In today’s world, security is a vital requirement in the functional and administrational aspects within an organizational structure. Businesses and financial institutions need tight asset management, human resource safety assurance, physical equipment protection and policy protection. In the international computer network or framework, the development of network culmination through the internet has engineered computation and information influx upon the employment of communications technology.
Due to this advancement, many firms have concentrated on large scale storage, processing and information gathering. Internet is therefore perceived by the world as a component affecting the daily life aspects, for it is playing vital roles in performing everyday activities. The multiple functions and massive adoption of the internet or the computer world calls for high and sensitive security signals and procedures that are made to protect business areas dealing with information technology.
The information technology sector therefore needs secure policies, secure software and hardware, secure protocols, secure networks and secure cryptology (Tian, Keep, 2005, p. 14). One of the ways in which security within the information technology can be ensured is through coding and cryptography. Since computers are used for information exchange, the information from different sources should be protected to prohibit illegal access or sharing of information. Initially codification methods and coding were used in military communication and coordination.
When the information is protected, only crypto conversation can take place. Cryptography is the employment of mathematical signs and functions to aid conversion of arts into sciences. The mathematical part is used to define basis of crypt process and the procedural part explaining steps to undertake in accomplishing a military operation. The coding process operates in two ways; the forward and backward processes. The forward process is employed when hiding information whereas the backward process is applied when recovering the information.
People and businesses around the globe are facing difficulties in ensuring security of IT deployment and the associated infrastructure. The internet infrastructure includes hardware such as computers, operating systems and network items such as access points, switches, mobile devices routers and cell phones. The security of these items is not only threatening individual firms but also the whole world. As more discoveries are made in the IT sector the more mechanisms are being employed to pirate the sector.
Due to the value attached by several firms to the information stored in their computers, disclosure of information policy should be adopted. Information should be confined within the system and exposed to the concerned staff only. Therefore it is advisable to ensure both external and internal disclosure does not occur. It is also of vital importance to avoid contamination of information. This can happen when unauthorized persons access information or include unwanted data that may render the kept data useless and invalid.
Unauthorized use of resources within the IT system should not be allowed. Access should be based on responsibilities and professional competence of the user. This prevents loss of integrity, unnecessary modifications and destruction. Operations of an organization are different; according to the information it is entrusted with or exchanged with other organizations. Misuse of resources may compromise the liability of an organization. When resources are misused, unauthorized identities take the opportunity to perform functions that can harm the organization.
Such activities include destruction, corruption, loss, disclosure and removal of important materials (Bradbard, Norris, 1990, p. 42). The prevailing security policies should ensure an authorized information flow. The flow should be controlled in areas of end users and also between the end systems themselves. The emphasis laid upon the information flow is triggered by the high competition that is making several firms use information leakage to overhaul opponent organizations. This flow should ensure a well coordinated repudiation system.
This is a system that limits or denies receipt or transmission of information. This is applied to information that is sensitive to the organization such as instructions for payment or purchasing agreement. To accompany the policy document, computer systems should be maintained in such a way to perform denial of service. This will allow the user to perform the functions according to authoritative and mandates granted by the organization. Any deviance from the authorized access should automatically be denied by the system until specific codes are provided (Andress, 2003, p. 4).
To make the whole process effective, confidentiality that protects relayed data from passive attacks is necessary. It should also protect informational traffic flow in areas of processing such as observation, frequency, length or destination. These are avenues that can be used by attackers to harm the firm. Authentication techniques should be employed to smoothen host, client or server communication without interferences in the connection terminals. Connection oriented integrity should be incorporated to prevent duplication, modification, replay or recording.
In the process of dealing with security in the information technology, data or information should be protected at all levels because where a loophole lies, is the area likely to be used to perform a technological or informational harm either to the hardware or the software. Information secret should be protected during processing, storing, interchanging and flowing of information. This information may be in form of user files, documents, programs or messages (Andress, 2003, p. 29).