Contents

Introduction ..

2-3

What is Information Technology security .

3-5

Goals of IT security ..

Integrity .
Confidentiality
Availability .
Non-repudiation ..
Authentication .

5
5
5
5
5

Issues/Consideration of IT
Technical Issues of IT Security ..
Individual Victimization and Damages .
Future Developments ..
Cultural, Sociological, and Political Implications and Control Issues
Insider threat isn't going away .
Cyber attacks, including government-sponsored, continue; education and standards
prioritized ..
Enterprises deploy faster response and recovery solutions ..
'Social' the new frontier for cyber crime
DDoS attacks get even bigger but Botnets stick around
Email is the primary mode of communication ...
Online searches are essential ..
The occasional breach is unavoidable
Prevent Computer Hacking on an Organization .
Social media a hackers favorite target ...

6-14
6
7
7
8
8
8
9
9
10
10
11
11
12
13

Potential Impact

14-16

Beneficial or Positive Impact of IT security in our Society ..

Harmful or Negative Impact of Computer in Our Society
Effects on Technology Organizations
The Impact of the IT on our daily life
Conclusion .

14
15
15
15
16-17

References ..

18

Introduction
1

Security is a basic human concept that has become more difficult to define and enforce in the
Information Age. In primitive societies, security was limited to ensuring the safety of the group's
members and protecting physical resources, like food and water. As society has grown more
complex, the significance of sharing and securing the important resource of information has
increased. Before the proliferation of modern communications, information security was limited
to controlling physical access to oral or written communications. The importance of information
security led societies to develop innovative ways of protecting their information. For example,
the Roman Empire's military wrote sensitive messages on parchments that could be dissolved in
water after they had been read. Military history provides another more recent example of the
importance of information security. Decades after World War II ended, it was revealed that the
Allies had gained an enormous advantage by deciphering both the German and Japanese
encryption codes early in the conflict. Recent innovations in information technology, like the
Internet, have made it possible to send vast quantities of data across the globe with ease.
However, the challenge of controlling and protecting that information has grown exponentially
now that data can be easily transmitted, stored, copied, manipulated, and destroyed.

Within a large organization information technology generally refers to laptop and desktop
computers, servers, routers, and switches that form a computer network, although information
technology also includes fax machines, phone and voice mail systems, cellular phones, and other
electronic systems. A growing reliance on computers to work and communicate has made the
control of computer networks an important part of information security. Unauthorized access to
paper documents or phone conversations is still an information security concern, but the real
challenge has become protecting the security of computer networks, especially when they are
connected to the Internet. Most large organizations have their own local computer network, or
intranet, that links their computers together to share resources and support the communications
of employees and others with a legitimate need for access. Almost all of these networks are
connected to the Internet and allow employees to go "online."

Information technology security is controlling access to sensitive electronic information so only

those with a legitimate need to access it are allowed to do so. This seemingly simple task has
become a very complex process with systems that need to be continually updated and processes
that need to constantly be reviewed. There are three main objectives for information technology
security: confidentiality, integrity, and availability of data. Confidentiality is protecting access to
sensitive data from those who don't have a legitimate need to use it. Integrity is ensuring that
information is accurate and reliable and cannot be modified in unexpected ways. The availability
of data ensures that is readily available to those who need to use it (Feinman et. al., 1999).

Information technology security is often the challenge of balancing the demands of users versus
the need for data confidentiality and integrity. For example, allowing employees to access a
network from a remote location, like their home or a project site, can increase the value of the
network and efficiency of the employee. Unfortunately, remote access to a network also opens a
number of vulnerabilities and creates difficult security challenges for a network administrator.
It is worthwhile to note that a computer does not necessarily mean a home desktop. A computer
is any device with a processor and some memory. Such devices can range from non-networked
standalone devices as simple as calculators, to networked mobile computing devices such as
smartphones and tablet computers. IT security specialists are almost always found in any major
enterprise/establishment due to the nature and value of the data within larger businesses. They
are responsible for keeping all of the technology within the company secure from malicious
cyber attacks that often attempt to breach into critical private information or gain control of the
internal systems.

What is Information Technology Security?

IT security Sometimes referred to as computer security.
Information Technology security is information security applied to technology (most
often some form of computer system).
In broadly, IT Security is the process of implementing measures and systems designed to
securely protect and safeguard information (business and personal data, voice
conversations, still images, motion pictures, multimedia presentations, including those
not yet conceived) utilizing various forms of technology developed to create, store, use
and exchange such information against any unauthorized access, misuse, malfunction,
modification, destruction, or improper disclosure, thereby preserving the value,
confidentiality, integrity, availability, intended use and its ability to perform their
permitted critical functions.
Information Security is composed of computer security and communication security.
The U.S. National Information Systems Security Glossary defines "Information Systems
Security" as the protection of information systems against unauthorized access to or
modification of information, whether in storage, processing or transit, and against the
denial of service to authorized users or the provision of service to unauthorized users,
including those measures necessary to detect, document, and counter such threats.
Information security, sometimes shortened to InfoSec, is the practice of defending
information from unauthorized access, use, disclosure, disruption, modification, perusal,
inspection, recording or destruction.
It is the preservation of confidentiality, integrity and availability of information.In
addition, other properties, such as authenticity, accountability, non-repudiation and
reliability can also be involved.

 The protection of information and information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction in order to provide confidentiality,
integrity, and availability.
Ensures that only authorized users (confidentiality) have access to accurate and complete
information (integrity) when required (availability).
IT Security is the process of protecting the intellectual property of an organisation.
IT security is a risk management discipline, whose job is to manage the cost of
information risk to the business.
A well-informed sense of assurance that information risks and controls are in balance.
IT security is the protection of information and minimises the risk of exposing
information to unauthorised parties.
IT Security is a multidisciplinary area of study and professional activity which is
concerned with the development and implementation of security mechanisms of all
available types (technical, organisational, human-oriented and legal) in order to keep
information in all its locations (within and outside the organisation's perimeter) and,
consequently, information systems, where information is created, processed, stored,
transmitted and destroyed, free from threats.
Information security (infosec) is the set of business processes that protects information
assets regardless of how the information is formatted or whether it is being processed, is
in transit or is being stored.
Information security (IS) is designed to protect the confidentiality, integrity and
availability of computer system data from those with malicious intentions.
Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of
information security. This triad has evolved into what is commonly termed the Parkerian
hexad, which includes confidentiality, possession (or control), integrity, authenticity,
availability and utility.
IT security is Safe-guarding an organization's data from unauthorized access or
modification to ensure its availability, confidentiality, and integrity.
IT security also known as cybersecurity or coputer security, is the protection of
information systems from theft or damage to the hardware, the software, and to the
information on them, as well as from disruption or misdirection of the services they
provide.
This is the processing of It includes controlling physical access to the hardware, as well
as protecting against harm that may come via network access, data and code injection,[2]
and due to malpractice by operators, whether intentional, accidental, or due to them being
tricked into deviating from secure procedures.
It also refers to protection of data, networks and computing power. The protection of data
(information security) is the most important. The protection of networks is important to
prevent loss of server resources as well as to protect the network from being used for
illegal purposes. The protection of computing power is relevant only to expensive
machines such as large supercomputers.
4

 Computer security is the process of preventing and detecting unauthorized use of your
computer. Prevention measures help you to stop unauthorized users (also known as
"intruders") from accessing any part of your computer system.
To prevent theft of or damage to the hardware
To prevent theft of or damage to the information
To prevent disruption of service
To prevent crackers from accessing a computer system, computer security individuals
need to block noncritical incoming ports on the firewalls. Moreover, the ports remaining
open need to be protected by patching the services utilizing those portsemail, Web
services, and FTP.

Goals of IT security

Information systems are generally defined by all of a company's data and the material and
software resources that allow a company to store and circulate this data. Information systems are
essential to companies and must be protected.
IT security generally consists in ensuring that an organization's material and software resources
are used only for their intended purposes.
IT security generally is comprised of five main goals:

Integrity: guaranteeing that the data are those that they are believed to be
Confidentiality: ensuring that only authorized individuals have access to the resources
being exchanged

Availability: guaranteeing the information system's proper operation

Non-repudiation: guaranteeing that an operation cannot be denied

Authentication: ensuring that only authorized individuals have access to the resources

Issues/Considerations
Technical Issues of IT Security

IT systems no longer serve the sole purpose of stabilizing a working environment. Instead,
they have become the very backbone of society. Vulnerable systems therefore pose a risk to
individuals, companies, and all kinds of modern infrastructure. The first section aims to
identify current risk patterns to IT systems, especially from a technical point of view.

Individual Victimization and Damages

The impact of cybercrime remains one of the unsolved questions of IT security. Often,
individuals are not even aware that they are victims of computer crime. Even if the
victimization is perceived, many businesses do not make reports to outside organizations,
either because they fear setbacks vis--vis their competitors or because they do not know to
whom to report. In other cases, the possible gain does not seem to be worth the effort. The
aim of the second section is to highlight questions regarding the extent of victimization.

Future Developments

While botnets and phishing scams are already well-known forms of computer criminality (at
least to experts), future threats still remain to be evaluated. The third section of the
conference highlights possible developments and implications.

Cultural, Sociological, and Political Implications and Control Issues

The phenomena of cybercrime highlight various aspects of the medium Internet," some of
which can be described as dualisms, for example, use vs. abuse, control vs. freedom,
co-evolution of security measures and malware. The unique possibilities of the Internet and
the ubiquity of digital media open many different (legal, illegal, and grey) possibilities.
Society has to cope with those challenges. Furthermore, a successful fight against computer
crime and its repercussions can only be fought if the underlying aspects (e.g., phenomena,
extent, and possible future threats) are known, and a successful fight can only take place on
an international scale since individual actions undertaken at the national level are doomed to
failure from the very beginning. The fourth section will cover current and developing
measures against computer crime.

Insider threat isn't going away

Companies should know who they are giving their data to and how it is being protected," said
Tim Ryan, managing director and cyber investigations practice leader at US-based risk
mitigation and response firm Kroll. "This requires technical, procedural and legal reviews.
There are many threats for the IT. That are increasing day by day. For those, IT security is
more important.

Cyber attacks, including government-sponsored, continue; education and standards

prioritized

As states compete to become credible world players we can expect to see further
announcements by various states regarding their offensive and defensive strategies. Cyber is
the new battlefield, and the fifth element of warfare. As such, it's likely that future conflicts
will involve cyber battles and because of this, states will be - and already are - pouring a
huge range of resources into developing defence and offence capabilities for cyber war. For
protecting cyber war we have to ensure IT security.

Enterprises deploy faster response and recovery solutions

"We've seen a dramatic improvement in response technology over the last year," says Ryan.
"Companies have never had a better opportunity to enhance their existing protocols with a
methodology that can mean an informed and timely response." "Companies will gain a better
understanding of their actual breach risks, how the breach could actually affect their
customers, and the best way to remedy those specific risks and provide better protection to
affected customers," he adds.
'Social' the new frontier for cyber crime
Cyber criminals will increasingly attack social platforms in 2014. We predict many of the
cyber crime tactics that are successful when targeting social networking users will be applied
in new, innovative ways within professional social networks, reads a forecast report from
Websense. Indeed, other studies suggest that the frequency of cyber attacks will be so
9

common that consumers will face data breach fatigue, meaning they'll be less likely to
protect themselves.

DDoS attacks get even bigger but Botnets stick around

Distributed denial of service (DDoS) attacks were a big deal in 2013 and could be even more
prominent in 2014 NASDAQ temporarily went down as a result of an attack in August,
while Dutch web hosting company CyberBunker caused a global disruption of the World
Wide Web with a massive DDoS attack of its own.

Ensuring that your information remains confidential and only those who should access
that information, can.
Making sure that your information is available when you need it (by making back-up
copies and, if appropriate, storing the back-up copies off-site).
Email is the primary mode of communication

Email serves the same purpose at most organizations that phone calls and corporate memos
did in the 1990s. Because there is proprietary information being passed back and forth, each
organization assumes the responsibility of ensuring every email account is secure. Security
specialists may be asked to help onboard the system, and then protect the organization from
potential risks as they arise. In the event that an employees email is breached, its up to the
specialist to identify and eradicate the problem. Once thats done, the next priority
becomes ensuring that all the other in-house accounts remain secure from that threat as well.

Risk Management

10

Online searches are essential

Employees at many organizations are required to do some online searches. The problem is
that the more searches that are done, the higher the risk that an individual might click on a
contaminated link. Within minutes the entire computer could be infected. Network
specialists are trained to set up firewalls that can either warn users of a potential threat before
allowing them to access a page, or forbid them from accessing any unsecure pages altogether.
This minimizes the organizations exposure and forces every user to think twice before
clicking.

The occasional breach is unavoidable

The larger the organization, the more common it is for a simple virus to infect the system.
Network specialists are there to put out the fire when it does occur, and theyre essential to
the organization in that manner. Depending on the specialists role, this may mean accepting
the occasional independent contract, or it may mean working for an employer full-time. The
most important duty for a full-time specialist is to keep an eye out for emerging threats
before they arise. Lost or breached information can represent a major expense, and the more
vigilant a networking specialist, the less exposed any organization will be.

Vulnerability is a point where a system is susceptible to attack.

A threat is a possible danger to the system. The danger might be a person (a system
cracker or a spy), a thing (a faulty piece of equipment), or an event (a fire or a flood) that
might exploit a vulnerability of the system.

Countermeasures are techniques for protecting your system

11

Prevent Computer Hacking on an Organization

Interconnected Costs : According to an article published by the BBC, computer hacking

cost companies in the United Kingdom billions of pounds in 2004. In their paper "The
Economics of Computer Hacking," economists Peter Leeson and Christopher Coyne
write that computer viruses created by hackers cost businesses $55 billion in 2003. In
2011, a single instance of hacking on the Play Station cost Sony more than $170 million,
while Google lost $500,000 due to hacking in 2005. According to Richard Power,
editorial director of the Computer Security Institute, single instances of hacking may cost
as much as $600,000 to $7m a day for online businesses in 2011, depending upon the
revenue of the operation.

In addition the monetary cost arisen from computer hacking, instances of hacking costs
organizations considerable amounts of employee time, resulting in the loss of yet more money.
While large businesses possess the financial framework to absorb such costs, the loss of revenue
and employee time may prove markedly detrimental to small organizations.

12

Information : Computer hacking often revolves around information. Organizations steal

information such as research, business strategies, financial reports and more from one
another through hacking operations. Digitized client databases also fall victim to hacking,
with hackers stealing names, addresses, emails and even financial information from
organizations. Such a loss of information to a small business may cost a competitive edge
or the complete loss of a client base, effectively ruining the organization. On the opposite
end of the spectrum, a business participating in computer hacking may gain a wealth of
information providing a competitive edge and access to new client bases through the act.
Personal or political information gained through computer hacking can serve as leverage
in business or political dealings.
Organizational Structure : The structure of organizations previously hacked, at risk for
hacking or with extensive digital networks requiring protection from hacking often
reflects the threat of hacking. Businesses in such a position employ extensive information
technology (IT) teams, which work constantly on creating, updating, developing and
improving computer networks and safety to prevent or deter hackers from accessing
information. Small businesses with limited budgets may face radical reorganization to
cope with such efforts, while new businesses anticipating such preventative measures
must work them into the initial business plan.

Social media a hackers favorite target

Like-jacking: occurs when criminals post fake Facebook like buttons to

webpages. Users who click the button dont like the page, but instead download
malware.
Link-jacking: this is a practice used to redirect one websites links to another
which hackers use to redirect users from trusted websites to malware infected
websites that hide drive-by downloads or other types of infections.
13

Phishing: the attempt to acquire sensitive information such as usernames,

passwords, and credit card details (and sometimes, indirectly, money) by
disguising itself as a trustworthy entity in a Facebook message or Tweet.
Social spam: is unwanted spam content appearing on social networks and any
website with user-generated content (comments, chat, etc.). It can appear in many
forms, including bulk messages, profanity, insults, hate speech, malicious links,
fraudulent reviews, fake friends, and personally identifiable information.

Potential Impact
Beneficial or Positive Impact of IT security in our Society

Any professional individual like doctors, engineers, businessmen etc. undergo a change in their
style or working pattern after they get the knowledge of computer.
An individual becomes more competent to take a decisions due to the computer because all the
information required to take the decision is provided by the computer on time. As a result, any
individuals or institutions get success very fast.
The person working at the managerial level becomes less dependent on low level staff like clerks
and accountants. Their accessibility to the information increases tremendously. This improves
their working patters and efficiency, which benefit the organization and ultimately affects the
society positively.
In common life also, an individual gets benefited with computer technology. When airports,
hospitals, banks, departmental stores have been computerized, people get quick service due to
the computer system.
Computers have created new fields of employment. These employments are in the field of
designing, manufacturing, teaching, etc.

Harmful or Negative Impact of Computer in Our Society

Due to any reasons, if the data stored in the computer is lost, the person responsible for handling
the computer will have to tolerate a lot.
14

People do not use their mind for common arithmetic, which gradually results in loss of their
numerical ability.
Today, any person who does not have the knowledge of computer is considered the second class
citizens.
People have fear that growing children may lose their common sense abilities like numerical
ability due to total dependence on computers.
Due to the computerization workload for the employees reduces many times. As a result, many
organization may require to remove some of its employees. It produces the dissatisfaction and
lack of security among the employees. Due to this, employees do not corporate the organization.
As a result, the output can be disastrous.
As a result of introduction of new technology in an organization, the organization may need to
spend a tremendous amount on the training of its employees.

Effects on Technology Organizations

Organizations in the computer and technology industry may benefit or lose drastically from
instances of computer hacking. Independent firms specializing in hacking prevention software or
network development stand to benefit tremendously as the impact of hacking spreads throughout
the world. Small businesses in particular may expand operations exponentially if successful in
obtaining and retaining a client base. However, a company in this field whose product or efforts
fail in the face of hacking face a ruined reputation and thereby the potential loss of a client base
and an inability to attract additional clients.
The Impact of the IT on our daily life
There is a big influence of technique on our daily life. Electronic devices, multimedia and
computers are things we have to deal with everyday.
Especially the Internet is becoming more and more important for nearly everybody as it is one of
the newest and most forward-looking media and surely the medium of the future.
Therefore we thought that it would be necessary to think about some good and bad aspects of
how this medium influences us, what impacts it has on our social behaviour and what the future
will look like.

Secure web browsing

Secure Data
Secure personal information
15

Conclusion
As Internet use is developing, more and more companies are opening their information system to
their partners and suppliers. Therefore, it is essential to know which of the company's resources
need protecting and to control system access and the user rights of the information system. The
same is true when opening company access on the Internet.
Moreover, because of today's increasingly nomadic lifestyle, which allows employees to connect
to information systems from virtually anywhere, employees are required to carry a part of the
information system outside of the company's secure infrastructure. The security policy is all of
the security rules that an organization (in the general sense of the word) follows. Therefore, it
must be defined by the management of the organization in question because it affects all the
system's users.

In this respect, it is not the job of the IT adminstrators to define user access rights but rather that
of their superiors. An IT administrator's role is to ensure that IT resources and the access rights to
these resources are in line with the security policy defined by the organization.Moreover, given
that he or she is the only person who masters the system, he or she must give security
information to the management, advise the decision makers on the strategies to be implemented,
and be the entry point for communications intended for users about problems and security
recommendations. IT security specialists are almost always found in any major
enterprise/establishment due to the nature and value of the data within larger businesses. They
are responsible for keeping all of the technology within the company secure from malicious
cyber attacks that often attempt to breach into critical private information or gain control of the
internal systems. Within a large organization information technology generally refers to laptop
and desktop computers, servers, routers, and switches that form a computer network, although
information technology also includes fax machines, phone and voice mail systems, cellular
phones, and other electronic systems. A growing reliance on computers to work and
communicate has made the control of computer networks an important part of information
security. Unauthorized access to paper documents or phone conversations is still an information
technology security concern, but the real challenge has become protecting the security of
computer networks, especially when they are connected to the Internet. Most large organizations
have their own local computer network, or intranet, that links their computers together to share
resources and support the communications of employees and others with a legitimate need for
access. Almost all of these networks are connected to the Internet and allow employees to go
"online."
Information technology security is controlling access to sensitive electronic information so only
those with a legitimate need to access it are allowed to do so. This seemingly simple task has
become a very complex process with systems that need to be continually updated and processes
16

that need to constantly be reviewed. There are three main objectives for information technology
security: confidentiality, integrity, and availability of data. Confidentiality is protecting access to
sensitive data from those who don't have a legitimate need to use it. Integrity is ensuring that
information is accurate and reliable and cannot be modified in unexpected ways. The availability
of data ensures that is readily available to those who need to use it (Feinman et. al., 1999).
Information technology security is often the challenge of balancing the demands of users versus
the need for data confidentiality and integrity. For example, allowing employees to access a
network from a remote location, like their home or a project site, can increase the value of the
network and efficiency of the employee. Unfortunately, remote access to a network also opens a
number of vulnerabilities and creates difficult security challenges for a network administrator.

References

17

 Information security,Wikipedia,. Available

from:<https://en.wikipedia.org/wiki/Information_security>. [8 February 2009].
Feinman, Todd, Goldman, David, Wong, Ricky, and Cooper, Neil,
PricewaterhouseCoopers LLP, Resource Protection Services, Security Basics: A White
Paper, June 1, 1999.
Top 10 IT security issue 2009.Available from:
<http://searchsecurity.techtarget.com/definition/information-security-infosec>. [5 July
2009].
Business Dictionary 2010.Available from:
<http://www.businessdictionary.com/definition/information-security.html>. [5 August
2010].
Top 3 information. Available from: < http://er.educause.edu/articles/2015/1/the-top-3strategic-information-security-issues>. [23 February 2007].
Top 10 security issue,forbes, 2000. Available from:
<http://www.forbes.com/sites/kenrapoza/2012/12/05/top-10-security-issues-that-willdestroy-your-computer-in-2013/>. [28 November 2000].
Introduction to IT security, 2009.Available from: < http://ccm.net/contents/635introduction-to-it-security>. [13 July 2009].
Effects on computer hacking, 2008.Available from:
<http://smallbusiness.chron.com/effects-computer-hacking-organization-17975.html>.
[13 November 2008].

18