The paper “ Security of Information in Commercial or Business Organisations” is a forceful variant of literature review on information technology. The management of vulnerabilities and threats to assets is a major challenge for business organizations. Vulnerabilities in assets can be understood as weaknesses in these assets, which can be exploited in order to cause harm to them. Such harm to assets can occur in the form of disclosure, destruction, interruption, data modification, as well as Denial of Service (DoS). The effect of such threats on firms is potentially great because of the risk of financial loss and lack of business continence services.
As threats to and vulnerabilities in assets may not be fully avoided, it is crucial that both should be suitably mitigated. Therefore, this paper intends to explore some significant security concepts, as well as the existing categories of threats to commercial assets. It also aims to outline some of the physical, human, and technological countermeasures to the security threats discussed. DefinitionsAccording to Onwubiko and Lenaghan (2007), computer security refers to the protection accorded to computer systems to achieve the basic goals of upholding integrity, confidentiality, availability, non-repudiation, and authenticity of information network resources, including software, hardware, firmware, data or information, and telecommunications.
Therefore, the basic goal of handling vulnerabilities and threats is to safeguard computer systems and to ensure that computer communications adhere to certain requirements as outlined below. First, it is necessary to maintain the confidentiality of communications and systems. Confidentiality refers to the conditions necessary in the avoidance of unlawful disclosure if communications and systems are accessed either inadvertently or intentionally (Wheeler 2011). Secondly, Maliapen (2012) argues that it is vital, too, to maintain the integrity of computer systems, information, or data.
This is a requirement so as to ensure that computer systems and the services offered by them are complete, accurate, authentic, timely, and consistent. Thirdly, it is critical to maintaining the availability of computer systems and the services offered. This requirement is crucial in ensuring that computer systems and their services are accessible at established stages to rightful entities (Wheeler 2011). Additionally, computer security is indispensable in handling threats to computer systems. Threats refer to events, entities, or circumstances with the ability to cause harm or alter standard security operations through the exploitation of system vulnerabilities (Onwubiko & Lenaghan, 2007).
In contrast, harm refers to a breach or abuse of integrity, confidentiality, or availability of computer systems, in terms of disclosure, destruction, interruption, or modification of DoS or data (Colwill, 2009). Onwubiko and Lenaghan (2007) contend that computer security is also necessary in maintaining the authenticity of computer networks. Authenticity is important in ensuring that transactions, data, communications, or physical and electronic documents are valid. It is also critical to authorize that parties engaged in transactions are truly who they allege to be.
Moreover, Durdağı and Buldu (2010) assert that computer security helps in ensuring that there is non-repudiation. Non-repudiation entails one’ s intention to honor obligations in an agreement. By extension, it means that one transaction party cannot refute having entered into a transaction nor may the other party refute having offered a transaction (Yeh & Chang, 2007). In addition to the concepts above, Smith, Friese, Engel, Freisleben (2006) claim that an asset refers to anything that is of importance and value to the owner, including data, information, network, programs, and communication infrastructures.
The aforementioned conceptual framework is useful to business in gaining a full understanding of the requirements for the protection of assets from threats, associated risks, and vulnerabilities, as well as ways of protecting information systems (countermeasures) (Rountree, 2011). This framework is also essential to businesses in the identification and recognition of which assets are significant to them. It thereby helps in determining what needs to be protected, as well as the weaknesses existent in these assets (Onwubiko & Lenaghan, 2007).
Andel, T.R. & Yasinsac, A. (2008). Adaptive Threat Modeling for Secure Ad Hoc Routing Protocols. Electronic Notes in Theoretical Computer Science,197 (2), 3-14
Andress, J. (2011). Chapter 1 - What is Information Security? The Basics of Information Security. Pp. 1-16
Andress, J. (2011). Chapter 6 - Operations Security. The Basics of Information Security. Pp.81- 95
Azad, T.B. (2008). Chapter 1 - Introduction to Security. Securing Citrix Presentation Server in the Enterprise. Pp. 1-67
Basagiannis, S., Katsaros, P., Pombortsis, A., Alexiou, N. (2009). Probabilistic model checking for the quantification of DoS security threats. Computers & Security, 28(6) , 2009, 450- 465
Beal, B. (2005). IT is security: the product vendor landscape. Network Security, 2005, (5), 9-10
Bidgoli, H. (2002). Chapter 11 - Security Issues and Measures: Protecting Electronic Commerce Resources. Electronic Commerce. Pp. 363-398
Choo, K.R. (2011). High tech criminal threats to the national information infrastructure. Information Security Technical Report, 15(3), 104-111
Choo, K.R. (2011). The cyber threat landscape: Challenges and future research directions. Computers & Security, 30(8), 719-731
Colling, R.L, & York, T.W. (2010). Chapter 3 - Security Risks and Vulnerabilities. Hospital and Healthcare Security. Pp. 51-84
Colwill, C. (2009). Human factors in information security: The insider threat – Who can you trust these days? Information Security Technical Report, 14(4), 186-196
Durbin, S. (2011).Tackling converged threats: building a security-positive environment. Network Security, 2011 (6), 5-8.
Durdağı, E. & Buldu, A. (2010). IPV4/IPV6 security and threat comparisons. Procedia - Social and Behavioral Sciences, 2(2), 5285-5291
Farmer, M.C. (2005). Environmental consequences of social security reform: a second-best threat to public conservation. Ecological Economics, 53(2), 191-209
Flick, T., & Morehouse, J. (2011). Chapter 2 - Threats and Impacts: Consumers Securing the Smart Grid. Pp. 19-33
Furnell, S.M., Bryant, P. & Phippen, A.D. (2007). Assessing the security perceptions of personal Internet users. Computers & Security, 26, (5), 410-417
Gandotra, V., Singhal, A., & Bedi, P. (2012). Threat-Oriented Security Framework: A Proactive Approach in Threat Management. Procedia Technology, 4(2), 487-494
Holtsnider, B., & Jaffe, B.D. (2012). Chapter 8 - Security and Compliance. IT Manager's Handbook (Third Edition). Pp. 205-246
Hunter, P. (2002). VOIP the latest security concern: DoS attacks the greatest threat. Network Security, 2002(11), Pp. 5-7
Khan, R.A., & Mustafa, K. (2009). From threat to security indexing: a causal chain. Computer Fraud & Security, 2009(5), 9-12.
Korper, S., & Ellis, J. (2001). 10 - Secure Your Investment: Security threats and Solutions. The E-Commerce Book. Pp.189-210.
Kritzinger, E., & von Solms, S.H. (2010). Cybersecurity for home users: A new way of protection through awareness enforcement. Computers & Security, 29(8), 840-847
Maliapen, M. (2012). Computer Security Encyclopedia of Applied Ethics (Second Edition).Pp.547-552
Norman, T. (2012). 19 -Security System Integration. Electronic Access Control. Pp. 263-279
Onwubiko, C. & Lenaghan, A.P. (2007). Managing Security Threats and Vulnerabilities for Small to Medium Enterprises. IEEE International Conference on Intelligence and Security Informatics. Pp. 1-6.
Rountree, D. (2011). 4 - System Security. Security for Microsoft Windows System Administrators. Pp. 109-134
Schneider, D. (2012). The state of network security. Network Security, 2012 ( 2), 14-20
Smith, M. Friese, T., Engel, M., Freisleben, B. (2006). Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques. Journal of Parallel and Distributed Computing, 66(9), 1189-1204
Stallings, W. (2009). Chapter 36 - Physical Security Essentials. Computer and Information Security Handbook. Pp. 627,629-643
Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E. (2005). The insider threat to information systems and the effectiveness of ISO17799. Computers & Security, 24(6), 472-484
Vacca, J.R. & Ellis, S.R. (2005). 14 - Internal IP Security Threats: Beyond The Firewall. Firewalls. Pp.231-248
Wheeler, E. (2011). Chapter 11 - Threat and Vulnerability Management. Security Risk Management. Pp. 215-237
Wiles, J., Gudaitis, T., Jabbusch, J., Rogers, R., & Lowther, S. (2012). Chapter 2 – Low tech vulnerabilities: Physical security. Low Tech Hacking. Pp. 31-49
Xenakis, C., & Merakos, L. (2004). Security in Third Generation Mobile Networks. Computer Communications, 27 (7), 638-650.
Yeh, Q. & Chang, A.J. (2007). Threats and countermeasures for information system security: A cross-industry study. Information & Management, 44(5), 480-491
Young, C.S. (2011). Chapter 1 - Security threats and risk. Metrics and Methods for Security Risk Management. Pp. 3-18