Information Technology

Information Technology

Introduction

According to Ford (1992), Information technology is the development, implementation, and maintenance of computer hardware and software systems to organize and communicate information electronically. In this paper, I will discuss what is information technology, current problems in IT, how to protect information in an IT environment, and the effectiveness of the protection.

What is information technology?

Information Technology (IT) is concerned with the use of technology in managing, especially in large organizations. In particular, IT deals with the use of electronic computers and computer software to convert, store, protect, process, transmit, and retrieve information (Hiles 2002). For that reason, computer professionals are often called IT specialists or Business Process Consultants, and the division of a company or university that deals with software technology is often called the IT department. Other names for the latter are information services (IS) (Hiles 2002).

Information technology has made great progress in business and in the education Sector. In the United Kingdom education system, Information Technology was formally integrated into the school curriculum when the National Curriculum was devised. It was quickly realized that the work covered was useful in all subjects (Forester 2005). With the arrival of the Internet and the broadband connections to all schools, the application of IT knowledge, skills and understanding in all subjects became a reality.

Current problems in Information Technology

Currently, there are many problems with Information Technology; some of the problems are viruses, hackers, data privacy, and other major organizational problems. One of the biggest problems is privacy. Privacy is defined as the right of an individual or business to determine when, how, and how much information about them should be disclosed to others (Grandinetti 1996).

According to Grandinetti (1996), the Internet and e-commerce have created potential threats to privacy, which are invisible to most users. Although many users believe that the Internet is anonymous, the reality is to the contrary. The Internet is shifting away from the assumptions of anonymity upon which it was originally designed (Grandinetti 1996). For example, a client's computer can be traced via the Internet Protocol (IP) address. The Web server also can place a "cookie" on a client's PC, which can be used to exchange information between the client's PC and the Web server. A "cookie" can keep track of user's online activities, such as Web pages visited, date and time of access, and duration of access (Grandinetti 1996). This information about a user's online activities can be sent back to the Web server.

In certain situations, such stealthy monitoring of a user's online activities can constitute violation of a user's privacy (Eltoweissy 2003).

Privacy problem revolves around what data or information that can be collected, and how it can be used. Since data flows across international boundaries, the use and collection of personal data may have different restrictions in different countries along the path of the data flow (Eltoweissy 2003). What an international company can collect and do in one country, may be illegal in another country. International companies that collect customers and employees' personally identifiable data, and transmit it across geographical boundaries, have to carefully tackle such legislative differences in privacy laws across countries of operation. The second biggest problem is hacking in the world of Information technology (Gibson 1999). A hacker is someone who creates and modifies computer software and computer hardware, including computer programming, administration, and security-related items. The term usually bears strong connotations, but may be either favorable or denigrating depending on cultural context.

In the networking sense and from an organizational point of view, a hacker respect refers to someone who exploits systems or gains unauthorized access by means of clever tactics and detailed knowledge, while taking advantage of any carelessness or ignorance on the part of system operators (Gibson 1999).

How to protect Information in an IT environment

According to Goel (2006), a security administrator, there are seven rules one must follow to protect information from going into the wrong hands. These rules will help in complicated and hostile environments, where data needs to be available for those who need it and to be denied to unauthorized access. Goel (2006) also responds by saying that, as both internal and external connectivity challenges become complex, security efforts become daunting to IT system administrators. Being aware of and pay attention to the key elements of IT security and if you pay attention, you will protect the information assets against majority of the security threats. The seven rules are as follows:

Rule No. 1: Protect the Perimeter

Perimeter protection is by far the best protection strategy for corporate assets. Firewalls have to allow certain kinds of traffic in and out of the network. This gives an attacker a chance to gain control of one of the hosts in the network, if it is vulnerable. A proper configuration can make penetration very difficult, even for skilled attackers. Policy errors and misconfiguration can some times make the firewall very accommodating.

Rule No: 2 Implement IDS

IDS (Intrusion Detection System) can identify malicious traffic patterns and drops such network packets and hence avoiding compromise of the network resources. A good implementation of IDS involving content monitoring techniques and protocol analysis should be capable of alerting the security professionals of any type of attack. Many of these IDS implementation are based on a set of threat profiles or signatures against which the traffic is compared. Suspicious network packets are handled as per the pre-defined policies.

Rule No. 3: Prepare against the Unknown

Conventional methods of IT security that discover attacks after they happen, is not good in this age of fast Internet access. It is inadequate to depend totally on the security community to prevent against unknown attacks, as there is a major lag between identification of a new threat and fixing it. Hence, it is a good practice to implement technologies for intrusion detection, alerting and prevention that work with minimum human intervention. This technology focuses

...