But with this ease of information access comes the issue of security. With the increase of information flow, there has been an increase in the number of attacks on information by hackers. Attacks such as Denial of Service (DoS) Attacks, Spoofs, Sniffing, etc. have increased with the increase in the availability of hacking tools which are free of cost. Valuable information is lost in the process. For example, if a customer buys a product of a particular organization through their web-site and a hacker presents himself as the organization and receives the money from the customer, valuable information such as the ID of the customer, his credit card numbers, his passwords are all stolen by the hacker. Therefore such information has to be transferred securely over the Internet. Encryption is the most common way of securing valuable information while transmitting over the Internet (Rahman, 2003). Networks are secured in a different manner. They are secured using tools called "Firewalls". Whenever transactions or information between a customer and an organization are being carried out, a particular pattern is followed. Firewalls recognize and allow only these transactions or processes to be carried out and block out all the unrecognized patterns. By implementing Firewalls, most of the attacks from the hackers can be kept out. Securing a network just does not happen. There are many issues to be considered when making policies for network security. The three main issues back in the earlier days were Confidentiality, Integrity and Availability. Due to the advances in the technologies, these issues have been mostly resolved. But in the present day Networks, other issues have appeared. These issues will eventually result in the breaching of confidentiality, integrity and availability thereby defeating the cause of coming up with Network Security policies.
Confidentiality: Confidentiality is ensuring that sensitive information does not fall into the hands of those who are not authorized to have it (Dhillon, 2001). Confidentiality is also known as secrecy or privacy.
Integrity: Integrity means that the information is protected against unauthorized changes that are not detectable to authorized users (Kinkus, nd).
Authenticity: Authentication means that the parties involved in communication first prove their identity before communication can begin (Tipton & Krause, 2007).
Risk to Data
Data is the most crucial asset of a company. Remote Data Backups Inc, a leader in data security mentions the following possible reasons for threats to data (RemoteDataBackups.com, 2007):
Hard Drive Failures: Hard drives are mechanical magnetic storage devices that are extremely susceptible to failure. Head crashes, circuit board shorts, electrostatic shocks, power surges, etc. can all lead to immediate crash of the hard drives.
Viruses: Dangerous viruses can easily wipe out tones of data in matter of seconds. They are designed to affect nearly all parts of an IT system such as Operating Systems, Applications, Networks and Databases.
System Changes: Making any inadvertent changes to an IT system may render the system useless.
Power Failure: Power surges, sags and failures can damage hard drives