What for safeguarding this kind of information that

What is the impact of Information Technology Security on
organizations, government, and military services? The objective is to
understand what the necessary steps in cyber-attack prevention are. Another
objective is how to prevent or recover from an information breach.

 

            The purpose
of this paper is to examine how information security impacts U.S. Military
Services, government, and large-scale organizations. In today’s modern culture,
technology has become a powerful asset of daily lives and continuously
progresses. Technological advances have flourished in impacting our lifestyle in
every sector. Technology is utilized in energy, healthcare, education,
transportation, agriculture, and more. However, with greater innovation comes a
greater threat to breaches in personal information. Cyber-attacks have become
eminent threats towards big business, military services, and the nation’s
government. I.T. (Information Technology) security prevents delicate
information such as social security, credit cards, passwords to emails and
social media, etc., from being stolen or accessed by unauthorized users.

 

B.               Background

Information Technology Security is the process of
implementing measures and systems designed to securely protect and safeguard
information utilizing different forms of technology developed to create, store,
use and exchange such information against any unauthorized access (IT Security
Resources, 2015). As the internet continues to evolve, so does cybercrime. The
worldwide web has granted people access to vast amounts of information while
also making tasks including, shopping, banking and paying bills convenient (Comodo,
2017). Security analysts are responsible for safeguarding this kind of
information that is confidential to any individuals or personnel within an
organization. Panda Security detected and neutralized more than 84 million new
malware samples throughout 2015 (Panda Security, 2016). In the event of an
information breach, the first step is to understand the nature and severity of
the threat and the potential damage that it can cause.     

 

II.       Information Security’s role in National
Defense

The United States Military overseas
protecting top secret information that must remain confidential such as troop
locations, launch codes, and other data (NCI, 2015, para.3). “Before and during
the Gulf War, hackers from the Netherlands penetrated computer systems at 34
American military sites on the internet, including sites directly supporting
Operation Desert Storm/Shield” (Denning, 2003 p.5). Files containing the exact
location of troops, their weapons, the capabilities of the Patriot missile, and
the movement of American warships in the Gulf region. Drones and communication
systems operated by military personnel are technology-based, meaning any hack
of these devices could compromise national security. According to Thompson
(2015), “there are more than seven million devices linked to the Department of
Defense network”. With the inclusion of internet, the Department of Defense
plans to increase the number of cybersecurity specialists in the future to
solidify the cyber defenses of the military (NCI, 2015, para.1).

III.    Technological Trends

          “Cryptography has long been used as a
method to protect data. Modern cryptographic techniques are essential in any IT
system that needs to store and safeguard personal information” (Hoven, Blaauw, Pieters &
Warnier, 2014). Cryptography is
used in information security to protect information from unauthorized or
accidental disclosure while the information is in transit (either
electronically or physically) and while information is in storage (Savu, n.d.). Its
purpose is to practically disguise data so that non-permitted users do not have
access. “The literal meaning for cryptography is ‘hidden writing’: how to make
what you write obscure, unintelligible to everyone except whom you want to
communicate with” (Savu, n.d.).     

          Information and Information technology
has become increasingly mobile. Individuals and their devices can be located
anywhere and move from place to place. “These devices typically contain a range
of data-generating sensors, including GPS, movement sensors, and cameras, and
may transmit the resulting data via the Internet” (Hoven, Blaauw, Pieters &
Warnier, 2014, para.32). Software and data can be saved and transmitted by
means of email, text, the worldwide web, and social media. Accordingly, mobility
has made the task of protecting information more problematic (Denning, 2003
p.9). Mobile software has always posed a major security challenge. Computer
viruses, worms, trojan horses, and types of detrimental code have the ability
to enter computers through different forms of communication (Denning, 2003,
p.10). They account for a substantial amount of all computer security incidents
and can escalate at dangerous rates.

         

IV.    Government

Many federal government systems have
insecurities despite initiatives to consolidate them from foreign attacks
(Denning, 2003, p.12). Following the aftermath of the terrorist attack against
the World Trade Center and Pentagon, the General Accounting Office (GAO) stated
that “independent audits continue to identify persistent, significant
information security vulnerabilities that virtually place all major federal
agencies’ operations at high risk of tampering and disruption” (Denning, 2003,
p.12). The personal information of state officials and important civilian
contractors is stored on government owned servers. The most notable incident
was in 2015, when the Office of Personnel Management was hacked. A significant
amount of its classified information was exposed and put approximately 21.5
million Federal employees at risk of identity theft (Davis, 2015). The attacks
targeted not only military information but issues as diverse as freedom of
speech and critical infrastructure systems operated by multiple private sector
companies (NCI, 2015 para. 2).

In February 2013, former President,
Barack Obama, issued an executive order that read “Repeated cyber intrusions
into critical infrastructure demonstrate the need for improved cybersecurity.
The cyber threat to critical infrastructure continues to grow and represents
one of the most serious national security challenges we must confront. (Staff,
2013, para.2).” Government organizations need to have the proper knowledge of
the threats they encounter and improve information security. In a 2012
cybersecurity study coproduced with Deloitte, the National Association of State
CIOs (NASCIO) found that 70 percent of state CISOs had reported an IT security
breach. In the same study, only 24 percent of state CISOs said they were
confident about protecting their state’s assets from external threats (Staff,
2013, para.3).

 

(Government Accountability Office,
2014)

The graphic above displays the
number of reported information security incidents involving personally
identifiable information has more than doubled over the last several years. Major
federal agencies continue to face challenges in fully implanting all components
of an agency-wide information security program, which is essential for securing
agency systems and the information they contain. In December 2013, GAO reported
on agencies’ responses to PII (personally identifiable information) data
breaches and discovered they were inconsistent and needed improvement.

V.      Large Business/Organization

          The implementation of an information
security strategic plan can position an organization to diminish, transfer,
accept, or avoid information risk related to people, processes and technologies
(Evans, 2015). “An established strategy assists an organization appropriately
to assure the confidentiality, integrity, and availability of information”
(2015). Consequently, credit bureau, Equifax, most recently encountered a
breach of 143 million Americans’ personal information (Sweet, 2017). The
company’s security team detected suspicious network traffic with the software
that ran its online dispute portal. This vulnerability resulted in a loss of
Equifax shares since it announced the breach. No matter how large or small an
organization is, a plan to ensure the security of your information assets is
essential (Anonymous). The business benefits of an effective information
security strategic plan are significant and can offer a competitive advantage (Evans
2015). These may include complying with industry standards, avoiding a damaging
security incident, sustaining the organization’s reputation and remaining
committed to shareholders, customers, partners and suppliers (Evans 2015).

(Pelisson, 2017)

 

The chart displays the number of
compromised records in selected large-scale data breaches. The Equifax breach
contained data that is considered most sensitive about individuals including
social security numbers, full names, addresses, birth dates, and possibly
driver and credit card information for some (Pelisson, 2017) . This type of information
is the kind that several organizations such as financial and insurance
companies use to identify a client accessing their accounts from online, by
phone, or in person. Those responsible for the hack, had access to this
information between May and July of 2017, and took the company five weeks to
disclose the breach (Pelisson, 2017).

 

VI.    Answer to Research Question

          According to Evans (2015), a gap
assessment of an organization’s current state and existing efforts is an
important step for security breach prevention. An assessment enables efficient
planning, which then becomes more effective. Additional steps to building a stable
policy include defining the vision, mission, strategy, initiatives and tasks to
be accomplished so they enhance the existing program already put in place. As
Denning (2003) stated, the enhanced mobility of technological devices makes it
more difficult for protecting information. It has extended network security’s
perimeter from the workplace to homes, airports, hotel rooms, and other
facilities. Once information is confined to office networks, it can make way to
home PCs, laptops, computers, and handheld devices which may be less protected
physically (Denning 2003, p.9). Each year, tens of thousands of personal
laptops are stolen or reported lost, including those that contain secret
information whether it belong to the federal government, The Department of
Defense, or corporate records (Denning 2003, p.9).   

VII.   Conclusion

The importance of Information
Technology is imperative in the generation of today. Many rely on I.T. Security
to safeguard vital information from being accessed and stolen. Our nation’s
defense utilizes it in every aspect to counter attack cyber threats that could
damage national security and compromise military strategies by exposing the
location of American troops. The Federal Government’s server systems are
responsible for keeping classified information from being stolen by hackers,
which potentially poses a threat to national security as well. Big businesses
and organizations rely on information security to protect and store data of
corporate records and clients. Data such as social security, credit card
information, and passwords to communication devices must be protected to avoid
identity theft. To prevent these catastrophes from occurring, the government,
military, and large business organizations seek assistance from security
professionals and analysts. A potential solution to this obstacle is to
strengthen the flaws and gaps located within the organization’s security
measures to counter cyber threats that may approach in the future.