Securing an internet-based information system requires one to understand the kind of risk exposure such system is exposed to. This is because even though several security applications developed for internet security protection, the internet is still too vulnerable to malware attacks. As such managing information security for StoreItRite, Inc would need to consider several options Furnell, 2008).
As the company’s CIO I will develop and implement several security protocols to guarantee confidentiality in different types of client information and communication. This is to avoid sniffing or eavesdropping on client data by Man-In-The-Middle attacks. As such I will help StoreItRite, Inc to install basic security cryptographic protocols to thwart any MITM attack.
Such a protocol is the Interlock Protocol public key cryptography. This system will help StoreItRite, Inc and the client create private keys. The two communicants can only access information using the keys. The security of this system is guaranteed by using the use of key certificates, a system that digitally asks for authorization to send a message.
Coupled with this will be the other systems that do not allow for identification of users but again, cannot facilitate a MITM two-way communication. This is useful for real-time communication but unsafe for email-based communication. A system that pre-checks for user identity by sending user keys will be used for telephone communication. This allows for user identification before any information is passed (Krumm, Abowd, and Seneviratne 2007).
The integrity of client data will be guaranteed by the installation of intermediate systems that do not allow for tampering and editing of data once it has been recorded. One such system is the e-time stamping available for commercial purposes and costs as little as US $ 0.40 for every stamp.
A timestamp is a digital fingerprinting certificate that will help the company to identify if client data integrity has been violated by creating and sending a signal to a time-stamping authority (TSA) once data has been altered. Furthermore, the confidentiality of client data will be guaranteed as the TSA does not access the original data ( Dupuy, and Paradinas, 2001).
The company will need to facilitate daily back op of client information and possible data upgrade. As such there will be a need to create a secure network that guarantees that only authentic data is upgraded. This will include the use of a modified object-based database management system. This system only allows for the upgrade of complicated as well as highly complicated data and only presents summarized data upon request. As such no unauthorized editing is possible.
Furthermore, when information is entered into the existing database, it must be consistent with the entire database otherwise it will be rejected. This means that there has to be meaning-relatedness between the inputted data and the existing database. To avoid losing or eavesdropping on data when upgrading I will help StoreItRite, Inc to install a two-phase locking protocol.
This system creates a similar transaction account for use during the upgrade. This ensures that no damage or loss of original data should something go wrong during the upgrade. Data is only written into the system when the upgrade has been completed and authenticated (Harrington, 2000).
StoreItRite, Inc clients must be able to access their data upon request. As such I will enable its information system to support the oracle row-level security system that guarantees security for each of the data levels. This will be accompanied by inferences control that allocates random figures to different types of data to prevent inferential attacks ( Knox, Gaetjen, Jahangir, Muth, Sack, Wark and Wise, 2010). As such I would have ensured that this company meets its client’s need for secured data storage solutions.
Reference List
Dupuy, M., & Paradinas, P. (2001). Trusted information: the new decade challenge: IFIP TC11 16th InternationalMassachusetts : Kluwer Academic Publisher.
Furnell, S. (2008). Securing information and communications systems: principles. Norwood, MA: Artech House, Inc.
Harrington, J. (2000). Object-oriented database design clearly explained. San Diego, CA: Academic Press.
Knox, D., Gaetjen, S., Jahangir, H., Muth, T., Sack, R., Wark, R. and Wise, B. (2010). Applied oracle security: developing secure database and middleware environments. New York: McGraw-Hill.
Krumm, J., Abowd, G., & Seneviratne, A. (2007). UbiComp 2007: ubiquitous computing: 9th international conference. Berlin: Springer.