Information Techno...

Information Technology Security Handbook

infoDev, Global Internet Policy Initiative (GIPI) joint publication
The Information Technology Security Handbook is a practical guide to understanding and implementing IT security in home, business and government environments. It has been written primarily for readers in developing countries, although the Handbook provides best practices valid in any situation.

In addition to summarizing current physical and electronic threats to IT security, the Handbook also explores management practices, regulatory environments, and patterns of cooperation that exist among businesses, governments, professional associations, and international agencies today.

The Handbook begins with an overview of the growth of the Information Communication Technology (ICT) sector, as we know it today. This growth includes individual users of ICTs, as reflected in the rise in the number of home networks and growth in the small and medium sized enterprise sector which relies on computing resources in support of non-technical business endeavors, (restaurants or retail shops, for example) and in businesses that are tightly linked to technology development and deployment around the world (small software firms or technology outsourcing service providers, for example).

While the expansion of the market for technology products and services has been dramatic at the individual and the organizational level, knowledge of IT security issues has lagged behind. Individual users may not be aware of the risks involved with surfing the Internet on their home computer. If they do recognize the dangers of unprotected networking, they may still postpone learning about firewalls, virus scanners, encryption, and regular maintenance due to the perceived financial costs, time investment, or disruption of their current computing behavior. Small and medium sized organizations may also delay securing their systems for these reasons; in addition, they may deploy a technical solution, such as a firewall, but may not take a layered approach to security, without which their defense perimeter will still be weak. SMEs may neglect to put clear security policies and procedures in place for managers and employees to follow. If communications, awareness, and training are lacking throughout the organization, the technological defenses could be compromised quite easily through negligence before actively malicious behavior was even a factor.

New and inexperienced users are not the only cause of IT security breaches at the present time. The ICT environment is also changing rapidly with the introduction of new products, especially mobile devices (laptops, cellular phones, and Personal Digital Assistants, for example) that present different challenges to infrastructure and data security. Emerging computing applications including e-finance and e-commerce also create complexity in the networked environment. From ATM machines to online banking, these capabilities offer convenience and cost savings, but they also introduce new opportunities for theft and fraud. To make matters worse, would-be attackers are now able to develop blended threats: combinations of viruses, worms, and Trojans that may cause greater damage to systems and data than the individual forms of such “malware” can cause alone. Since all of these developments affect users of technology worldwide, the best solutions will come through international cooperation.

Please login to post comments.
More resources