The human factor in computer security is often the weakest part of any security, be on internet, email or computer system, with human beings (the users) described as the weakest link in the security architecture. Computer systems normally have security system access, whereby people have in most cases unique access details.
Most secure systems are designed to serve human beings in a way and are designed by them and In this essay we look at the question “who should be controlling public ICT Security and how?” looking at the modern events that showed that security is a very powerful tool, and need to be taken serious and be implemented events such as Jeep car –jacking, WikiLeaks and Snowden files amongst others.
some of the human behaviors or the things people do to compromise security of the systems, like Using password that is easy to guess, using broadband without a firewall, disable the firewall, sending passwords and other information via email, responding to phishing requests, Sharing a Computer with teenagers or people who like entertainment, Installing free Software downloaded from untrusted sites, Open emails from strangers and run attachments, fail to update windows and installing plug ins while surfing the internet and Also giving suggestions on what can be done to minimize the risks that are associated with this interaction between users and computers. These shows lack of confidentiality and integrity amongst people in and out of the organizations.
Who should be controlling Public security and how?
Security is the same whether is private or public, human being design technology or systems. They are the threats to technology in which they are the hackers themselves hence they are liable to control security.
“Remote Control is the ability to use a local computer system to remotely take over control of another computer over the network connection” (Stewart, JM. 2014 Fundamentals of Network Security 2nd:Ch.1: Page 3/6) Human beings can also access the organizations systems using the Remote Control, Remote Access and VPN, these are some examples hackers use to access the organizations control. When interacting with computers, the first basic line of defense is the user authentication, where by the person prove who they claim they are, by using user name and passwords. Once you have entered correct user name and password, it is compared to the entries in password registry file, the person is authorized to use the computer. Human beings have a tendency of writing their credentials on a piece of paper on their desk, permitting a person who can be a hacker to get access to those credentials and use them to hack the computer or the server. Once the hacker is able to access one computer system they can access all the system on that Network.
People will not share their bank pin with each other, that is to show how much they protect their assets but they can share their PC passwords, at the same time those passwords are the same as their bank pins, they do not realize that sharing that password is the same as giving their bank pin. Meaning their assets are no longer protected.
As mentioned before if an unauthorized person can access one system they can access the rest of the systems on the network, the person even an organization can lose lots of valuable data.
Security Personnel are also liable in some cases because you find that a person employed in the security department resign and move to other company, and security department does not change passwords of their systems, they do not update their procedures, so everything stays the same not noticing that the person who left the company can be a threat, especially if there are bad vibes between the person and the company.
You may find the person leaving the company is a person who created the system the company is using or the person was involved in the process, remember that this person knows and understand the tendencies of the users, for example users normally would prefer simple passwords like Password01, their names, date of birth of their children because they don’t want to forget the password. This ICT personnel is a danger to the company their leaving unless the department make sure that their processes are updated every month and users knows and understand as to what is their role in controlling security.
“It is an unfortunate reality that many intentional threats originate within the organization. (Harkins, M. 2013 Managing Risk and Information Security: Protect to Enable: Ch.5)
We had this problem where I am working, whereby an ICT personnel left the department to work on another department Operation, nothing was done in changing the administrator password for all the servers. People knew that this person was in ICT department they would ask him now and then to do things for them and he would also do, but unlike when he was in the department this time he would just do something in the file server without following procedures. This caused the file server to be messed up without the any form of control.
This also shows that Security personnel needs to always be up to date with the anti-viruses, firewalls, encryptions, updates and any other tools made to control or keep the systems secured. They need to always be up to date with what hackers are up to, their new tricks so that they ca protect their systems and be few steps ahead of them.
Every person using technology needs to understand the meaning of confidentiality, be it on the social network. They need to understand that you cannot upload everything on the network things that are personal, that the bad people can get hold of and use them to access your most private details.
Management of the company also plays a big role in controlling security, you always hear in the organizations management will do cost cutting in order to safe cost to the company and they will give ICT a target for an example say ICT has to safe total amount of R7 million in a financial year, sometimes this happens because management think ICT does not bring or make any profit, not being aware that ICT Security saves the company many millions. Because in trying to save cost and meeting the set target the ICT department will or might compromise security, leaving the systems completely defenseless. If management can be completely committed and work together with ICT security, by giving ICT security enough budget to secure the company systems, so that they can be updated now and again. By supporting the ICT security in providing training to the people in the organization. If people can have this training, practice it they can even apply it at home when they are using their own PCs and laptops.
People lack knowledge getting the training about security in their organization they will realize as to how important security is. They will now take serious to implement difficult passwords to their own PC or laptops, to their bank account, to their social media and all their personal sessions. Making it an effort for the hackers to access their private accounts rather that making it easy for the hackers.
Security is very important to everyone be it a physical security or logical security. Human beings needs to be aware of this fact and practice safety measures in keeping their assets safe from threat or harm, They need to understand that confidentiality, integrity and availability goes a long way in achieving the standard security the organization need. These measures are passwords and user names, encryptions, firewalls and updates amongst others. People needs to be trained in how to practice security. In this essay we talked about the fact that human beings are the ones designing technology and systems therefore they need to maintain and control security.
All people involved in technology needs to practice these measures, starting with ordinary people, they need to learn not to all anything free they do not know downloading on to their computer, because that is how most viruses or malware get to the organizations systems. IT personnel needs to play their part in making sure that Security measure are up to date and updated all the time, also made sure that employees knows their roles in practicing security.
Management needs to play their role in giving the ICT Security department the support they need in order for them to safe money for the organization in a long run.