What components should be included in a comprehensive security policy related to a bomb threat?

/in /by

Introduction to Security Ninth Edition. DOI: © 2013 Elsevier Inc. All rights reserved.

435 2013

10.1016/B978-0-12-385057-7.00017-8

Save your time - order a paper!

Get your paper written from scratch within the tight deadline. Our service is a reliable solution to all your troubles. Place an order on any task and we will take care of it. You won’t have to worry about the quality and deadlines

Order Paper Now

Computer Technology and Information Security Issues

OBJECTIVES

The study of the chapter will enable you to:

1. Identify various computer products.

2. Discuss possible attacks on computer systems and software.

3. Discuss options for protecting computers and information from fraudulent use and theft.

Introduction Computers and information systems have traditionally been treated as something that the security/loss-prevention director needs to consider as a vulnerability; however, the 21st century has brought about a revolution in security operations. The following discussion on computers and information systems security will focus primarily on the services provided by the traditional roles of security in protecting computers. However, the trend is for security technologies to rely on the very computers that they are designed to protect. For example, information technology has bought closed-circuit television (CCTV), primarily used for surveillance, of age. Technologies like biometrics1 have made possible video monitoring in the areas of facial and physical characteristics recognition, fire and smoke detection, and advanced alarm monitoring. With this growing integration of technology and the security operation, the traditional dichotomy associated with security and information technology often creates problems.

In 1946 the U.S. Army developed ENIAC (Electronic Numerical Integrator and Calculator), the first viable full-scale computer. At that time, computers were mysterious boxes utilized by scientists and thought to be the top-secret weapons of generals. Today, scientific pocket calculators have greater computing power than ENIAC, and most kindergarten kids know how to use a computer2 or some type of handheld personal digital assistant (PDA) computing device, particularly those designed for electronic games. Computers have become an important part of peoples’ lives, becoming an integral part of the way we work, teach, learn, and even play.

In government and business, computers are used to process, store and transmit vast amounts of information. Information processing tasks that used to take days or weeks for workers to compile are handled by today’s computers in mere minutes, translating into greater efficiencies and greater productivity. Moreover, information systems are becoming primary methods of communications. E-mail, instant messaging, voice-over Internet protocol

17

Fischer, R., Halibozek, E., & Walters, D. (2012). Introduction to security. ProQuest Ebook Central <a onclick=window.open(‘http://ebookcentral.proquest.com’,’_blank’) href=’http://ebookcentral.proquest.com’ target=’_blank’ style=’cursor: pointer;’>http://ebookcentral.proquest.com</a> Created from apus on 2020-08-16 13:13:21.

C op

yr ig

ht ©

2 01

2. E

ls ev

ie r

S ci

en ce

& T

ec hn

ol og

y. A

ll rig

ht s

re se

rv ed

.

 

http://dx.doi.org/10.1016/B978-0-12-385057-7.00017-8

 

436 INTRODUCTION TO SECURITY

(essentially using computers and the Internet for voice communications, until recently the exclusive capability of telephones and telephone companies) are common and in many cases essential means of effective and efficient communications. Cellphones, smart phones (e.g.,  iPhone, Blackberry, Android) and laptops, along with tablet computers and electronic book readers, are virtually ubiquitous in today’s society.

The criminal justice sector also relies on computers. Since 1924 the Federal Bureau of Investigation (FBI) has been responsible for keeping the nation’s fingerprint and criminal history records. In 1967 the National Crime Information Center (NCIC) was established. Today the FBI has a computer system they call the Investigative Data Warehouse (IDW), described as one-stop shopping, giving FBI agents, from anywhere in the world, almost instant access to a database containing more than 650 million records. The search capability of this system has been described as an “Uber-Google.”3

In the private sector, banks, insurance agencies, and credit rating agencies also process enormous volumes of computer data. For example, in the early part of this decade it was estimated that TRW Data Systems of California collected, stored, and sold access to information containing the credit histories of more than 90 million Americans. Banks, depart- ment stores, jewelry stores, and credit card companies pay them a subscription fee to access such information on current and potential customers. Today, Choicepoint, acquired by Reed Elsevier in September 2008, is a leading information broker with personal files on more than 220 million people in the United States and Latin America. This data is for sale to government organizations and the private sector.4 Likewise, every major insurance company in America collects and stores information on past, current, and future policyholders.

Telemarketing and mail order professionals similarly buy, sell, and repackage such information like so many tangible products. The countless pieces of junk mail stuffed in Americans’ mailboxes each day attest to the proliferation of such information brokers. Information brokers sell personal data to companies who then target for mail campaigns people who might be interested in their products.

The Dow Jones News/Retrieval Service offers stock market quotations, reports on business and economic forecasts, plus profiles of companies and organizations. The Source not only pro- vides news and stock market indexes but also provides games and other forms of entertainment to its subscribers. Each of these information services is available to anyone with a computer, lap- top, iPad, smart phone or any other type of personal digital assistant (PDA) device.

However, as with all great advances, there is a downside. Computer technology is changing so fast that equipment and software are often outdated before or as soon as it is installed, having a negative impact on the profit margin of the company. This is especially true for microcomputers.5

Of greater importance for the security professional are the criminal activities associated with the misuse of computers and the technology supported by them. Early in the 21st century, one of the fastest growing problems in this arena is identify theft. Problems that did not exist 25 years ago are commonplace today. For example, 25 years ago, few people had any fear of computer viruses. Today several major firms are in the business of protecting not only company computers, but also the computers used at home, from destructive viruses.

Fischer, R., Halibozek, E., & Walters, D. (2012). Introduction to security. ProQuest Ebook Central <a onclick=window.open(‘http://ebookcentral.proquest.com’,’_blank’) href=’http://ebookcentral.proquest.com’ target=’_blank’ style=’cursor: pointer;’>http://ebookcentral.proquest.com</a> Created from apus on 2020-08-16 13:13:21.

C op

yr ig

ht ©

2 01

2. E

ls ev

ie r

S ci

en ce

& T

ec hn

ol og

y. A

ll rig

ht s

re se

rv ed

.

 

 

Chapter 17 l Computer Technology and Information Security Issues 437

CSO, CISO and CIO Interactions Information and information systems have become so critical to the efficient operation of business and government that organizations have in place senior executives to direct strate- gic and tactical operations associated with the creation, processing, transmission, storage and protection of information. Virtually all major corporations and government organizations have in place chief information officers (CIO) and chief information security officers (CISO). These executives either hold a seat in the C-suite (a term used to refer to corporate and organiza- tional positions of the chief executive level for a particular function, most commonly the chief executive officer (CEO), chief financial officer (CFO), chief technology officer (CTO) and in the security profession, the chief security officer (CSO)) or directly report to someone with “chief ” responsibilities.

The CIO and CISO work closely with the CSO and in most organizations have distinctively separate responsibilities. Where the CIO is responsible for the delivery of information services capabilities to the company, its workforce and other stakeholders, the CISO is responsible for the security of those information systems and the information contained within. In more  traditional companies, the CSO is responsible for determining the sensitivity of information and is responsible for the protection of information when it is not residing within information systems. More specifically, CSOs have been, and often still are, responsi- ble for the protection of information when it is in forms other than electronic. For example, much information exists in the form of documents. These documents, when containing pages of sensitive information, require protection. This protection usually is accomplished with more traditional security methods such as locked containers, files and safes kept in secure or protected company areas where unauthorized persons are not allowed physical access. These traditional security methods help prevent compromise or theft of sensitive company or organi- zation information. In some companies and organizations the CISO duties are assigned to the CSO; however, it is more common to see them separated or to see a CISO reporting to a CSO.

Furthermore, CSOs are often charged with the responsibility of working with the creators of information and intellectual property attorneys to determine and assign some level of sensitivity to information. Information has different degrees of value and sensitivity. Some information is routine business information with no particular sensitivity or value while other information may contain trade secrets or strategic data that possess high value to the organi- zation and perhaps even provide the organization with a unique competitive advantage. To properly protect sensitive information it is essential to be able to identify that information that is truly sensitive and separate it from less valuable information, by virtue of a physical separa- tion or a process of uniquely identifying (marking) that sensitive information so it is clear to the possessor just how sensitive that information is. Moreover, the CSO is generally charged with developing procedures for protecting information determined to be sensitive when not contained within information systems and with ensuring the workforce understands how to protect sensitive information.

Essentially, the CIO, CSIO and CSO are collectively responsible for protecting the confiden- tiality, integrity and availability of all company or organization information. Confidentiality

Fischer, R., Halibozek, E., & Walters, D. (2012). Introduction to security. ProQuest Ebook Central <a onclick=window.open(‘http://ebookcentral.proquest.com’,’_blank’) href=’http://ebookcentral.proquest.com’ target=’_blank’ style=’cursor: pointer;’>http://ebookcentral.proquest.com</a> Created from apus on 2020-08-16 13:13:21.

C op

yr ig

ht ©

2 01

2. E

ls ev

ie r

S ci

en ce

& T

ec hn

ol og

y. A

ll rig

ht s

re se

rv ed

.