With the proliferation of security breaches on even the most secure of networks and storage places, technology is being developed to the fullest extent to secure information to the highest level. This is always a good thing for companies, government institutions, and even private individuals as this ensures that vital and otherwise non-public information is kept sealed and protected. Prying eyes will have less chance and have second thoughts in accessing private records, making up an impressively secure network where information is virtually inaccessible by anyone.
Yet this poses a major setback. These highly secure networks or storages where information is virtually inaccessible can pose serious problems to individuals or entities who are legitimately allowed to access them. Because information is sealed, those who should be able to access them may find it hard to do so, further affecting their functions, both professionally and personally. For example, when a person keys in the wrong set of password to a login system several times, the system may lock out on the account being accessed.
This is the server’s way to ensure that illegitimate accessed is denied. However, if the person is a legal owner of the account and has been locked out because of a forgotten password, this produces a delay on an otherwise expectedly quick and easy transaction. The person then has to go through several screenings by an account agent to retrieve and later replace his password. Only then can he access the account again. In these situations, where does the balance lie and how does it become fully functional for both sides—the owner of information and those in charge of securing it?
Who should be in charge of securing information, and where does legal access begin and end? These are but some of the questions that this paper hopes o answer. There is no absolute security CIOinsight (2005) asserts that security always creates an impressive start—new processes making access to information complex and piled with requirements. At first, there will be passwords. Then, there will be encryption. Security questions may follow. The more processes a user must go through before the information is accessed, it is perceived that the more secure the information will be.
However, a breakdown may occur on this steep climb on security management. As security is being instituted, those who are waiting for access to the private information get the hang of the processes being made to secure the network or storage. In due time, they will be able to make a way to get a glimpse of the elusive information. The fact is there is no foolproof way to secure information absolutely, so that it is in no way accessible yet at the same time usable. Fully sealed information cannot be useful to anyone anymore because nobody can get it.
However, there are ways to prevent illegitimate information use while allowing legitimate information use. This is the core of the balance in securing information. (Computer Security, nd) Assessing and managing risks A recommended way to secure information and still make it useful to those who are allowed to access it is risk management. Noting that even the best of securities may be breached, no comfort should be felt even with the most sophisticated of security frameworks.
When a new security tool is introduced, information owners and those keeping the security of the information should try to work well with it and get the gist of the processes first before moving on to another security feature. This will allow time for monitoring the inevitable loopholes in the current security settings, and see how new settings may complement to these. Owners of information, with the help of people or groups who are knowledgeable with assessing and managing risks, should look at the whole picture of their information and security systems.
This includes assessing the kind of information being kept, the people allowed to access them, the people whoa re not allowed to access them, the logistics of securing the information, and the possibility for legitimate users to get the information. (Management of Risks in Information Systems, nd) It is only with having a thorough knowledge of the information requirements and the security requirements itself that one will be able to get a definite security. However, this is not with saying that doing so will make security of the information foolproof.
This may lessen the probability of access, but may still open risks for unauthorized access of information when there is no proper monitoring. Conclusion It is important for anyone to secure private information. However, as much as one would like to secure information, one would also want to access them. This can give way to security breaches. However, multi-level security processes can help lessen the risks of breach, while still maintaining the accessibility of the information.
A recommended way to do so is for information owners and those in charge of security to know the type of information being stored, and the security risks it may pose. Then, proper security measures may be imposed. Security risks will still be around, making monitoring a pre-requisite. It is only by actual regular and proper check on information access that owners and information keepers will be able to manage the risks related to keeping vital information, while still making use of it.