There is a long line of self-interested intruders ready and willing to capture this valuable data, and as our reliance on digital information has grown, so have the threats. Large concentrations of data, mobile devices, and the need to keep the data useful has all added to the vulnerability of our information technology. While our information system has worked to make our data more secure, the threats of attack and the divulging of information has become ever more prevalent. Information security is an ongoing process that can never quite meet the challenge of the security threats.
Security threats originate from three sources. There are internal threats from corrupt employees, external threats that originate from external attacks on the system, and system failure. While direct attacks may compromise the data, system failure can cause a loss of information or system shutdown. While developing a system of access control minimizes attacks, system failures are dealt with through a system of redundancy and audit tracking. These systems are open to compromise by direct attack or well meaning employees that practice lax security measures.
The security of a database or network often begins with access control. At the system level this may mean the use of passwords. Passwords are easily compromised and are often shared for the purposes of convenience. Levels of granting only necessary access to a system or a file have been more helpful as data is made available only on a need to know basis. However, in a fast paced team environment, this may require man-hours that far exceed the realistic value of the security. According to Hu, Ferrariolo, and Kuhn, "If a single permission is incorrectly configured, a user will either be ineffective in performing his/her duties or will be given access to unintended information and systems, which could result in undermining the security posture of the organization" (36). In this situation, there will be inappropriate access granted to internal security threats.
Theft of laptops and CD ROMS are becoming a growing threat as large databases are easily transported. Systems of biometrics can help reduce the threat of employee failures and theft of data devices, but are expensive and presently are not as portable as may be needed in the world of mobility and wireless technology. Retinal recognition is a cumbersome technology and finger recognition is necessarily dedicated to a single device. Several other methods are in limited use or are emerging These include signature dynamics and typing patterns. These systems do not compare the data or the signature, but looks for traits such as pen pressure, typing speed and patterns (Kay). Rapid DNA sampling is yet one more method being researched. It could prove to be foolproof, but it is years away from a practical application at an affordable cost. The technology is lagging behind society's need to find a solution to securing mobile data. The challenge for IT security is the education of the employee through ongoing training sessions, seminars, awareness programs, and stating the need for increased alertness about security issues (Gonzalez and Sawicka). The rate of security changes and challenges may not make education and training an economic or practical reality to keep pace with emerging technologies.
While corrupt employee practices can place