DATA SECURITY AND OPTIMIZATION OF INFORMATION SYSTEMS
Raja Sekhar Pedada, [email protected]
BIS 625 Research in Information Systems
College of Business Administration, Department of Business Information Systems
Central Michigan University
Mount Pleasant, Michigan 48858
Data Survivability; Data Security; Protection; Redundancy; Attack; Optimization; Information Security Management; Security Investment Decisions; Simulation; System Dynamics
Information systems security remains high on the list of key issues facing information systems executives (Loch, Carr, & Warkentin, 1992). For any successful business or government operations it’s mandatory to have safe and secure information storage. There are several conflicts concern are availability, safe storage and confidentiality. Accounting is an example of a discipline where information is represented in certain formats and on chosen media, for subsequent release according to regulations (Gordon, Loeb, & Lucyshyn, 2003). Let us consider any defender protecting our information. The selected defender can store this information in a secure location, which we refer as storage in one specific resource. There are two issues which a defender should suffer from are information destruction and threat while attacker is trying to access or destroy. In order to prevent such theft, the defender can separate the information into multiple blocks and store under multiple resources. As a part of optimization the thief must access all the individual blocks to access the whole information. The major drawback in such cases is vulnerability destruction of single block can result in unstable information. If the defender creates multiples copies and store in multiple resources he may suffer from theft. Whereas in multiple resource locations we need to consider the theft as drawback. As a final conclusion we need much focus on the theft and destruction as two objectives in data security. One objective of this research study is to analyze how the defender handles such different objectives (Levitin, Hausken, Taboada, & Coit, 2012).
In subject to information security the most important factor which need to be considered is confidential information leaking, a major threat to many organizations and government agencies. Some of the examples that work on leaking of most confidential information are activities of WikiLeaks, which attacks most of the ‘unstable’ systems or ‘conspiracies’. Gradually most of these threats to to information security rely on the discussion of advantages and drawbacks of such ‘unstable’ and ‘stable’ entities. Such metaphors are always treaded as an added advantage for participants (Hamacher, 2012). Information security has never been treated as a high priority issue for many of the top managers(Straub, 1990). As we all knew that most managers limit the functionality to light protection or no protection resulting in unwilling risk or severe losses of information (Straub, 1990). Hence the above study of investment in Information Systems security always resulting in more effected way of computer abuse. A survey has been conducted and data gathered as a part of it with 1,211 randomly selected organizations indicating that security countermeasures which include preventive security software and deterrent administrative procedures result in significantly lower computer abuse. An overall knowledge about these relationships is useful in making key decisions about the security (Straub, 1990).
Data Security of Information System is a series of management activities with the aim of protecting and securing information assets within the framework of the organization in which information system is running. Evaluation of information assets from one organization to another may be different, considering the geographic and business areas. Thus, organizations that are located in developed countries and has a good organizational development may pay more attention to protecting their information assets than to their counterparts in developing countries. It is a set of managerial activities that aims to protect information assets and secure framework within the organization in which information systems are working. Therefore, one of its main goals is minimizing the risks that an information asset encounters ("Information security management (3): the Code of Practice for Information Security Management (BS 7799)," 1998). We develop an individual-based, spatially explicit evolutionary model of organismal movement and social interactions and use this to investigate migratory strategies under a wide range of densities and cost-benefit structures that represent diverse ecological scenarios (Guttal & Couzin, 2010). Both government and private entities rely heavily on computer networks for functions related to defense, routine economic activity, and operation of critical infrastructure such as the electrical grid and the water supply. At the same time, attacks on and exploitations of both commercial and government networks are increasing in number and sophistication (Broggi, 2014).
Scaling from enterprise range, mid-market level, small or online based successful companies of today are having a firm presence in online. As per reality, by conducting business online, research says companies can suffer from data security breach. Fortunately there governs some predefined global rules about securing information systems online. The most important mistakes companies do make with the data security are as follows:
1. Miss-calculation about the view of data security as just an Information Technology problem rather than Business Problem
2. Under estimation of understanding the significance of inside threats.
3. Failure in using the ongoing intelligence strategy to sharpen the strategy of data security and optimization.
4. Failure in handling the persistently patch vulnerabilities.
5. Relaying on the third party software technologies, such as firewalls, to prevent security breach rather than building one.
6. Failures in adapting to a responsive plan prior to security breaches.
7. In adequate training to employees on cyber security practices on how manage passwords and avoid activities like phishing and key logger scams.
8. Eighty percent of security breaches and threats are preventable. Comparatively the cost incurred on implementing the technologies and process are less significant than costs of breach.
9. Failure to use custom filters for immediate disabling of access to sites from attacking IP range of addresses. These filters also helps to prevent SQL injection and other cyber attacking’s.
To face the transparency challenges, modern administrations implementing security strategies that radically transforms the role of specialized services, become part of a national effort involving both government and civil institutions, going up to the individual responsibility of the citizen (Tanase & Savu, 2014).
Data Security and Optimization of Information Systems:
Globalization, along with the development of information technology/ information systems, (IT/IS) has had tremendous influence in the way organizations function. These developments influence the strategies, tactics and operational decisions of organizations (Gunasekaran, Ngai, & McGaughey, 2006). The frequent exposure of Information system to various threats resulting in financial crisis. This information damage can result from small losses to entire system destruction or damage (Jouini, Rabai, & Aissa, 2014). In recent years, the interest in quantitative models for information security investment decisions has increased significantly. This trend is driven by the fact that information security is becoming more important each day and, at the same time, the complexity of IT systems continuously increases. The threat towards international security that terrorists, failed or failing states, and rogue regimes pose when in possession of weapons of mass destruction (WMD) is a very significant one. Having accurate and timely intelligence is a must in today's security environment, especially when estimating WMD capabilities (Desouza & Lau, 2008). In an effort to better understand attacks and defenses, we extended our descriptive sets to include a set of factors that cause harm (corruption, denial of services, or information leakage) to information systems. They are listed has ‘Threats’, ‘Hackers’ and ‘Cyber-gang’ (Cohen et al., 1998).
Questions like, “How much security is necessary?”, “How much should be spent?”, and “How can security be improved?” are becoming more relevant these days (Carpenter & Wiencek, 2005). There are several research streams which basically try to solve the security investment problem from different angles. This problem can be broken down into two distinct sub problems where each sub problem is focused on one key issue: (1) what is the optimal amount to invest in security; and (2) what security safeguards should be selected to invest in?
The first question is probably the most-discussed one and there exists a considerable amount of related literature. It is often addressed by traditional risk analysis methods to determine loss expectancies and a return on investment (Sonnenreich, Albanese, & Stout, 2006). As a reason, risk analysis approaches usually treat prevented losses as a profit: profit = loss reduction × probability of incident. The second question which safeguards should be selected for implementation within a budget that was determined previously? Most approaches to address this question apply management tools and financial analysis based on measures like annual loss expectancy, return on investment, internal rate of return, net present value, etc. (Bojanc & Jerman-Blažič, 2012; Sonnenreich et al., 2006; Tsiakis, 2010).No existing model support the establishment of an effective IT security strategy which incorporates large amount of data of an existing knowledge base and is still practically applicable in terms of information requirements and computational time (Schilling & Werners, 2016).
Let us consider a defender which seeks to store information securely. An attacker may steal or destroy the information which are two conflicting concerns. In order to prevent the theft the defender must separate the information into individual multiple blocks stored them on different resources. And to prevent destruction of information the defender can create multiple copies of each block stored under several resources. Hence to prevent the major objectives of information such as destruction, the defender prefers in increasing the number of similar copies of each individual block, despite of any number of individual blocks in series. Also to prevent information theft, the defender has to increase the number of separated individual blocks, without considering the number of copies in series.
Fig. 1. Block diagram corresponding to information destruction.
Fig. 2. Block diagram corresponding to information theft.
Two multiple objective optimization models are developed. These minimize the probabilities of information destruction and data theft, and minimize cost. There are K resources of unlimited supply allowing placement of all copies of all blocks on any resource. Using a multiple objective evolutionary algorithm, we determine how to distribute an optimal number of block (Levitin et al., 2012). In practical terms, this means identifying mission-critical information assets, conducting threat assessments, implementing information systems security procedures and developing strategic intelligence and counter-intelligence capability (Cronin, 2000).
Research Questions and Objectives:
1. What are the present and ongoing features of Information Systems Security?
2. How Data Security influences today’s Information Security globally?
3. How Information Systems overcomes the security threats and optimization issues?
1. The main objective of my research is to provide a relationship connection between Information Systems and Data Security.
2. Understanding the ongoing scope of a Secured optimization in Information Systems.
Research design: The main moto of my research topic will include the literature review, Case studies. “Documenting the literature review methodology is one of the very important task in any review” (Jan vom & Theresa, 2011). As a part of design I will also conduct surveys, interviews and analysis of analysis of information system tools. In the preliminary step we study the comparison level between the process involved in the information system with and without the role of Data security optimization. As a part of case study I will be working of present security system in information systems and upcoming latest features in data security and optimization. Individual interviews will be conducted and final analysis will be carried using all the information from primary and secondary sources.
Participants: As the research involves data security and optimization of information systems. As a part of my research case study I would like to go with the university security measures conducted in our University. The optimization importance in information systems how our university deals with security attacks will be covered as part of interviews. Hence it will be easier to get concerned information by meeting specific people for conducting surveys and questionnaires for my research.
Techniques: The technique involved in this process is all how can we make our data security system more robust and optimized from the entry level to end user point. Utilizing the available resources and information I would like to draw a big picture regarding the attacker and defending mechanism in information system security.
The research which I am focused is completely based on the Data Security and optimization of information. Since my case study is based on the University Information Security System, how the attacker will be tackled and defender mechanism followed. I also deal with evaluation of approaches and models for modeling threats, failures, impacts, and recovery analysis of information systems (Kondakci, 2015). The major task will be meeting the security and department heads, getting permissions for access, scheduling for face-to-face interviews and preparing questionnaire about information i.e. Security measures and optimization levels following in information Systems of University.
Bojanc, R., & Jerman-Blažič, B. (2012). Quantitative Model for Economic Analyses of information Security investment in an Enterprise information System. Organizacija, 45(6), 276-288.
Broggi, J. J. (2014). BUILDING ON EXECUTIVE ORDER 13,636 TO ENCOURAGE INFORMATION SHARING FOR CYBERSECURITY PURPOSES. Harvard Journal of Law and Public Policy, 37(2), 653-676. Retrieved from http://cmich.idm.oclc.org/login?url=http://search.proquest.com/docview/1530087347?accountid=10181
Carpenter, W. M., & Wiencek, D. G. (2005). Asian Security Handbook. Armonk, US: M.E. Sharpe, Inc.
Cohen, F., Phillips, C., Painton Swiler, L., Gaylor, T., Leary, P., Rupley, F., & Isler, R. (1998). A cause and effect model of attacks on information systems: Some Analysis Based on That Model, and The Application of that Model for CyberWarfare in CID. Computers & security, 17(3), 211-221. doi:http://dx.doi.org/10.1016/S0167-4048(98)80312-X
Cronin, B. (2000). Strategic intelligence and networked business. Journal of Information Science, 26(3), 133-138. doi:10.1177/016555150002600302
Desouza, K. C., & Lau, K. A. (2008). Managing the Proliferation of Weapons of Mass Destruction: An Information Management Perspective. International Journal of Public Administration, 31(13), 1457-1512. doi:10.1080/01900690802189446
Gordon, L. A., Loeb, M. P., & Lucyshyn, W. (2003). Sharing information on computer systems security: An economic analysis. Journal of Accounting and Public Policy, 22(6), 461-485. doi:http://dx.doi.org/10.1016/j.jaccpubpol.2003.09.001
Gunasekaran, A., Ngai, E. W. T., & McGaughey, R. E. (2006). Information technology and systems justification: A review for research and applications. European Journal of Operational Research, 173(3), 957-983. doi:http://dx.doi.org/10.1016/j.ejor.2005.06.002
Guttal, V., & Couzin, I. D. (2010). Social interactions, information use, and the evolution of collective migration. Proceedings of the National Academy of Sciences of the United States of America, 107(37), 16172-16177. doi:10.1073/pnas.1006874107
Hamacher, K. (2012). Resilience to Leaking — Dynamic Systems Modeling of Information Security. PLoS ONE, 7(12), e49804. doi:10.1371/journal.pone.0049804
Information security management (3): the Code of Practice for Information Security Management (BS 7799). (1998). Information Management & Computer Security, 6(5), 224-225. doi:doi:10.1108/09685229810240158
Jan vom, B., & Theresa, S. (2011). Culture in business process management: a literature review. Business Process Management Journal, 17(2), 357-378. doi:10.1108/14637151111122383
Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of Security Threats in Information Systems. Procedia Computer Science, 32, 489-496. doi:http://dx.doi.org/10.1016/j.procs.2014.05.452
Kondakci, S. (2015). Analysis of information security reliability: A tutorial. Reliability Engineering & System Safety, 133, 275-299. doi:http://dx.doi.org/10.1016/j.ress.2014.09.021
Levitin, G., Hausken, K., Taboada, H. A., & Coit, D. W. (2012). Data survivability vs. security in information systems. Reliability Engineering & System Safety, 100, 19-27. doi:http://dx.doi.org/10.1016/j.ress.2011.12.015
Loch, K. D., Carr, H. H., & Warkentin, M. E. (1992). Threats to Information Systems: Today's Reality, Yesterday's Understanding. MIS Quarterly, 16(2), 173-186. doi:10.2307/249574
Schilling, A., & Werners, B. (2016). Optimal selection of IT security safeguards from an existing knowledge base. European Journal of Operational Research, 248(1), 318-327. doi:http://dx.doi.org/10.1016/j.ejor.2015.06.048
Sonnenreich, W., Albanese, J., & Stout, B. (2006). Return on security investment (ROSI)-a practical quantitative model. Journal of Research and practice in Information Technology, 38(1), 45-56.
Straub, D. W. (1990). Effective IS Security: An Empirical Study. Information Systems Research, 1(3), 255-276. Retrieved from http://www.jstor.org/stable/23010948
Tanase, T., & Savu, A. (2014). VIEWS ON INTELLIGENCE AND THE SIZE INFORMATION (SYSTEM/SUBSYSTEM) NATIONAL SECURITY. Knowledge Horizons. Economics, 6(4), 51-53. Retrieved from http://cmich.idm.oclc.org/login?url=http://search.proquest.com/docview/1669896027?accountid=10181
Tsiakis, T. (2010). Information security expenditures: a techno-economic analysis. Int. Journal of Computer Science and Network Security, 10(4), 7-11.
...(download the rest of the essay above)