Overview of Information and Network Security

Question:

Discuss about the Assessment Of Information And Network Security Of Info Safe Pvt Ltd.

This report is a compilation of the assessment of information and network security applications as the Research and Technology assistant to the Information and Communication Technology Manager at Info Safe Pvt. Ltd. This report comprises of a brief overview of information and network security, and the latest developments in this field of technology. An evaluation of various applications that are used for network security in various industries located all over the world is done for this. This report also comprises of an analysis of three such security applications that are currently available in the market and their applications within and outside the Australian Information Technology industry. Info Safe Pvt. Ltd. is a four years old organisation that specializes in the information and network security domain (Siemens, 2014). They work for the development and customization of the applications that provide the services and serve their clients that are located in various cities in the Australian mainland. The primary clients for this organisation are small and medium sized enterprises (SME) and they operate by undertaking projects that help in the development of in house software or in the customization of software that are purchased off the shelf with their vendors. Post their four years of successful operations in this field Info Safe is now planning to expand and diversify into serving the organisations that operate in both online and offline mode. For doing this, the organisation needs to provide online security to these organisations by ensuring the security of their web portals and database available online. As suggested by the Business Development Manager of Info Safe, the potential clients for this diversification of includes some hospitality and pharmaceutical industries along with online gambling organisations. However, the provisioning of information and network security services to some of these organisations may involve ethical dilemmas as these organisations may engage in some activities that are not socially acceptable by all. Info Safe should now decide between operating purely for financial gains or think about sustainable growth, taking into consideration the society and the environmental perspective. This report is an investigation into this ethical dilemma for Info Safe and an overview of the various services that are provided by them (Douligeris & Serpanos, 2007).

This section of the report conveys to the reader the basics of information and network security, and their fundamentals. This will help the readers in gaining an understanding of the subject of information and network security, and also provide the necessary information regarding the applications and software that are used by Info Safe Private Limited for providing these services to their clients. This section also analyses and evaluates the effectiveness of each of these applications to understand their pros and cons for both the provider as well as the receiver of the services (ETSI, 2014).

Evaluation of Information and Network Security Applications

The prevention, detection, documentation and handling of the threats that are posed to the digital and non digital information of an organisation is known as information security. Information security involves the formation of strategies for the above purposes, and the protection of organisational information whether it is stored, or in transit. The primary objectives of network security are defined with the CIA triad, with the acronym standing for confidentiality, integrity and availability (Bauer, 2008). The system designed for an organisation for the protection of their network infrastructure is known as network security. Network security prevents the unauthorized access, modification and misuse of a secure network. The provision of network security services for an organisation comprises of forming a multiple layer defence for the protection of the organisational network. Each layer extends a control over the access to the network and blocks the malicious actors from exploiting and threatening the security to this network. The advent of Information Technology and digitization has transformed our entire way of life. All our professional and personal aspects of life have been affected by digitization and the world has become increasingly connected in all forms. However, with the added connectivity, the threat to the information and the network enabling these connections has also increased exponentially. Therefore, there is an increasing need of application of network security in order to protect and prevent the misuse of these networks and the information (Eloff & Nel, 2017).

The organisational network and information systems are carrying all the data related to their operations to an extent that was inconceivable a few years back. Although this has enabled the business processes and made it easier for them to access the data at any point, from anywhere, this has also increased the threat to their network and information systems to a great extent. Therefore, network security has become a top priority for the organisations and has become an important factor in their development and long term sustainability. Firewalls are the most basic form of network security software. However, there are a number of Unified Threat Management (UTM) software that have been developed, that provide complete security from virus, spyware, intrusions and spam to the organisations. The most popular software that offer unified threat management services are mentioned below:

• Sonicwall by Dell
• Norton Security by Symantec
• Kaspersky Endpoint Security by Kaspersky Lab

Sonicwall is an offering by Dell Labs which provides complete cloud and web security services and online support for network security, while helping in sustaining the performance of the organisation and simplifying the management processes of the same. It is a robust network security system having centralized control, and it provides protection to the organisation against all emerging threats to their information and network. It is also one of the most advanced solutions for network security that works towards providing control against data leakage, restricted file sharing and access control to the applications of the organisation. It also helps in the management of the bandwidth and its control as per the organizational requirements. Norton security is an offering of Symantec which provides centralized management of the organisational policies with customizable protection on an enterprise wide basis. It thoroughly scans the organisational system and network and efficiently works towards the monitoring and improvement of the organizational performance through it. The Kaspersky Endpoint Security helps in extending security to the organizations form malicious programs including viruses, hacker attacks, spam, worms and various other intrusion attacks. It protects the organizational security and network against vulnerabilities and constantly keeps the systems updated against the latest security threats.

Advantages and Disadvantages of Network Security Applications

Sonicwall is a fairly easy to use and pervasive network security software which helps in providing a complete network security solution to the organizations. It detects malware and recognizes any probable threats to the security of the organizational network and information. Norton security is an offering of Symantec which provides centralized management of the organisational policies with customizable protection on an enterprise wide basis. The Kaspersky Endpoint Security helps in extending security to the organizations form malicious programs including viruses, hacker attacks, spam, worms and various other intrusion attacks (Cyberspace, 2014). It protects the organizational security and network against vulnerabilities and constantly keeps the systems updated against the latest security threats. The advantages of setting up network security applications, either in house, or customized from off the shelf software are numerous. They help in the protection of the organisational data and help in keeping a check on any unauthorized access to this. Any organisation network contains confidential information related to their clients and the organisational processes. Any person who is not authorized to access this data, can take advantage of this, by getting their hands on the sensitive information related to the organisation (Services, 2016). Network security tools also prevent the organisations from cyber attacks and hackers by providing the complete security solution to the information and the network of the organisation. However, there are also a few disadvantages of setting up these softwares for network security of the organizations. Some of these are discussed here. The setting up of these software can prove to be expensive for the organisation and their purchase and customization can become increasingly expensive for organisations having small organizational networks. The installation of this software is time consuming and most of these provide multiple authentication levels for logging in into the system which can get tedious for the employees. This software most of the time require passwords to be unique, constituting of a combination of special characters, alphabets, and numeric characters. Keeping a track of all these passwords can also be difficult for the employees. Additional application of these tools in the organisational network will require additional hiring of technicians who need to continuously provide support for these software. A network administrator needs to be present in the organisation all the time in order to ensure that the working of the organisational network and the network security tools is smooth. The training of these administrators and IT technicians can also prove to be expensive for the organisation (Idris & Kassim, 2010). While the installation of the software is automated, people overseeing this can cause creeping in of human error in the security system which can provide loopholes in the network security system. Any Insider or person having knowledge of the IT systems can take advantage of these.

Info Safe provides network security solutions by developing applications for information and network security by themselves and also by customizing the off the shelf software that are present in the market. Presently serving a number of clients located in all the major cities of Australia as small and medium enterprises, Info Safe is working towards the expansion of their business by additionally planning on providing services to the organisations that also have an online presence. Online security is much more complex and multi dimensional than the offline information security, as there is greater risk involved with the online applications and threats. The Business Development Manager has suggested the expansion of business by serving  organisations from the hospitality industry and online gambling organisations, and fulfilling their network security needs. As a part of the information communication and technology team, the organisation is suggested to go ahead with this expansion and venture into this new line of business while ensuring that this does not involve any unethical practice. The following section presents the plan of expansion of the services of Info Safe Ltd. for the next five years (Systems, 2000).

As the organisation Info Safe plans to expand their client base, and their operations, it is important that they do not just focus on the financial gains and instead work towards sustainability and think about the social and environmental impact on the industry as well. Any negligence on the end of the administrator can negatively affect the entire network performance of the organisation, which can cause interruption in the organisational performance. There have been multiple instances of employees trying to sabotage the image of an organisation or attempting to sell the organizational data or information of an organisation once they have left the organisation, or are expelled. The administrators need to therefore take immediate action in case of termination of the employees by restricting their access to all the organisational data and network.

The organisations working towards IT security of their clients can gain access to the confidential data that belongs to the organisation and also some privileged information about both, the organisation as well as the individuals working for them. This power can sometimes be abused by the security personnel either deliberately or inadvertently. There is no standardized training available to be provided to the security personnel in order to keep them away from indulging in these activities. However, these organisations and the professionals working in with them are increasingly being provided the knowledge to address these ethical dilemmas and the complex side of their job. The training as well as education of the professionals working in the IT industry only focuses on the knowledge and understanding of the technical skills. There is little consideration given to the possibility to misuse this knowledge and most of these professionals do not even realize how their jobs can involve possible ethical issues (Cisco, 2008). Most of the ethical issues that these IT professionals face are due to the involvement of privacy of the organisation, their clients, and their employee information. There are certain legal issues associated with their profession as well, which are different from the ethical issues. While an organisation providing network security to their client may have the legal right to monitor all the processes and functions, it might not be ethically right to do so without the client consent.

Conclusion

This report comprises of a brief overview of information and network security, and the latest developments in this field of technology. An evaluation of various applications that are used for network security in various industries located all over the world is done for this. This report also comprises of an analysis of three such security applications that are currently available in the market and their applications within and outside the Australian Information Technology industry. Info Safe Pvt. Ltd. is a four years old organisation that specializes in the information and network security domain. They work for the development and customization of the applications that provide the services and serve their clients that are located in various cities in the Australian mainland. The ethical dilemma that the organization is facing has been addressed and the suggestions and recommendations for the same have been provided for Info Safe Pvt. Ltd.

The advent of Information Technology and digitization has transformed our entire way of life. All our professional and personal aspects of life have been affected by digitization and the world has become increasingly connected in all forms. However, with the added connectivity, the threat to the information and the network enabling these connections has also increased exponentially. As a provider of network and information security, it is necessary that the organisation maintains confidentiality of all the data of their clients by centrally storing it and retrieving it effortlessly. By serving organisations such as online gambling organizations Info Safe should maintain professionalism and serve them only providing them the data security services without indulging in any other plan of business. In order to expand their business, Info Safe must enlarge their client base and start serving them by offering more in house services like firewall, accounting software assistance and enterprise resource planning. The administrator of a network has the responsibility to manage the network and control it. Therefore, he also has the power to restrict the employees from gaining access to certain data and allow or deny the employees of the client organisation the permission on the basis of their place in the organisational hierarchy and specialisation.

References

Bauer, M. (2008). ITU Study on the Financial Aspects of Network Security: Malware and Spam. ITU. Retrieved from https://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-study-financial-aspects-of-malware-and-spam.pdf

Cisco. (2008). Network Security Baseline. Retrieved from https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/securebasebook.pdf

Cyberspace, C. i. (2014). Best Practices for Keeping Your Home Network Secure. Retrieved from https://dodcio.defense.gov/Portals/0/Documents/Cyber/Slicksheet_BestPracticesForKeepingYourHomeNetworkSecure_Web_update.pdf

Douligeris, C., & Serpanos, D. (2007). Network Security: Current Status and Future Directions. John Wiley & Sons. Retrieved from https://books.google.co.in/books?id=dHys9OXMFMIC&pg=PA311&lpg=PA311&dq=netwrok+securtiy+pdf&source=bl&ots=H-MTENJsrH&sig=8XnoiZL3T3T1MIWJ8y8MsiS1q6Y&hl=en&sa=X&ved=0ahUKEwiu2Nq71NzWAhWMNY8KHXw8BQMQ6AEIRTAG#v=onepage&q=netwrok%20securtiy%20pdf&f=false

Eloff, J., & Nel, A. (2017). A Methodology for Network Security. Retrieved from ieeexplore.ieee.org: https://ieeexplore.ieee.org/document/639804/?reload=true

ETSI. (2014). Network Functions Virtualisation (NFV); NFV Security; Security and Trust Guidance. Retrieved from https://www.etsi.org/deliver/etsi_gs/NFV-SEC/001_099/003/01.01.01_60/gs_NFV-SEC003v010101p.pdf

Idris, N., & Kassim, M. (2010). Wireless Local Area Network (LAN) Security Guideline. Retrieved from https://www.cybersecurity.my/data/content_files/11/649.pdf

Services, A. (2016). Overview of AWS Security – Network Security. Retrieved from https://d0.awsstatic.com/whitepapers/Security/Networking_Security_Whitepaper.pdf

Siemens. (2014). Network security: industrial security. Retrieved from https://www.siemens.com/digitalization/public/pdf/brochure_network-security_en.pdf

Systems, C. (2000). Network Security: ISOC NTW 2000. Retrieved from https://www.potaroo.net/t4/pdf/security.pdf