experts in the design and testing of the system. They have been highly commended as capable guardians though a review of several articles[Dav07]. The issue of ‘acceptable levels of security comes into the question’, constraining IDS systems to ethical considerations in the society 4.0. Recommendation Based on the variety of advantages as well as limitations of the methods of enterprise security presented above, I would recommend the establishment of an integrated security system. This is because other devices serve other functions primarily; therefore more effective than others. For instance, the fire alarm cannot be used for detection of burglary. The case is true for motions sensors and other devices. However, this approach will depend on the type of business enterprises being protected. Expensive assets will require extremely robust methods, applying the use of IDS systems extensively in such an environment. Furthermore, video surveillance systems may be adequate with places with high physical security such as high walls and electric fences. The paper therefore asserts that there exists no such thing as a standard security system. A good enterprise security system is one that will facilitate a tailor-made plan for the organisation’s security. 5.0. Conclusion In conclusion, the few methods present different views of challenges of the security challenge in the workplace in the last two decades. Although they may not entirely function on the same principle, they have some interrelated concepts that eventually reveal the hazards of installing an incompetent system. Ranging from low level to high security needs, the necessity to certainly reform the security issues has emerged. There is the capability in small and minute issues to completely stall the completion of the project thus, control over it is essential. Other risks can easily be controlled if financial resources are available thus do not pose high problems. However, the issue of establishing proper control over security operations is key to running a successful business enterprise system. Bibliography Bre02: , (Hartman, et al., 2002), Jen09: , (Bayuk, 2009), Ant10: , (Caputo, 2010), Fre08: , (Nilsson & Axis-Communications, 2008), Sam14: , (Page, 2014), Viv99: , (Capel, 1999), Eli11: , (Bertino & Takahashi, 2011), Bos11: , (Bostrom & Sandberg, 2011), Dav07: , (Birch, 2007), Read More