Sample IT-Web Research Proposal Essay on IT Security and Vulnerabilities

IT Security and Vulnerabilities

3.0 Abstract

Information technology vulnerabilities refer to security threats and risks affecting peoples’ and organizations’ data, leading to loss, theft, and damages. Information technology systems, programs, and applications are diverse in order to offer users with technical and non-technical support. They are however prone to an array of threats and risks affecting security measures implemented to protect data from loss and damages. Information technology vulnerabilities therefore refer to cyber security risks threatening the levels of security maintained to ensure that private and confidential information is protected. For example, CNN reported United States recorded at least seventy-nine cyber attacks on the energy industry in 2015 affirming that information technology vulnerabilities ought to be mitigated (Pagliery, 2015).

This research will therefore discuss how vulnerabilities are affecting information technology systems, programs, and applications, leading to socioeconomic, political, and even environmental losses and damages. Foremost, it will focus on how information technologies are utilized by users for socioeconomic support. Consequently, it will emphasize how innovation and advancing technologies are adversely influencing security measures aimed at mitigating information technology vulnerabilities. Thus, it will discuss the various forms of information technology vulnerabilities. Later, it will discuss the various factors facilitating information technology vulnerabilities. This will enable the research to provide various recommendations aimed at mitigating the information technology vulnerabilities. The recommendations section will discuss types of measures to mitigate information technology vulnerabilities by explaining how and why they ought to be implemented.

4.0 Background

Information technology has been advancing and expanding due to innovation. This however has also led to increase in security risks and threats affecting information technology data and users. For example, security risks allied to vulnerability to malware, attacks, and viruses coupled with compromised networking systems and social media platform have led users to be wary. These vulnerabilities have reduced levels of privacy and confidentiality among information technology users as they have to be cautious to avoid loss and theft of private data such as personal financial information. Thus, information technology vulnerabilities compromise confidentiality, availability, and integrity of ensuring users and data are protected from unauthorized access mainly perpetrated by cyber criminals (Cook, Waugh, Abdipanah, Hashemi & Abdul, 2014).

To ensure information technology users are protected consistently in a careful way, security agencies within the information technology sector should develop security measures aimed at enhancing privacy and confidentiality levels to improve security. State of the art security measures to prevent information technology vulnerabilities should be developed and implemented. Consequently, innovators should ensure the measures evolve as technology changes, advances, and expands in order to support and secure information technology growth and development procedure. This will ensure advanced threats and vulnerabilities especially committed by cyber criminals are reduced and ultimately prevented. Information technology security should therefore be diligent in order to understand and anticipate risks, threats, and vulnerabilities (FCC, 2013).

5.0 Aims and Objectives

This dissertations aims at asserting that, information technologies are vital as they support social, economic, and political growth and development. They are however marred with risks, threats, and vulnerabilities that have led to loss of data, financial resources, reputational damages, and identity thefts. Thus, the research objectives are as follows.

  1. Define information technology
  2. Discuss various forms of information technologies
  3. Discuss information technology security
  4. Discuss information technology vulnerabilities
  5. Recommend measures to enhance information technology security
  6. Recommend measures to reduce and prevent information technology vulnerabilities

6.0 Research Questions

  1. What are the different types of information technology vulnerabilities?
  2. How can information technology vulnerabilities be identified by people and organizations?
  3. What are the factors facilitating information technology vulnerabilities?
  4. What are the diverse measures to implement to mitigate information technology vulnerabilities?
  5. What viable recommendations to implement in order to achieve and sustain information technology security while mitigating the vulnerabilities?

7.0 Introduction

Information technologies are dominant systems espoused and implemented across global industrial sectors and communities. Technologies have therefore been advancing as innovators have facilitated growth and development within the information technology sector across global industries comprising of business ventures, communities, and sectors to achieve socioeconomic augmentation. Technological innovators are influenced by the belief that information technologies facilitate growth and development globally. As a result, they utilize innovated and digitalized programs and systems to ensure the global community utilizes information technology to undertake diverse functions and operations easily and quickly. Information technology security can therefore be defined as the use of technologies to save time, energy, and resources as innovated and digitalized systems and programs can undertake functions and operations such as storage, communications, networking, convergence, and multimedia processing among others effectively and efficiently (Chandramouli, 2014).

Globalization and modernization processes have led social and economic communities and organizations to utilize information technologies in order to increase and maximize political, social, environmental, and economic gains. Political gains are recorded among groups, organizations, and persons utilizing information technologies to communicate, market, and achieve political mandates aimed at meeting, fulfilling, and managing people’s expectations during the political authority tenure. Thus, politicians are utilizing information technologies as a platform to affirm they are relevant and socially accepted by community members especially during election periods.  Environmental gains attributed to information technologies are diverse. For example, various agencies allied to environmental conservation and preservation rely on information technology programs and applications to detect air and noise pollution. Consequently, they determine measures to undertake in order to stop and prevent similar types of pollution in the future. Organizations and households have also installed fire and smoke detection applications. This prevents loss and/or damaging of properties coupled with environmental pollution mainly attributed to the smoke. Social gains on the other hand are retrieved from the increasing use of social media networking sites. Social media network sites are diversely spreading to ensure use of information technologies enhances social benefits. The sites include MySpace, Facebook, Twitter, YouTube, and Instagram among others. They are utilized by users to make and reconnect with friends and family members. This however does not hinder persons with business acumen to use the social networking sites to advertise and market their business ventures to friends and family members in order to enhance profitability rates (Viveca, 2005).

The use of social networking sites has therefore led to economic gains. Business people, organizations, and groups are therefore conducting commercial activities by relying on information technologies in order to be recognized and achieve financial gains. For example, small, medium, and large organizations have been developing websites in order to provide members of the community with relevant information regarding the activities, operations, and functions. They ensure the websites are developed in a format attracting and retaining customers in attempts to achieve and sustain consumer loyalty. In order to remain relevant and also achieve a competitive advantage, they are utilizing information technologies through use of social networking sites mainly Facebook. Ultimately, persons seeking to achieve and enhance economic gains are utilizing information technologies to advertise products and services and enhance the functions and operations they undertake in order to increase sales, clientele base, and sustain a competitive advantage. Thus, information technologies have facilitated economic growth and expansion as they are utilized to increase commercial activities (Konsbruck, 2013).

8.0 Theoretical Relevance

8.1 Contractualism Theory

This is an ethical theory applied to assert that, moral nature should involve applying values to undertake actions while relying on information technologies. The contractualism theory therefore strives to affirm that, applying morals, ethics, and values within information technology infrastructures can enhance the security provided by the systems and programs and reduce the vulnerabilities. For example, if all human beings acknowledged information technologies should achieve social, economic, and political gains, hackers, phishers, and other cyber criminals would not exist. Consequently, incidences of information technology vulnerabilities such as loss of data through unauthorized access and theft would be prevented. The contractualism theory therefore asserts that, users of information technology systems and programs should achieve, enhance, and sustain security measures supported by peoples’ sense of responsibility aimed at maximizing the information technology security. Thus, information technology users should respect and uphold national and international measures effectively and efficiently implemented to mitigate the vulnerabilities that are mainly security risks. This process however involves users adopting and embracing virtue of ethics ensuring interactions across information technology systems and programs are supportive, beneficial and safely undertaken (Madeleine & Jonathan, 2012).

8.2 Consequentialism Theory

This theory focuses on value of actions and choices undertaken by users relying on information technology systems and programs on day-to-day basis. The consequentialism theory is therefore different and unique from theories discussed above as it does not focus on users’ moral, social, cultural, and ethical values as they utilize information technologies. Instead, it focuses on users’ manners to ensure they identify, understand, and interpret the significant measures formulated and implemented to enhance information technology security and mitigate the vulnerabilities. By applying philosophical approaches enhancing security measures implemented to reduce information technology vulnerabilities, this theory promotes a sense of responsibility among users. Consequently, cyber criminals can acknowledge use of viruses, phishing programs, malware, and hacking activities enhance information technology vulnerabilities. As a result, they can put an end to these activities leading to enhanced information technology security (Madeleine & Jonathan, 2012).

8.3 Deontologism Theory

This theory applies universal duty based virtue of ethics to support and encourage information technology users to uphold cultural, social, and moral ethics and values. This guarantees information technology security to be enhanced and the vulnerabilities mitigated. Persons relying on information technology systems and programs on day-to-day basis should therefore uphold freedoms, duties, ad rights aimed at enhancing privacy, social, and security benefits associated with information technology infrastructures. As a result, hackers, phishers, and persons relying on viruses to violate information technology security measures and users privacy rights through illegal accesses should reform and put an end to such unauthorized, unacceptable, and unlawful activities. The deontologism theory is therefore a decision making approach encourage use of common sense to maximize information technology security and mitigate the vulnerabilities (Madeleine & Jonathan, 2012).

9.0 Methodology

9.1 Theoretical and logical Justifications for the Empirical Study

The research paper aims at discussing information technology security and vulnerabilities. The study will focus on factors promoting information technology security and accentuating information technology vulnerabilities. Thus, the goal of the research is to make use of a mixed method that integrates both qualitative and quantitative research methods. Combining qualitative and quantitative research methods with an exploratory research design is vital as it will assist in conducting the data collection process in a reliable and valid manner (Creswell, 2009). Thus, the logically justifying principle for using this research technique is the fact that qualitative research method is used with the objective of understanding a particular phenomenon. As a result, it will enable discovery of the innermost meaning of the study concerning information technology security and vulnerabilities (Creswell, 2003). For instance, use of qualitative and quantitative research approaches shall enable identification of opinions, perspectives, and attitudes aiming to resolve the need to raise awareness and enhance information security while mitigating the vulnerabilities.

Walker explains that, the choice of a quantitative research strategy is because it provides the researcher with a platform from where he/she can carry statistical inferences to the study. In the same vein, it will also allow the researcher to use numerical representations while explaining a phenomenon based on the available observations (Creswell, 2003). Conversely, qualitative research approach is to be used because it provides insights that will later on allow the researcher to generate theoretical frameworks (Wilson, 2010). Thus, the main reason for choosing both qualitative and quantitative research strategy is based on the observation that it allows a researcher to estimate and to relate different variables used in the research (Creswell, 2003; Creswell, 2009). At the same time, the use of both qualitative and quantitative research strategies enables the researcher to make use of the opinions and attitudes of the participants to support the statistical data (Creswell, 2003; Williams, 2007). Creswell further asserts that, a mixed approach can be helpful in a research study in the sense that it enables the researcher to gain an in-depth understanding of the roles of awareness as regards the importance of information technology security in an organization and individual levels (Creswell, 2003).

9.2 A New and Non-Obvious Technique /Solution to Answer the Problem

The current research study is concerned with determining whether raising awareness on the importance of information technology security promotes safe and secure information systems. It is important to note that there are certain practices that organizations can use in attempts to enhance organizational security awareness related to the importance of information technology security against related vulnerabilities. Some of the possible practices include training personnel and employees, determining the roles for security awareness and establishing an organizational culture to promote security awareness throughout the organization. The real data applied in conducting the research therefore includes identifying information technology vulnerabilities in order to acquire data that can be applied to mitigate them and enhance security levels. This data will be collected among people and individuals seeking to enhance information technology security but face diverse information technology vulnerabilities from phishers, hackers, and other diverse cyber criminals.

After collection of data from the sample selected, it would be possible to come up with the best solution to the current problems being experienced because of advancing information technology systems and programs. The proposed solution is for organizations to carry out security awareness as an on-going program to make sure that, training and knowledge is not just made available as an annual activity but rather applied to maintain a high level of information technology security awareness on a daily basis. Moreover, people have become the weakest links in the information technology security chain. This is because even the latest security technologies are failing to guarantee protection against the vulnerabilities and risks (Caldwell, 2013).

Thus, the proposed solution is appropriate because security technologies can protect core systems from technological attacks although they cannot protect organizations against employees and personnel providing information on social media for cyber criminals to access. The security technologies also fail to ensure organizational employees and personnel are not using various information technology networks putting the firm in a vulnerable position the organization is likely to lose data and violate clienteles’ privacy and confidentiality levels. Creating awareness can therefore provide organizational personnel and employees with the necessary information required in order to address and resolve information technology insecurities and vulnerabilities on individual and organizational levels (Caldwell, 2013).

9.3 Collection of Suitable Data for Researching Information Technology Security and Vulnerabilities

Datasets with different characteristics are required while undertaking a research study and carrying out experimental case studies. The choice of synthetic data sets is based on the observation that, it is essential in meeting certain characteristics that are not found in real data. In this study, the researcher has planned to use synthetic data set because it is generally difficult to get access to real cyber incident data related to information technology security awareness.

9.4 Reasons for Using Data Sets

The following reasons led to use of synthetic data sets. Foremost, they cannot be obtained through direct measurement of information technology security and vulnerabilities. As a result, they allow the study conducted by a professional to persistently apply business processes in order to identify information technology security and vulnerabilities. Consequently, data sets rely on anonymous data in order to maintain privacy and confidential levels. Thus, using data sets guaranteed companies and persons willing to participate in discussing information technology security and vulnerabilities are protected. For example, their IP addresses, social security and credit card numbers as well as home and work addresses will be anonymous protecting the participants from information technology vulnerabilities. Synthetic data sets are also viable as they allow a fair comparison with other proposed solutions in any existing literature. For example, they can allow comparison of factors mitigating technology vulnerabilities.

9.5 Synthetic Datasets Description

The initial step in creating the required data set is to search for past studies related to information technology security and vulnerabilities. Consequently, the most viable data sets able to answer the research questions listed above will be selected. In conducting this study, the generated datasets were formed based on age, gender, and industrial group.

9.5.1 Age

The age value ranges between thirty and fifty-five as it ensures the adult population is the only group to be considered. This is because the age group mainly relies on information technologies to achieve socioeconomic growth and development. As a result, the age group is suitable as it provide reliable data with regards to information technology security and vulnerabilities.

9.5.2 Gender

There two genders namely male and female. The gender feature is necessary in order to promote gender equality and minimize sample bias and errors in sampling and data collection.

9.5.3 Industrial Group

There are at least fifteen different organizations such as communication, transportation and manufacturing ideal in studying information technology security and vulnerabilities. The businesses are randomly chosen out of the given set of business fields and the dataset utilized to discuss information technology security and vulnerabilities.

After the data has been collected, the study will ensure data overlap and duplication is avoided. As a result, the dataset generated ought to capture enough materials applicable in discussing information technology security and vulnerabilities.

9.6 Experimental Plan

The primary goal of the experiment is to provide recommendations concerning the importance of carrying out security awareness. This process should involve on-going information technology systems and program that can make sure training and knowledge acquired can be applied to maintain high levels of information technology security awareness on a daily basis. The synthetic data sets collected will be useful in determining whether the proposed recommendations are appropriate and feasible when employed and integrated in organizations. It will also be used to determine if synthetic datasets predict the same as the real data collected using questionnaires from the fifteen selected companies to be used in the study.  

9.7 The significance of the Experiment

The experiment is important because it will enable the research goals and objectives to be fulfilled and realized fully. Consequently, the necessary recommendations discussing factors to enhance technology security while mitigating the vulnerabilities to be provided and explained in-depth.

10.0 Literature Review

According to Cook, Waugh, Abdipanah, Hashemi, and Abdul, more than eighty percent of activities facilitated by information technology systems, applications, and programs are vulnerable to security threats and risks. The information technology sector therefore requires high quality and effective security measures addressing and resolving the vulnerabilities. The measures should aim at enhancing information technology transparency and excellence in delivering the various services facilitated by information technologies. In order to address information technology vulnerabilities, this scope should also acknowledge networks, systems, and infrastructures existing across cyberspaces. This is because information technology vulnerabilities range from organizational to individual levels. More so, cyberspaces have to develop information technology services through use of digital networks that are prone to the vulnerabilities and security risks. Various security measures should therefore formulated and implemented addressing and resolving these information technology vulnerabilities to achieve and sustain national and international security protecting social, economic, and political aspects on a global platform guarantying growth and development (Cook, Waugh, Abdipanah, Hashemi & Abdul, 2014).

Abraham, David, and Whitfield authored a report with regards to information technology vulnerabilities based on a research conducted to prove insecurities have been evolving and expanding since 2006 across information technology infrastructures. The authors asserted that, information technology users have been raising security concerns, as they fear cyber criminals are targeting information technology infrastructures to commit socioeconomic attacks. Malicious information technology users are also invading websites, social media platforms, and other digital networks to acquire private and sensitive information for malevolent use. For example, they can acquire an individual’s private financial reports in order to destroy the person’s credit history and social reputation. During such incidences, it is often challenging to suspect and ascertain that personal and confidential information has been acquired illegally. Exploring information technology infrastructures to identify the various measures applied to enhance the vulnerabilities is therefore a vital procedure as it can identify factors to enhance security measures. The authors therefore asserted that cyber criminals using viruses and malware to phish and attack innocent users often facilitate information technology vulnerabilities (Abraham, David & Whitfield, 2013).

The Security and Privacy Symposium and Workshops (SPSW) defines data security as an architecture developed to ensure information technology systems, programs, and applications are protected from cyber criminals. This is because lack of the architecture puts information technology infrastructures in vulnerable position cyber criminals can utilize to unlawfully access, exploit, steel, harm and damage private and confidential data. Digital networks rely on internet connectivity in order to provide information technology products and services to the users. This however also facilitates cyber criminals to rely on the internet networks to steal or damage any form of data they can access and acquire. People and individuals should therefore be advised to ensure their information technology infrastructures implement unique configurations to provide a layer of protection against cyber criminals (SPSW, 2015).

10.1 Types of Information Technology Vulnerabilities

10.1.1 Poor Configuration Management

Private and professional computers often rely on internet connectivity to meet and fulfill users’ needs mainly allied to research. For example, a user can use private computer to retrieve information from Google in order to gather facts. Conversely, an employee can use organizational computer to access an internet connection in order to undertake the firm’s operations and functions. Connectivity to any internet network ought to uphold configuration management policies. This reduces information technology vulnerabilities such as phishing and hacking (FCC, 2013).

10.1.2 Spear Phishing and Targeted Attacks

Cyber criminals mainly hackers and phishers target individuals and organizations they believe hold private and confidential information that should not be illegally accessed and used maliciously. For example, they understand some people store their personal financial information in private computers for reference purposes. As a result, they wait until the user connects to the internet without upholding the configuration management policies in order to access such information. They apply malware, malicious codes, and viruses to access the victim’s emails, websites, and other areas where any form of information has been stored. They either steal, copy, damage, or harm the information in order for the victim to suffer socioeconomic loss (Kakareka, 2009).

Cyber criminals have therefore relied on spear phishing that mainly involves application of malicious codes to acquire an individual’s personal financial information. Consequently, they defraud, destroy the victim’s credit history, or harm the persons’ reputation, as they are ultimately malicious criminals thriving in cyberspaces (Khonji, Iraqi & Jones, 2012).

10.1.3 Botnets

Botnets refer to networks existing in computers that have been comprised by cyber criminals. Phishers and hackers therefore rely on botnets to invade information technology infrastructures in order to commit crime and implement their malicious intentions. For example, organizations with botnets have suffered financial loss and reputational damages as cyber criminals have stolen consumers’ personal and private information from the database with malice. Information technology vulnerabilities concerning botnets therefore include financial losses, social damages, and loss of private, confidential, and sensitive data that should not accessed or retrieved without authority (FCC, 2013).

10.1.4 Un-patched Client Side Software and Applications

 Personal and organizational computers function due to installation of various software applications. The software applications should always be updated. This however is no always the case as information technology users can be either ignorant or unaware. Computers running on old software versions are prone to information technology vulnerabilities. Cyber criminals attack such computers especially when they are connected to an internet network with the aim of committing a crime. For example, individuals and organizations have fallen victims to phishers and hackers accessing, exploiting, harming, damaging, and/or stealing data contained in computers running on old versions of a software application for malicious use (FCC, 2013).

10.1.5 Cloud Computing

Cloud computing allows large amounts of data to be stored and shared especially among large organizations. Delegating data protection services therefore shifts the security architecture put in place to ensure information technology vulnerabilities are minimized and prevented. Thus, as the organization shares the large amounts of data across various resources and assets relying on digital networks availability and encryption issues are likely to arise. Consequently, phishers, hackers, and other cyber criminals can apply viruses, malicious codes, and malware to access the organization’s data. This puts the organization in a vulnerable position as the data can be destroyed, damaged, stolen and used maliciously, or simply harmed in order to ensure it cannot be retrieved and used by the firm for any socioeconomic benefits (FCC, 2013).

10.2 Factors Facilitating Information Technology Vulnerabilities

Cyber criminals striving to steal, damage, and destroy data stored in personal and organizational computers implement information technology vulnerabilities. These vulnerabilities are artificial as malicious persons accessing information technology infrastructures to attack and result to damages or losses implement them. There is however some natural factors facilitating information technology vulnerabilities.  These natural factors include fires and floods leading to massive loss of data. This factor however is less damaging as the data is destroyed or damaged without malicious cyber criminals gaining access or retrieving the information (Kakareka, 2009).

Most organizations move data among employees consistently and often in order to ensure firm goals and objectives are achieved effectively and efficiently. This however facilitates and enhances information technology vulnerabilities as the data is accessed by several people who can expose it to cyber dangers. All the fifteen organizations reviewed confirmed they transfer and exchange different types of data among employees across various departments and levels in order for firm operations and functions to be sustained. This however provides hackers and phishers with an opportunity to gain access to the data especially when the data is stored in a computer or server. When the organization connects to the internet, cyber criminals implement viruses, malware, and malicious codes to gain access, steal, harm, or destroy the data incurring the organization socioeconomic losses (FCC, 2013).

People should understand information technology security measures they can apply on an individual and organizational level. This is because failure to identify these security measures has enhanced information technology vulnerabilities leading to violation of privacy policies and loss of private and confidential data. For examples, individuals often store data comprising their Personally Identifiable Information, credit card and bank account numbers, work and home addresses, emails, taxpayer identification and Social Security numbers in their personal computers. Failure to acknowledge they ought to install firewalls or an antivirus to prevent illegal access and retrieval of the data enhances information technology vulnerabilities. This is because once they connect to the internet cyber criminals can either hack or phish the personal computer and acquire all forms of data stored. Consequently, they can succeed in identity theft in order to incur the victim socioeconomic losses (Murmuria, Medsger & Voas, 2012).

Failure to classify information while storing it in a computer enhancesinformation technology vulnerabilities as it can be accessed and retrieved using malicious codes aiming to acquire a particular set of data illegally. Information technology users should therefore acknowledge that data classification reduces and prevents information technology vulnerabilities. For example, organizations should classify data into various classes such as the Internal Only Classification comprising of employees’ performance evaluations, audit reports, and partnership agreements. This will ensure persons that should not access the Internal Only Classification data are kept off mitigating information technology vulnerabilities. Consequently, cyber criminals cannot access and retrieve the information as it can be easily detected due to implementation of information technology security policies tasked in monitoring the data to mitigate information technology vulnerabilities (FCC, 2013).

The last factor enhancing information technology vulnerabilities is lack of a plan among individuals and organizations on how to deal with data loss. Unexpected loss of data is common especially if a computer is being accessed by more than one person. Thus, personal computers being accessed by other family members and friends can also suffer from unexpected loss of data in equal measure as rates recorded in an organization. The unexpected loss of data can be due to theft and damaging of the information by malicious cyber criminals. A viable plan to deal with such an incidence should therefore be formulated to ensure the time taken to acknowledge and deal with loss of data is minimal to minimize information technology vulnerabilities. The plan is also vital as it can put cyber criminals in a vulnerable position to expose other persons and individuals they have also attacked and stolen data from for malicious use and socioeconomic losses (Atul, Suraj & Surbhi, 2013).

11.0 Recommendations

There are various measures to mitigate information technology vulnerabilities and enhance the benefits. Information technology systems and programs should be protected from unlawful and unauthorized accesses from cyber criminals with applications identifying vulnerable software promoting threats and attacks. The following measures should therefore adopted by information technology users among individuals and organizations to ensure the systems and programs are supportive and beneficial.

  1. The robust patch management patch should be implemented in order to identify vulnerable software programs utilized by cyber criminals to gain unlawful access to information technology data (USAF, 2009). Consequently, it can update software security measures sustaining the on-going protection application in order to prevent cyber criminals from succeeding in engaging in their unlawful and unethical activities. Thus, the robust patch management program is empowered to prevent current and future information technology vulnerabilities effectively and efficiently (Atul, Suraj & Surbhi, 2013).
  2. Compromised websites are major sources of information technology vulnerabilities. As a result, information technology users either individuals or/and organizations should be advised to install antivirus software applications and firewalls. These information technology security programs are empowered to identify and block risks and threats attacking information technology users’ private and confidential data. They also ensure removable devices containing private and sensitive data are protected from hacking. Thus, cyber criminals can steal such removable devices but they cannot access, retrieve, and harm the data stored as the antivirus or firewall prevents unauthorized accesses. This level of preventing information technology vulnerability is achieved by ensuring the removable devices are encrypted (Brooks, 2012).
  3. The methodology section affirmed organizational information technology systems and programs are often put in a vulnerable position by employees and personnel working in the institutions. It is therefore viable to recommend organizations to embrace cloud computing. Cloud computing should be implemented among organizations while ensuring the process complies with functions, operations, and management policies undertaken at each firm. This will ensure the cloud solutions resolving information technology vulnerabilities across organizational levels are effective and efficient without comprising firms’ managerial and operational policies (Kim, 2011). The cloud computing program however should be regularly reviewed to ensure that, as information technology vulnerabilities evolve the application is also advanced to achieve maximum protection against threats and risks (Chandramouli, 2014).
  4. Disabling the auto run feature among operating systems across organizational information technology systems and programs is considered as an easy preventive measure minimizing the vulnerabilities. This feature ensures organizational computers used by different employees in the firm are not compromised for malicious personnel to steal or harm private data that can incur the firm financial loss and reputational damages (Brooks, 2012).
  5. Defending against malicious botnet attacks is also vital as it monitors computer activities in order to detect information technology vulnerabilities. For example, it can analyze networks accessed by users of a particular computer either at home or work to ensure they are not compromised and harmful. This process also monitors how computer resources are used to detect external connections attempting to gain unauthorized access (Brooks, 2012).
  6. Information technology users should always use password generating programs in order to enhance security measures on personal and professional data. There are various highly-rated programs that can be implemented to achieve information technology security. They ensure advanced authentication capabilities on personal computers either at home or work environments are implemented in order to reinforce applications forbidding unauthorized accesses to websites, data, and social media platforms (Chandramouli, 2014).
  7. Information technology users should acquire a complete inventory of all the assets allied to information technology systems and programs. This will enable users to identify the various vulnerabilities likely to affect the information technology assets. Consequently, they can prioritize on measures to adopt in order to mitigate the vulnerabilities and enhance information technology security measures (Chandramouli, 2014).
  8. Organizations often rely on planned work projects in order to meet and fulfill organizational goals and objectives. These work projects have to be completed while using organization and personal computers. Thus, persons working on the projects may have to use organization computers during work hours and personal computers during their free time in order to complete in time. This however enhances vulnerability levels. As a result, the information technology management should develop a plan aimed at evaluating and assessing the work projects (Foreman, 2010). The plan should ensure the work projects are not vulnerable to security threats and links as cybercriminals often rely on links in such reports to hack or apply a malware and gain unauthorized accessibility. The information technology management should therefore mitigate and remediate these vulnerabilities by ensuring planned work projects are planned and regularly checked for security threats and risks (Brooks, 2012).
  9. Information technology users should also develop a contingency plan in case a vulnerability incidence is identified but cannot be patched in due time. This can be achieved by ensuring all information technology systems and programs are maintained in standardized formats. The formats help in tracking logical and physical elements of the information technology assets in order to identify any actual and potential security threats and risks (Foreman, 2010).
  10. The last recommendation involves application of Incident Management in order to coordinate remediation measures against information technology vulnerabilities. This approach relies on procedures changing management of information technology assets in order to implement security measures. It reviews both critical and non-critical vulnerabilities before utilizing the release management approach to facilitate changes by configuring, modifying, and updating databases to lock out phishers, hackers, and other cyber criminals (Chandramouli, 2014).

12.0 Conclusion

People and organizations utilize information technology infrastructures across the globe for socioeconomic, political, and environmental support and benefits. They should therefore be protected from information technology vulnerabilities in order to ensure users continue to access and receive the supportive benefits they offer. This process should involve various procedures aimed at enhancing security measures. Foremost, the process of addressing and mitigating information technology vulnerabilities ought to involve understanding security risks and threats. These risks and threats include loss, theft, damaging, and harming of data contained in private and organizational computers. Consequently, appropriate measures to enhance security measures and mitigate vulnerabilities that are likely to adversely affect information technology infrastructures can be formulated and implemented. More importantly, users relying on information technology systems, applications, and programs should be advised to ensure future vulnerabilities are prevented. Information technology vulnerabilities are therefore serious incidents that can incur national and international industrial sectors socioeconomic losses if they are not addressed and resolved.

13.0 References

Abraham, D. S., David, C., & Whitfield, D. (2013). Proceedings of a Workshop on Deterring Cyber Attacks: Informing Strategies and Developing Options for U.S. Policy. Cyber Security and International Agreements, Internet Corporation for Assigned Names and Number.

 Atul, M. T., Suraj, S. K., & Surbhi, R. C. (2013). Cyber Security: Challenges for Society- Literature Review. Journal of Computer Engineering, 12(2), 67-75.

Brooks, D. (2012). Corporate Security: Using Knowledge Construction to Define a Practicing Body of Knowledge. Asian Journal of Criminology.

Caldwell, T. (2013). Risky Business: Why Security Awareness is Crucial for Employees. Retrieved on 28th Aug from: 

Chandramouli, R. (2014). Deployment-Driven Security Configuration for Virtual Networks6th International Conference on Networks & Communications (NETCOM 2014). Chennai, India.

Cook, D., Waugh, B., Abdipanah, M., Hashemi, O., & Abdul, R. S. (2014). Twitter Deception and Influence: Issues of Identity, Slacktivism, and Puppetry. Journal of Information Warfare, 13(1), 58 – 71.

Creswell, J. (2009). Research Design: Quantitative and Qualitative Approaches (3nd Ed). California, CA: Thousand Oaks. .

Creswell, J. W. (2003). Research Design: Qualitative, Quantitative, and Mixed Method Approaches. London, UK: SAGE.

Federal Communications Commission (FCC). (2013). Privacy and Data Security: Cyber Planning Guide. Federal Communications Commission Report.

Foreman, P. (2010). Vulnerability Management. Taylor & Francis Group.

Kakareka, A. (2009). Computer and Information Security Handbook. Morgan Kaufmann Publications.

Khonji, M., Iraqi, Y., & Jones, A. (2012). Enhancing Phishing, E-Mail Classifiers: A Lexical URL Analysis Approach. International Journal for Information Security Research, 2(1/2), 236-245.

Kim, Z. (2011). Cyber War Issues Likely to be Addressed Only After a Catastrophe. Stars and Stripes Report. 

Konsbruck, R. L. (2013). Impacts of Information Technology on Society in the new Century. Switzerland, Route de Chavannes.

Madeleine, H., & Jonathan, W. (2012). The Moral Problem of Risk Impositions: A Survey of the Literature. European Journal of Philosophy, 20(1), E1-E142. 

Murmuria, J., Medsger, A. S., & Voas, J. M. (2012). Mobile Application and Device Power Usage Measurements, 6th IEEE International Conference on Software Security and Reliability (SERE’12). Gaithersburg, Maryland, United States.

Pagliery, J. (2015). Hackers Attacked the U.S Energy 79 Times this Year. Cable News Network  Money Report.

 Security and Privacy Symposium and Workshops (SPSW). (2015). IEEE Symposium on Security and Privacy. European Security and Privacy Symposium Report.

U.S Air Force (USAF). (2009).The Three Tenets of Cyber Security. U.S Air Force Software Protection Initiative.

Viveca, A. (2005). Information Technology Challenges for Long-term Preservation of Electronic Information. International Journal of Public Information Systems.

Walker, W. (2005). The Strengths and Weaknesses of Research Designs Involving Quantitative Measures. Journal of Research in Nursing, 10(5), 571–582.

Williams, C. (2007). Research Methods. Journal of Business & Economic Research, 5(3), 65-71.

Wilson, S. (2010). Research is Ceremony: Indigenous Research Methods. Nova Scotia, Canada: Fernwood Publishing Company Limited.