The same can be said for mobile phones and digital storage media, where mobile phones are more than just a calling device, but also function as personal digital assistants with access to the internet and related applications. Likewise, storage media has progressed from floppy discs and compact discs, to USB or flash drives that can be attached to key rings.
Van Loggerenberg and Morne (2008) have also stated that our increased use of computers and digital media has increased our dependency on the proper functioning of such devices. This means that as more processes and procedures are carried out using IT/IS systems, we, as users lose our ability to deal with and possibly identify the vulnerabilities associated with these systems. Another possible reason suggested by Van Loggerenberg and Morne (2008) is that we place our trust in these systems, and this demonstrated by the existence of extensive internal intranet and online systems which business and personal users access to send highly sensitive information. It seems that there is a common belief that the systems are safe, and that they cannot be intercepted by any other third parties. However, this unwavering trust is also a potential source of the vulnerabilities that shall be discussed in this report.
Vulnerabilities associated with IT/IS security is therefore focussed on the trus...
The development of IT/IS was instrumental in widening the access to knowledge for many individuals, however, this access to knowledge has also proved to be a double-edge sword. For instance, those with the most knowledge on the workings of IT/IS systems are more likely use this knowledge to exploit the vulnerabilities that so many users are unaware of. Therefore the main aim of this report is to introduce and highlight the main vulnerabilities associated with IT/IS security; which will be achieved by examining the meaning of IT/IS, its security and the management of these vulnerabilities.
IT and IS security
IT/IS security can be defined as "the application of the principles, policies and procedures necessary to ensure the confidentiality, integrity, availability, and privacy of data in all forms of media (electronic and hardcopy) throughout the data lifecycle" (USDHS 2007). This means that IT/IS security is highly dependent on how the principles, policies and procedures are applied within organisations and to individuals. Whilst most organisations will have these in place to protect the broader spectrum of information and data, the application of security can be somewhat difficult when applied to individuals. For example, there have been numerous cases of business laptops going missing or being stolen, or individuals losing their USB or flash sticks which contain very important information. It seems the application of security in these instances is either unknown by individuals or the effect of such vulnerabilities is hugely underestimated.
For instance, large organisations fully understand the need for data authentication and privilege systems to protect their systems (USDHS 2007) and as such they pay attention to such systems in order to protect sensitive