IT Essay Paper Sample on The Myth of Secure Computing

The Myth of Secure Computing

            The article “The Myth of Secure Computing” by Robert Austin and Christopher Darby (2003) provides an in-depth insight into the managers’ responsibility in managing threats to digital security in the same way they manage other risks facing their organizations. However, most of these senior executives often ignore the digital security issue for several reasons. Firstly, it is because digital security is uniquely complicated, that is, one that require specialized technical knowledge. Most executives lack this knowledge as they are largely trained to handle management issues involving human resources, organizational operations, and financial stability of the company. Secondly, some of the digital security threats actually originate from within the company, especially by careless employees. Therefore, preventing such internal risks require organizational policies that re-affirm the need to maintain high security standards and optimum employee performance. Since most executives do not like nagging in order to reinforce such requirements, they normally tolerate employee carelessness that eventually increases digital security risks. Finally, digital security is an invisible aspect, in which one can actually realize success of efforts to strengthen it only when there is no any breach of security (Austin & Barby, 2003, p. 120). Ironically, executives can be accused of wasting the organization’s finances invested in digital security when any serious breach of security fails to occur for a relatively long time. Executives that are unwilling to face such circumstances often hire digital security consultants with the aim of making their organizations completely impermeable, without actually realizing that an impermeable digital security defense is in reality nonexistence.

            The authors identified four major types of risks to digital security. Network attack as the first type is carried out over the internet, in which it compromises the networks online services without actually interfering with the information technology (IT) system’s internal configurations. Generally, it reduces or compromises the optimum performance of the network, and its associated services. Secondly, the denial of service attacks (DoS) are carried out directing excessive internet traffic to a particular network system with the intention of depleting its resources, resulting in the crashing of the computer system. Intrusions as the third major type of threats occur when an unauthorized individual gains access to an organization’s internal IT system through the same access point used by the authorized users. Intruders can achieve this through obtaining the access details, such as username and passwords of genuine users, through hacking the system’s database containing such details or soliciting them from unsuspecting system administrators by disguising as the genuine users requesting the access details after forgetting them.  Finally, the malicious code threats are in the form of infectious programs, for instance viruses and worms, which are usually disguised as genuine programs. They usually interfere with both the hardware and software components of the computer system, for instance, altering of files and computer programs, and even the crashing of the computer’s memory storage.

            Risks in digital security can be mitigated through adopting a risks management approach. Organizations can accomplish this by staying ahead of emerging digital security risks and defenses. A company should first identify its digital assets and determine how much protection they deserve. They also have to define or state the appropriate use of their IT resources. An organization should control access to its systems, and strive to use secure software from known vendors. Moreover, a company needs to know the exact software running in its systems, and should regularly test and benchmark its digital defense system. Furthermore, a company should rehearse its response to attacks to establish objective problem-solving procedures and eliminate reactive ones. Finally, organizations should analyze the root causes of the attacks to reduce possibilities of similar attacks in the future. The bottom-line is that executives should mitigate digital security risks using the cost-benefit approach, in which the organization’s resources are spent to mitigate risks capable of causing most damage to the business. It is impossible to counter all digital security risks, even through well-defined management actions and heavy investments.            

References

Austin, R. D., & Darby, C. A. (2003). The myth of secure computing. Harvard Business Review81(6), 120-126.