The position of organizational internet security in the current growth of computing is gaining the presence of many companies as the internet is expanding globe. Software companies are coming up with new security measures which can be implemented to counter the current needs of secure information and data transfer. Commoditized security measures have been around for long and therefore the need for enhanced internet security measures which offer high levels of security cannot be overlooked.
Internet security technologies that offer the competitive advantage to organizations are considered sometimes hard to implement. However critics emphasize that they are made to separate organizations from others in terms of accessibility, the major focus should be to retain secure information transfer. As new technologies emerge in the market, their adoption has been slow, but they offer an upper hand. Both physical and logical access remains vulnerable to hackers. This should prompt the need to redefine security technologies which will ensure secure operation and reduce the level of vulnerability to organizations data.
Organizations security is an area that is conceivably the most elementary and nevertheless the most critical of all the technologies and disciplines for the business or organizations sensation. An organization without concrete enterprise security processes and rules exposes it to considerable threats. This should, therefore, open up their minds that network security is an arms race and therefore attacks and prevention measures should be put in place that is not one sided. Evans (2003) stated that “while hackers try to exploit vulnerabilities, software companies and enterprise security specialists continue to close the gaps and find new solutions and approaches to secure enterprise operations and data” (p. 31).
The role of internet security in the current growth of computing has been gaining the presence of many stakeholders including organizations and learning institutions around the globe. While governments have made it possible to use the internet for commercial and personal purposes its record in the realm of privacy and security is not unblemished. Internet security can be enforced through various ways to ensure a considerable level of security in organizations.
Information security program for the organization should consist of various policies and procedures, security education, security management and a range of internet security mechanisms (Chen, 2005). The organization’s internet security policy document should be of great and critical importance to the organization’s internet security program. The internet security policy should be a sub-policy of the whole organization’s information security policy and therefore it should be determined during the requirements definition phase (Chen, 2005).
Organizations should consider many diverse factors identified as influential for internet security policy. Chen (2005) says that “human issues dominate internet security enforcement which includes freedom of internet use, privacy, trust, monitoring, surveillance, censorship, right to be kept informed, accountability, sanctions, ownership, and ethics” (17). This implies that human issues should take center stage during the process which all other factors were viewed while establishing various sub-policies of the internet security policy in the organization.
The term internet security should imply that the organization has taken all the necessary measures of security have been ensured or adopted. Vacca, on the other hand, says that internet security should be about the information security and integrity of both private and organizational end user’s systems, networks and other terminal devices accessing the internet through the publicly available service providers (2007).
Enforcing internet security should bring to our understanding that the organization has enforced the following types of internet security which include: system architecture level, virtual private networks, use of trusted links, and use of multiple firewalls, intrusion detection mechanisms, and encryption. Vacca says that the organization should use encryption as a primary means for providing confidentiality services for information sent over the internet (2007). Encryption should, therefore, be used to protect any electronic traffic such as mail messages or the contents of a file being downloaded (Vacca, 2007).
Another measure that should be taken by the organization in connecting to the internet is to involve a number of system architectural decisions that will impact overall system security of the organization (Vacca, 2007). System level architecture uses a virtual private network and trusted links so as to control access from unauthorized people. Trusted links in the organization are used to connect geographically separate networks.
The publication by Science and Technology Committee (2007) noted that internet security in an institution should not involve installation of the appropriate technology alone but also further sensitize the members of the organization on internet security. This should be in line with changing attitudes and behavior towards the internet through education and training. The organization should also ensure that security remains up to date (Science and Technology Committee, 2007).
Besides the above measures which imply that the institution has fully enforced internet security there should also be the use of strong passwords and antivirus softwares. Strong passwords ensure that after computers boot only authorized users can access the internet to avoid security breaches. They should thus be used to prevent an unauthorized person from hacking to the computers while still online. Well configured firewalls and strong password should be used to enforce accepted level of internet security.
The organization should use antivirus programs which prevent malicious malware or virus from interfering with data stored on these computers. The antivirus programs will protect other attacks from hackers who may want to gain access to data stored in computers in the organization. Cheswick, Bellovin, and Rubin say that there should be careful control of network access and the files obtained from foreign sources greatly reduces the risk of infection (2003). Antivirus programs prevent human propagated viruses where people forward messages to other individuals promoting them to give their login details.
On the other hand, Maiwald (2003) says that the implementation of internet security in the organization should include mechanisms such as firewalls and virtual private networks coupled with changes to network architectures within the institution. The organization should place an access control device between the internet and the organization’s internal network. This means that without such protection all internal systems will be exposed to unlimited attacks (Maiwald, 2003).
Internet security enforcement should ensure that the organization’s staffs will be well trained on matters concerning internet security. Maiwald continues to say that internet security enforcement should come with the implementation of security mechanisms and ensure that they observe responsibility for the security of the organization (2003. As part of enforcing internet security, the organization should actively raise security awareness as an important part of any good security program (Maiwald, 2003).
Some of the steps toward attaining internet security will include determining the key information that must be communicated to the employees of the organization (Maiwald, 2003). In this context, Maiwald says that employees should pay particular attention to password requirement, badges, use policies and anything else that directly affects your employees will work (2003).
Internet security enforced should imply that the institution has provided its employees with detailed knowledge about protecting organization’s information resources. Maiwald thus says that both the students and employees should be aware why the organization needs to protect its information resources (2003). This also indicates that the organization’s security department should have plans to conduct audits of policy compliance. Maiwald (2003) established that “such audits should focus on system configurations, backup policy compliance or on the protection of information in physical form” (198).
In order to enforce the required level of internet security, there should be a need for well resourced formal organizational internet security infrastructure, featuring an internet security management program (Chen, 2005). The institution should adopt a multifaceted approach to controlling the employee contribution to internet security concerns including the development for very secure internet connectivity to an institution. The institution should pay a close attention to the important human issues associated with internet security and usage (Chen, 2005). Besides this, the organization should make its employees accountable for their actions through appropriate policies, awareness activities, monitoring and sanctions (Chen, 2005).
Internet security should thus start with the use of appropriate security technologies. Organizations should look forward to truly secure critical business operations today and therefore companies need to adopt competitive security technologies. This means that security professionals should understand, implement, and operate effectively enhanced security technologies to ensure business continuity in these organizations. The level of vulnerability to organizations increases as the world advances in technology adoption. In this context, it is important to ascertain that the need for competitive security technologies is at hand in many organizations.
In conclusion, it is important to note that with the looming threat of internet security in the global environment, the challenge now should be to develop internet security solutions which will afford corporations the high level to protection needed to withstand prolonged and diverse attacks (Chen, 2005). Therefore only solutions based on strong comprehensive, holistic internet security management and policy should be implemented in organizations (Chen, 2005). These measures should ensure that the institution’s information and data are secure despite its internet connectivity. As new technologies continue to evolve in computing the level of threat also increases and therefore this means that the organization should stay updated on its internet security approach.
Connolly, K. (2003). Law of internet security and privacy 3rd ed. Los Angeles, CA: Aspen Publishers Online.
Chen, W. (2005). Statistical methods in computer security. Boca Raton, FL: CRC Press.Cheswick, W, Bellovin, S & Rubin, A (2003). Firewalls and Internet security: repelling the wily hacker. Upper Saddle River, NJ: Addison-Wesley.
Evans, N. D (2003). Business innovation and disruptive technology: harnessing the power of breakthrough technology– for competitive advantage Boston, MA: FT Press.
Great Britain: Parliament: House of Lords: Science and Technology Committee (2007). Personal internet security: 5th report of session 2006-07, Vol. 2: Evidence. Glen Burnie, MD: The Stationery Office.
Maiwald, E (2003). Network security: a beginner’s guide 2nd ed. New York, NY: McGraw-Hill Professional.Vacca, J (2007). Practical Internet security. Chicago, IL: Springer.