IT-Web Essay Paper Sample IT Security

IT Security

3.0 Background Information

Advancing Information Technology (IT) has raised concerns about the security risks likely to affect data. Weak IT security is associated with risks such as vulnerability to malware, viruses, and attacks as well as compromise of network systems and services. Inadequate Information Technology security results in compromising confidentiality, integrity, and availability of data due to unlawful access. To ensure individuals’ privacy policies are consistently and carefully protected, local and state education agencies should implement state of the art Information Technology security measures. This will ensure they remain ahead of the ever evolving and advancing threat of data breaches. The security measures however require diligence from the education community in order to understand and anticipate the risks (Abraham, David & Whitfield, 2013).

Information Technology security threats can be divided into two categories namely technical and non-technical. Organizations can however implement measures greatly reducing these vulnerabilities and Information Technology security threats. For example, they can implement comprehensive privacy and data security plan to ensure a high common level of network and information security is achieved and sustained. This translates to improvement of Information Technology security systems. For example, the internet and the private networks comprising the Information Technology should underline the functions among global societies and economies. This will ensure the societies are tasked in achieving Information Technology security measures in order to enhance and expand their preparedness in improving their cooperation to sustain them. Operators of critical Information Technology infrastructures, such as organizations providing information society services through e-commerce platforms and social networks as well as public administrations should therefore adopt suitable measures to manage Information Technology security risks. They should also report serious incidents to the national competent authorities addressing Information Technology security risks (SPSW, 2015). This research will therefore outline and discuss critical security threats affecting Information Technology systems.

4.0 Statement of Purpose

This paper briefly describes various threats to an organization’s information system and highlights the importance of implementing a broad approach to data security protection, encompassing both technical and non-technical solutions. Understanding the vast array of threats is the first step in ensuring adequate protection of sensitive data. All networks are vulnerable to cyber security threats. A comprehensive data security program is essential for mitigating these threats and preventing a data breach. A holistic approach to data security begins with understanding the network, its architecture, user population, and mission requirements. For example, security risks for networks with large user populations and networks connected to the internet are particularly high. Once the risks have been assessed and organizational security policies specified, security architecture should be designed and a security plan implemented. Consistent implementation of the security plan will reduce susceptibility to cyber threats and increase the overall security of an organization’s data.

5.0 Research Objectives

The objectives of this research seek to ensure secure and trustworthy digital environments promoting and protecting fundamental rights and core values through Information Technology systems are achieved. This research will therefore strive to address and achieve the following objectives.

  1.  Raise awareness with regards to Information Technology security threats hindering development and sustenance of cyber security. This will involve discussing products and services affected due to poor or lack of Information Technology security. This objective will ensure actions fighting against cybercrime and enhancing cyber security policies are formulated and implemented.
  2. Information is the most valuable asset with respect to people, cooperate societies, States and nations globally. These parties however face concerns in areas are affecting the level of security affecting access to the information. For example, their concerns can be allied to effectiveness of measures protecting unofficial and illegitimate access to the information this is because unlawful people accessing information can alter, disclose, or/and modify the resources of the information system. Such security risks mainly affect societies relying on on-line transactions especially when banking, shopping or engaging in railway reservations. Thus, this research will prove security of information accounts using social-networking sites against risks and threats such as hijacking confidential information are addressed and mitigated.
  3. Improving Information Technology security through cyberspaces is the best way to understand threats and vectors applied by attackers in order to thwart them security risks and achieve cyber space security. This research will therefore affirm that, separate units handling different levels of Information Technology security in an organization are vital. This is because diversity among organizations encourages different types of adversaries with dissimilar goals to be prepared in achieving, improving, and sustaining Information Technology securities.
  4.  Identifying the diverse natures of Information Technology threats facing or affecting global social communities and corporate organizations is vital. It involves assessing the relationship between Information Technology security measures and their capability and intention to target areas hindering or impeding information security.
  5. Securing Information Technology systems is essential. This is because it secures diverse forms of data maintaining details of all the rights organizations at federal, State and local levels utilize to achieve national security. This is mainly applied in fighting against terrorism which is a great threat to a nation’s socioeconomic growth and development. It is therefore important to create reliable environments ensuring national and international environments are protected against terrorism due to lack of Information Technology security measures thwarting perpetrators plans to infiltrate.  

6.0 Research Questions

  1. What is Information Technology?
  2. What are the measures or factors facilitating or impeding and hindering Information Technology security?
  3. Are there agencies tasked in ensuring security of Information Technology systems are protected?
  4. What measures can be undertaken to mitigate Information Technology security risks and threats?
  5. What form of security risks and threats likely to affect Information Technology systems adversely?
  6. What are the viable recommendations applicable theoretically to achieve and sustain security within Information Technology systems?

7.0 Summary Review

The dissertation will therefore review safeties within Information Technology systems, infrastructures and networks. It will affirm that, the Information Technology sector within the global platform faces various risks and threats. They threaten safety of data and information stored safely from prying eyes in order to avoid incurring financial losses, suffering from reputational damages, and users being victims of identity thefts. These insecurities are committed by cyber criminals by deploying various measures ensuring sensitive data is retrieved illegally, damaged, or used to commit more crimes through cyber space.

The dissertation will therefore focus on the following Information Technology security risks and threats. Foremost, it will discuss how botnets are used by hackers to deploy malicious codes to retrieve sensitive data from unsuspecting individuals. It will also discuss how cyber criminals utilize computer viruses, malware, corrupt and illegal programs, and software applications to gain access to individual and organization Information Technology infrastructures. Some of the cyber criminals can also trick people into configuring malicious codes in order to keep legitimate data users away providing them with an opportunity to retrieve the information and even damage it. As a result, it will also provide reliable and viable recommendations enhancing safeties in order to mitigate and prevent risks and threats facing Information Technology systems.

However, the dissertation will discuss various theoretical and philosophical approaches to apply to mitigate risks and threats facing the Information Technology systems. The theories to be discussed are namely, deontologism theory, contractualism theory, and consequentialism theory. The theories will be utilized to emphasize that, users using Information Technology systems should be responsible in safeguarding the types and forms of data they store in the infrastructures. Consequently, they will affirm that the recommendations provided should be implemented by the users to mitigate the security risks and threats. The recommendations will therefore be discussed based on the security threats listed within the literature review. This will ensure all the Information Technology risks identified have viable approaches to mitigate and prevent the risks and threats facing Information Technology systems in the future.

8.0 Introduction

Information Technology systems can be affected by security threats and risks influenced by human mistakes, technical failures, natural events, and malicious attacks. Recently, these security risks have become bigger, more frequent and complex hence, raising concerns on the need for Information Technology communities to rely on security consultants in order to improve the networks and information security measures. European Union conducted a research in 2006 revealing that, fifty seven percent of global communities have experienced Information Technology threats. The respondents revealed some of the incidents had serious impacts on the Information Technology activities they engage in to sustain a living (Atul, Suraj & Surbhi, 2013).

This affirms that, lack of Information Technology security measures compromises vital sources and services of information. This however depends on the integrity of Information Technology network and systems as the risks can stop businesses functions generating substantial financial losses within the economy. Consequently, societal welfare issues are adversely affected as cyber security refers to activities protecting information and information systems to maintain peace and cohesion across socioeconomic and political platforms. Information Technology systems including computers, networks, data bases and data centers as well as applications ought to engage appropriate procedural and technological security measures to achieve and sustain security. There are diverse Information Technology security measures including antivirus software, firewalls, and other technological solutions protecting personal data and computer networks. Although they are essential, they can be insufficient in ensuring Information Technology security is achieved. This is due to the rate at which innovation and technologies are growing, expanding and advancing at within the cyber infrastructures (Atul, Suraj & Surbhi, 2013).

It is therefore important to educate global populations to utilize the cyber infrastructures properly to reduce and prevent Information Technology security threats. The populations should be educated on cyber ethics, safety, and security issues that should be integrated through an educational process commencing at an early stage. This is because these issues advance security measures seeking to ensure Information Technology availability, confidentiality, and integrity of the systems is achieved in order to prevent and mitigate loss of information assets due to cyber security attacks (FCC, 2013).

Recently cyber security has materialized as a discipline focusing on the need to protect valuable information or data passed and stored within computer systems and infrastructures. Protecting Information Technology systems from people capable of gaining unauthorized entry to obtain, damage, corrupt, and destroy or prohibit access to sources of data is crucial. This has led to development of an Intrusion Detection System (IDS) program analyzing activities undertaken during an execution in order to try and find indications that the cyber space has been misused. The program considers a wide range of descriptions influencing Information Technology systems such those relating to: biological, marketing, military and other types of conflicts adversary affecting Information Technology systems. Health care, three-dimensional cyberspaces and physical information asset protection are also considered as possible approaches in enhancing cyber security in present and future times. These approaches can be labeled as heterogeneity as they motivate users to adopt secure behavioral patterns guaranteeing cyber security and wellness (Cook, Waugh, Abdipanah, Hashemi & Abdul, 2014).

Secure Information Technology systems and cyber security therefore plays a significant role in developing and advancing information technologies as well as Internet services. Agencies dealing with cyber security focus on cyber information crimes ensuring national cyber security infrastructures are addressing and resolving cyber crimes. The emerging trends adopting new technologies such as cloud and mobile computing, e-commerce, and social networking are posing challenges in securing Information Technology systems. This is because they lack coordination between security agencies and the critical Information Technology infrastructures with the internet being one of the fastest-growing areas of technical infrastructures (Atul, Suraj & Surbhi, 2013).

9.0 Literature Review

Today’s business environments rely on disruptive technologies such as cloud and social computing as well as next-generation mobile computing in order to modify how organizations utilize information technology while sharing information and conducting commerce online. More so, more than eighty percent of total commercial transactions are conducted online. The Information Technology field therefore requires a high quality of security measures to achieve transparency in delivery of excellence transactions. The scope of Cyber Security extends not only to the security of Information Technology systems within the enterprise, but also to the broader digital networks. The Information Technology networks, infrastructures and systems critically rely on safe cyberspaces in order to develop internet services and advance information technology services. Thus, it is essential to enhance cyber security in order to protect critical information infrastructures. This further ensures nations’ security and economic measures guarantying the well-being of societies that are dependent on cyber systems are safe. The full range of human activities such as financial, commercial, health care, entertainment, communications, energy, and national defense are also protected (Cook, Waugh, Abdipanah, Hashemi & Abdul, 2014).).

Recent research findings indicate that, the level of public concerns in relation to security of private and confidential personal information has been increasing since 2006. Internet users are highly concerned as weak and unsafe Information Technology infrastructures provide an opportunity through which cyber attackers can acquire too much personal information for malicious use. The users claim that, when private personal information is acquired illegally, it is difficult to suspect and ascertain the lack of legitimate grounds applied to access and retain the personal information. Exploration of the metaphors used in cyber security domains can therefore help in improving users’ ways of thinking and discussing measures to implement to achieve cyber security. Firstly, users should gain a clearer understanding with regards to the value and limitations of the concepts mapped from other domains into the cyber security domain (Abraham, David & Whitfield, 2013).

Secondly, trying out less common advancements in Information Technology should be limited. This will ensure raised concerns with regards to Information Technology risks associated with weak Information Technology security are addressed. For example, vulnerability levels through use of malware, viruses, and attacks in order to compromise Information Technology network systems and services can be minimized and prevented. Inadequate Information Technology security measures therefore can compromise confidentiality, integrity, and availability of the information or data due to unauthorized access. To ensure that individual privacy remains carefully protected, local and state education agencies should implement safe information security practices. They should be effective and efficient in ensuring the ever advancing evolving Information Technology threats attempting to breach sources of data are diligently resolved and thwarted (Cook, Waugh, Abdipanah, Hashemi & Abdul, 2014).

9.1 Data Security

Various organizations fail to develop security architectures ensuring Information Technology systems are protected. This leaves the Information Technology networks vulnerable to exploitation leading to loss, damage, and alteration of sensitive, private and confidential information. Such organizations also lack resources and qualified Information Technology staffs ensuring cyber networks and systems are protected from malicious cyber criminals. Thus, the organizations’ networks connected to internet services directly face the risk of being attacked hence, loss or damage of sensitive, vital and confidential data. Ensuring the organizations are connected using unique network appliances with default configurations attached to ensure additional layer of protection is deployed can resolve Information Technology security issues (SPSW, 2015).

However, it is important noting that, firewalls cannot sufficiently ensure Information Technology systems are safe. This is because they provide inadequate safety measures unless additional network protection measures are also undertaken ensuring levels of vulnerability in acquisition of data, hardware, and software is minimized and thwarted. More so, susceptibility to malicious software or malware, viruses, phishing, and hacking is prevented. Thus, networks containing sensitive information such as employees’ social security numbers should have very limited accesses. The human resource environment across global organizations should therefore minimize data users as well as the number of people opening and accessing networks or perimeters with sensitive information in order to enhance the security protection mechanisms put in place. Information Technology security mechanisms such as anti-virus should be developed and configured properly to form a robust security architecture essential in providing a roadmap implementing necessary data protection measure (Abraham, David & Whitfield, 2013).

9.2 Types of Information Technology Risks

9.2.1 Botnets

Botnets are networks of available among compromised computers. They are used by hackers for malicious purposes while invading cyberspaces with the intent to commit a crime such as stealing personal information to achieve identity theft. Organizations should therefore be keen in order to discover if the Information Technology systems, infrastructures and network have been infected. Consequently, the organizations should undertake the responsibility of notifying stakeholders on the potential compromises likely to affect security measures protecting data residing on the networks. As a result, efforts to resolve the botnet infestation should be undertaken to protect organizations’ reputation. Although these efforts can be costly, they should be undertaken immediately to protect the damage of organizations’ status (FCC, 2013).

9.2.2 Un-patched Client Side Software and Applications

Computers run a variety of software applications. Some of the applications can be utilizing older versions. These versions are prone to cyber attacks from hackers and phishers seeking to exploit the data being stored for malicious use by cyber criminals. Ensuring computer applications are updated and upgraded while applying manufacturer recommended patches can minimizes Information Technology vulnerabilities (FCC, 2013).

9.2.3 Poor Configuration Management

All computers connected to any internet network without following configuration management policies are vulnerable to security threats. More so, weak data security protection measures failing to restrict how machines connect to an internet network are vulnerable to Information Technology security threats. Thus, poor configurations can impede cyber security (FCC, 2013).

9.2.4 Phishing and Targeted Attacks (Spear Phishing)

There are diverse measures applied by cyber criminals such as phishers and hackers to target individuals and organizations in order to gain access to personal information. These measures include use of emails containing malicious codes through a process referred to as phishing. Once infected emails are opened, the user’s machine is compromised enabling the cyber criminal to gain unauthorized entry to sensitive and private data (Khonji, Iraqi & Jones, 2012).

9.2.5 Internet Web Sites

Malicious codes mainly used by phishers can be transferred to other computers by browsing web-pages that have not undergone security updates. Thus, the process of browsing the internet and visiting unsecure websites can result to the user downloading malicious software used by cyber criminals to access persons’ or organization’s Information Technology networks (Chandramouli, 2014).

9.2.6 Mobile Devices

 The use of mobile devices including laptops and smart phones is increasingly expanding globally. However, the ability to secure them is lagging behind as the situation is complicated by the fact that these devices are often used to conduct work outside regular network security boundaries. Thus, data breaches can occur in any way as it is easy for the devices to get lost or stolen compromising their security measures. More so, malicious codes invading their operations through the devices’ system and applications can be easily deployed by malicious cyber criminals (Murmuria, Medsger & Voas, 2012).

9.2.7 Cloud Computing

The process of delegating data protection services shifts enterprise security architecture. In cloud computing, large amounts of data are stored in shared resources raising a variety of data encryption and availability issues. Thus, the cloud provider has to address data security responsibilities and challenges to ensure malicious codes are not employed against the organization that owning the data (FCC, 2013).

9.2.8 Removable Media

The use of removable media such as flash drives, CDs, and external hard drives on networks posing significant security threats is common. Thus, lack of proper protection can ensure these devices and types of media provide a pathway to apply malware in order to move data across networks or hosts illegally. Thus, use of removable media devices can increase security risks by infecting Information Technology machines and network (Murmuria, Medsger & Voas, 2012).

9.3 Data Security

Data security is therefore crucial as customers’ and clients’ information is protected from illegal accessibility. More so, these forms of data are impossible to replace once lost or stolen by dangerous cyber space criminals. Although data lost due to natural disasters such as a fire can cause devastating results, losing it to phishers and hackers has greater consequences. Thus, handling and protecting sensitive confidential data is central in ensuring privacy expectations among Information Technology users is achieved. Typical business with diverse forms of data should value them all and treat them as equally sensitive. This will ensure data such as Social Security numbers, work and home addresses as well as phone numbers and email addresses are protected. More so, sensitive commercial information such as financial records and federal tax information ought to be safeguarded (Abraham, David & Whitfield, 2013).

Security experts affirm that, moving data is at most at risk. As a result, many organizations store business-related data in one computer or server that cannot connect to the Internet. They ensure it does not leave the computer as it is easy to protect. However, it is impossible for corporate to conduct businesses without moving or transferring and exchanging data. This increases the number of people accessing the data. Thus, as the data is moved it is exposed to different cyber dangers compromising its privacy. As a result, organizations rely on privacy policies which are forms of a pledge affirming that, data will only be used when necessary in order to protect it from malicious cyber criminals. Thus, hackers seeking to acquire confidential information illegally by focusing on email addresses, physical addresses, and even browsing history can be thwarted (Brooks, 2012).

The growing numbers of regulations protecting data privacy measures against privacy breaches are accountable in claiming and offering security within Information Technology systems.  Organizations should therefore share privacy policies, rules and expectations with employees coming into contact with that private data. For example, Personally Identifiable Information referred to as PII includes an individual’s full names, home and work addresses, email addresses, credit card and bank account numbers, and taxpayer identification numbers as well as the Social Security number. PII should therefore be protected against theft as cyber criminals can use it to create a false cyber space individual through identity theft in order to commit cyber crime (SPSW, 2015).

Healthcare providers store and manage lots of sensitive health and medical information. This should be protected against Information Technology risks to protect patient’s medical records. This is because people are very concerned about the privacy and protection of their medical records. They need a guarantee that, their health information does not fall into the wrong hands such as hackers and identity thieves likely to abuse it for illegal financial gains. More so, they do not desire co-workers prying into personal health details in order to maintain dignity and respect (Abraham, David & Whitfield, 2013).

Customer information includes information that can be accessed through a person’s credit or debit card. They contain highly sensitive and classified data that should be strictly accessed and used by authorized personnel. Thus, unauthorized access to an organization’s or person’s credit-card transaction data accounts to security breach. A hacker can acquire customer names and addresses, PINs, passwords, card magnetic stripe contents, employee payroll files, and Social Security numbers applicable in committing cyber crime (Atul, Suraj & Surbhi, 2013).

The classification of sensitive data applies in ensuring private and confidential information is protected against malicious and illegal accesses. The sensitive data such as employee performance evaluations, financial reports, audit reports, partnership agreements, and email marketing lists should be classified under the Internal Use Only classification. Although the information is generally accessible by a wide audience, it should not be used by outsiders. This is against Information Technology security policies protecting data from cyber criminals capable of damaging the data through unlawful disclosure (SPSW, 2015).

Thus, it is crucial to control accesses to sources of data despite the kind of information stored and protected. Essentially, the more highly sensitive data is highly restrictive accessibility measures should be formulated and implemented. Information Technology experts assert that, the process of accessing data should be on a need-to-know basis. Individuals with a specific need to access certain form of data should therefore be allowed restrictively to enhance security measures. Organizations should classify data in order to begin the process of assigning access privileges and rights. This involves creating a list of people with authority to access different kinds of data under specific circumstances. Through this process, organizations should develop straightforward plans and policies in order to set guidelines on measures to apply in handling different types of data (Abraham, David & Whitfield, 2013).

It is also viable to plan for data loss, damage and theft. Organizations as well as individuals should therefore have a plan in dealing with unexpected data loss and theft in order to mitigate the threats and risks posed. This is because data lost or stolen is capable of being used by malicious cyber criminals to damage a person’s or organization reputation. For example, a business’s service and product brands can be damaged adversely affecting customers’ level of confidence to purchase them in the future. More so, the process of retrieving the information can encourage the thieves to expose the affected organization to the highly costly State and federal Information Technology security regulations covering data protection and privacy. Thus, the loss of data can also expose businesses to significant litigation risk (Brooks, 2012).

It is therefore critical to understand how data or security breach regulations affect functions and operations in an organization. Consequently, Information Technology staffs can be prepared to respond. The process of responding however should be based on a foundation addressing data breach to ensure the response plan is easy to launch with rapid and coordinated responses ensuring any data lost or stolen is contained away from malicious users. Consequently, organizational employees, partners and stakeholders ought to understand they must report data losses or theft of information to the appropriate departmental heads as soon as possible (SPSW, 2015).

Data privacy and breach laws can be very broad and strict. As a result, the loss of data should not be ignored. Sensitive data that cannot be accounted for should therefore be reported immediately. For example, employees unable to remember location of a backup tape should report the incidence as it constitutes to data breach in order for security experts at the firm to act accordingly. In 2010, the U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit responded to a combined seven hundred and sixty one data breaches. At least four hundred and eighty three or sixty three percent were among companies with one hundred employees or less. Consequently, in 2011 Visa estimated that about ninety five percent of the credit-card data breaches it discovers are on its smallest business customers. This affirms anyone social or corporate despite the size, operations and functions is at risk of information security threats (FCC, 2013).

9.4 Cyber Plan Action Items

Employees should be trained to recognize social engineering also known as “pretexting”. It is used by cyber criminals across online platforms to trick unsuspecting individuals to give away personal information and/or install malicious software onto the computers and Information Technology networks. Social engineering has been effective and efficient in ensuring cyber criminals are identified and their efforts thwarted. Cyber criminals have been striving to ensure their activities look and sound genuine and legitimate. To some extent, they try to appear helpful, making it easy to deceive Information Technology system users. This enables unsuspecting individuals to accept the malicious codes and applications they are requested to install providing the cyber criminals with an opportunity to attack (SPSW, 2015).

Offline social engineering mainly occurs over the telephone. Currently, it is also occurring across online platforms frequently. For example, they are gathering information from social networks or websites in order to create a convincing ruse to trick untrained employees and unsuspecting individuals. Social networks such as Twitter, LinkedIn profiles, Facebook posts and Instagram can allow a cyber criminal to access and gather a detailed dossier on an unsuspecting individual. Raising awareness on the risks involved in sharing private or public details on internet-based platforms can help in preventing personal and organizational losses (Atul, Suraj & Surbhi, 2013).

Many cyber criminals use social engineering tactics to trick or persuade unsuspecting individuals in voluntarily installing malicious computer software. They mainly rely on fake computer applications and programs such as anti-viruses. This is because Information Technology users believe an antivirus protects them from cyber attacks. Thus, they accept to install the malicious programs as they think they are helping in securing their Information Technology systems, networks, and infrastructure. A fake antivirus is maliciously designed to infiltrate Information Technology infrastructures in order to steal private and sensitive information. It mimics legitimate security software hence, tricking users into loading the insecure program or software on the computer. It also provides the cyber criminals with remote control capabilities who can use the installed software to steal financial information or try selling fake security programs for illegal financial gains. The malware can also modify an Information Technology system making it difficult to terminate the program. Thus, pop-ups being displayed on a computer should indicate unusual security warnings. They should be addressed immediately to avoid cyber criminals acquiring personal information for malicious use. Acquisition of credit card information is the most common method applied by hackers and phishers. They rely on fake antivirus infection to enable them gathering information offering an opportunity for illegal financial gains (FCC, 2013).

9.5 Protection against Phishing

Phishing is a technique used by cyber criminals in tricking organizations and citizens in believing they are dealing with trusted websites or entities. Small scale organizations can face this threat from two directions. First, the phishers impersonate them in order to take advantage of unsuspecting customers. Secondly, the phishers try to steal employees’ online credentials. Ultimately, the phishers take advantage of current events such as economic concerns and certain types of the year including holidays, epidemics, political elections, and health scares to trick unsuspecting individuals (Khonji, Iraqi & Jones, 2012).

Organizations should therefore ensure online activities do not include customers submitting sensitive information through emails, phone calls and personal visits. They should make clear statements reinforcing that, customers and employees as well as other stakeholders should never provide personal information through emails. This can guarantee that, cyber criminals cannot target such organizations as they are able to realize such requests are scams (Khonji, Iraqi & Jones, 2012).

Thus, raising awareness among employees is the most appropriate defense in achieving Information Technology safeties.  This can ensure people are not led to fake sites. More so, employees can be cautious against untrustworthy sources of information provided in form of links sent through an email from unverifiable persons. Ultimately, personal and professional sources of information are protected against questionable links, codes, programs, and software attempting to gain entry into an Information Technology network for malicious and dangerous reasons (Khonji, Iraqi & Jones, 2012).

9.6 Website Security

Website security is very important as it protects Web servers hosting data and other contents of information available to the online community. Online shoppers are often targeted and attacked by cyber criminals constantly looking for insufficiently secured websites. They attack the websites ensuring the multiple customers using it to move personal information are vulnerable to financial loss and theft. As a result, it is essential to secure web servers and the entire Information Technology networks and infrastructure that support cyber criminals’ attacks. This is because the consequences of a security breach results to huge financial losses. For example, organizations can account for great revenue losses as well as damage to the firm’s reputation and credibility. This can further lead to legal liabilities and loss of trust among the customers.

There are various samples of specific security threats to web servers. Foremost, cyber criminals exploit software bugs in a web server, operating system, and active content to gain unauthorized access. This provides the cyber criminals with an opportunity to install malicious software on the web server. This enables them to access files and folders containing private and confidential information. They often steal such information before modifying, altering or deleting the original contents (Atul, Suraj & Surbhi, 2013).

Another form of web attack involves denial-of-service. This attack is often directed towards a web server or supporting Information Technology network infrastructures to prevent and hinder website users from making use of the services offered. For example, the cyber criminals can prevent users from accessing email addresses, websites, and online accounts. This can involve the cyber criminals flooding web servers or Information Technology networks with information to stop the processing of users’ requests. Consequently, sensitive information contained on affected web servers is read and/or modified without authorization. Conversely, private information stored on backend databases used to support interactive elements of a web server application can be compromised by injecting unauthorized software commands. Such software commands include Structured Query Language (SQL), Lightweight Directory Access Protocol (LDAP), and cross-site scripting (XSS) (FCC, 2013).

Cyber criminals can also intercept sensitive unencrypted information transmitted between the web server and the browser. Since their actions are conducted for malicious purposes, they can change and modify the information on the web server to achieve website defacement. Cyber criminals gaining unauthorized entry to resources in the organization’s network can therefore attack external entities after compromising a web server. Although such attacks can be launched directly by compromising web servers against external servers, they can also be indirectly attacked. This involves placing malicious content on the compromised web server in order to exploit vulnerable web browsers and users using the same site. Thus, compromised web server can be used to distribute attack tools and illegal software (Atul, Suraj & Surbhi, 2013).

10.0 Philosophical and Theoretical Aspects of Information Technology Security

Philosophical aspects affirming Information Technology security measures and disciplines are vital can be divided into three features. These features are namely, a logical argument, empirical ground discussion, and endorsements of problem solving approaches. They are complimented by computer ethics under the ethical theory that is action-oriented addressing fears, hopes, desires and expectations among Information Technology users.

10.1 Deontologism Theory

The empirical decision making approach relying on deontologism theory applies universal duty-based ethics to encourage Information Technology users in uphold moral and cultural ethical values promoting Information Technology security. Information Technology users should therefore uphold freedoms, rights, and duties associated with Information Technology security social, security and private rights and freedoms. This philosophical feature therefore seeks to prevent phishers and hackers from offensively violating privacy rights in order to retrieve personal data from unsuspecting victims illegally without authorized accessibility. This feature and ethical theory values are ethically universal as they encourage Information Technology users to apply common sense to identify potential and suspected IT security threats (Madeleine & Jonathan, 2012).

10.2 Contractualism Theory

Contractualism ethical theory asserts that, moral nature and values of actions undertaken within Information Technology infrastructures should enhance security hence, preventing hackers and phishers from deploying viruses to access data without authority. The theory asserts that, human beings engage in diverse actions resulting to different consequences on personal and global platforms. Thus, universal principles formulated and implemented to achieve and sustain Information Technology security measures should be supported by individuals’ sense of responsibility. This affirms that, the Information Technology security measures developed and implemented nationally and internationally require all Information Technology users to respect and uphold them ensuring they are effective and efficient in mitigating Information Technology threats and risks. This approach therefore embraces virtue of ethics and the significant interactions maintained among global communities relying on Information Technology infrastructures for various socioeconomic uses (Madeleine & Jonathan, 2012).

10.3 Consequentialism Theory

Consequentialism theory focuses on the primary value of choices and actions undertaken by Information Technology users. It shifts attention from Information Technology users’ moral, cultural, and ethical values to the manners in which they interpret and understand collection of significant measures to adopt in order to mitigate Information Technology risks and threats. Thus, the consequentialism theory applies philosophical approaches promoting security responsibility among Information Technology users. It seeks to encourage Information Technology users to acknowledge the concepts of moral and cultural ethics in order to maintain Information Technology safeties against viruses, malware, hacking and phishing (Madeleine & Jonathan, 2012).

11.0 Recommendations

In order to reduce the ability of malicious cyber criminals compromising Information Technology security systems, robust patch management program identifying vulnerable software applications should be implemented. It also regularly updates the software security ensuring the Information Technology system has an ongoing protection against unknown future threats. To protect Information Technology systems from phishing and other e-mail security scams, professional enterprise-level e-mail security software should be installed. The software monitors incoming and outgoing messages ensuring spam messages are not transmitted (Atul, Suraj & Surbhi, 2013).

To prevent threats from compromised websites, firewalls and antivirus software should be installed. They help in identifying and blocking potentially risky web pages hence, promoting data security. Data contained in removable devices can be lost or stolen. In order to protect it from landing on malicious criminals, it should be encrypted ensuring it is not harmed through unauthorized and inadvertent disclosure. Data encryption can be strengthened by ensuring user authentication, and anti-malware solutions are installed on hand-held devices. This strategy is implemented to restrict device usage and monitor for malicious activity (TLS, 2014).

Organizations should also conduct assessments comparing benefits of adopting cloud computing. This includes analyzing cost savings and increased efficiency against associated security risks to ensure the solutions offered by a cloud provider effectively comply with organization’s Information Technology system security requirements, operational and risk management policies. Consequently, the cloud solutions and security requirements should be regularly reviewed as they evolve and advance to reassess the cost-benefits (Abraham, David & Whitfield, 2013).

Minimizing security risks should involve applying simple preventative steps such as disabling “auto run” feature of the operating system on an organization’s Information Technology machines used to train users. There are diverse measures to undertake in compromising computers. However, ensuring they have strong security architectures defending against a malicious botnet attacks is vital. Strategies for botnet detection should also be developed. They involve analyzing patterns of data sent over any network while monitoring the usage of computer resources and external connections (TLS, 2014).

The use of a professional password-generating program can also enhance security. A variety of highly-rated programs available in the markets should be implemented. This can ensure procedures in generating strong passwords to maintain Information Technology security are adopted. To achieve enhanced security, advanced authentication capabilities including multi-factor authentication should be implemented. Introducing and reinforcing policies forbidding access to social media websites while using organizational resources and equipment can also enhance Information Technology security. More importantly, people using Information Technology networks, infrastructures and contents should be trained to identify security threats generated from these sites. This empowers users to be cautious and aware that cyber criminals are always present across Information Technology systems (Abraham, David & Whitfield, 2013).

12.0 Critical Review of the Literature

The literature materials used to author the research dissertation are retrieved from journal articles and symposium or seminal materials published within the last three years. This guarantees that, the Information Technology security risks and threats discussed in the dissertation are up to date with viable measures to address and resolve them. The philosophical and theoretical approaches and features discussed therefore seek to emphasize Information Technology users are responsible in mitigating infrastructural and network risks and security threats.

12.1 Gaps in the Literature

The literature materials however fail to discuss a key issue relating to Information Technology safeties. The issue is related to legal laws and consequences applied to punish persons arrested and found guilty of aggravating Information Technology security risks and threats. In authoring this dissertation, the journal articles and seminal symposium materials did not provide legal provisions in addressing Information Technology safeties. For example, they should discuss the form and type of punishment bestowed among persons found guilty of using viruses and malware to acquire private and sensitive data. They also fail to discuss the prosecution process to undertake to ensure hackers and phishers are punished for unauthorized access to Information Technology systems and infrastructures. For example, a hacker or phisher can gain access to Information Technology infrastructures of a banking institution leading to loss of millions, reputation damage, and even bankruptcy coupled with legal suits against the firm by the customers. They can also be found guilty of money laundering using stolen identities hence, committing a financial felony. Discussing the legal punishments ensuring cyber criminals are punished and discouraged from committing more crime is vital. However, the literature materials do not provide this crucial information.

12.2 Scope of Literature Review

The dissertation has therefore discussed security risks and threats affecting Information Technology infrastructures, networks, and systems. It has discussed various data security measures implemented to ensure private, confidential and sensitive data is stored safely without unauthorized personnel gaining access. As a result, it has discussed the various risks and threats facing Information Technology infrastructures and networks. These risks include botnets, un-patched client side software and applications and poor configuration management which provide loopholes for hackers and phishers to employ computer viruses to corrupt data, commit identity theft, damage and destroy sensitive information. The dissertation has therefore discussed phishing and targeted attacks through internet Web Sites using malicious codes. It has also affirmed that, mobile devices are not safe from data breaches as cloud computing also provides cyber criminals with loopholes to apply malicious codes. Lastly, it has discussed how cyber criminals apply malware to illegally access, acquire, damage and corrupt data contained in removable media such as flash drives.  Consequently, it has discussed security measures to formulate and implement in order to ensure types and forms of data and information contained in various web sites can be protected. This discussion has focused on phishing as the main security threat since it involves unauthorized access of information using malicious codes, tricks deployed by cyber criminals, viruses, and malware.  Lastly, the dissertation has provided various recommendations addressing practical measures to mitigate the security risks and threats discussed. 

 13.0 Conclusion

Information Technology security are vital across global communities. They ensure people and organizations are protected against malicious cyber space criminals seeking to steal confidential data in order to commit criminal behaviors. Agencies across the globe should therefore work closely together in ensuring security measures are formulated and implemented to enhance information technology securities. Operators of critical Information Technology infrastructures, such as organizations providing information society services through e-commerce platforms and social networks as well as public administrations should therefore adopt suitable measures to manage Information Technology security risks. They should also report serious incidents to the national competent authorities addressing Information Technology security risks. This is because having strong security architectures is critical in defending against malicious attacks adversely affecting Information Technology infrastructures and systems.

14.0 References

Abraham, D. S., David, C., & Whitfield, D. (2013). Proceedings of a Workshop on Deterring Cyber Attacks: Informing Strategies and Developing Options for U.S. Policy. Cyber Security and International Agreements, Internet Corporation for Assigned Names and Number.

 Atul, M. T., Suraj, S. K., & Surbhi, R. C. (2013). Cyber security: challenges for society- literature review. Journal of Computer Engineering, 12(2), 67-75.

Brooks, D. (2012). Corporate Security: Using Knowledge Construction to Define a Practicing Body of Knowledge. Asian Journal of Criminology.

Chandramouli, R. (2014). Deployment-Driven Security Configuration for Virtual Networks6th International Conference on Networks & Communications (NETCOM 2014). Chennai, India, December 27th -28th, 1-13.

Cook, D., Waugh, B., Abdipanah, M., Hashemi, O. & Abdul, R. S. (2014). Twitter Deception and Influence: Issues of Identity, Slacktivism, and Puppetry. Journal of Information Warfare, 13(1), 58 – 71.

Federal Communications Commission (FCC). (2013). Privacy and Data Security: Cyber Planning Guide. Federal Communications Commission Report.

Khonji, M., Iraqi, Y., & Jones, A. (2012). Enhancing Phishing E-Mail Classifiers: A Lexical URL Analysis Approach. International Journal for Information Security Research, 2(1/2), 236-245.

Madeleine, H., & Jonathan, W. (2012). The Moral Problem of Risk Impositions: A Survey of the Literature. European Journal of Philosophy, 20(1), E1-E142. 

Murmuria, J., Medsger, A. S., & Voas, J. M. (2012). Mobile Application and Device Power Usage Measurements, 6th IEEE International Conference on Software Security and Reliability (SERE’12). Gaithersburg, Maryland, United States, June 20th -22nd, 147-156.

 Security and Privacy Symposium and Workshops (SPSW). (2015). IEEE Symposium on Security and Privacy. European Security and Privacy Symposium Report.

The Lisbon Seminar (TLS). (2014). Lisbon Seminar on the Digital Citizen: Presented at the 9th International Conference on Legal, Security and Privacy Issues in IT Law. Lisbon, Portugal, Vieira De Almeida and Associados.