Security via Technology 1

Running Head: Security via Technology in a College Environment.

Module 5 – Session Long Project

Information Security Overview for Managers and Policy Makers

 Security via Technology 2

Introduction

Attaining security via technology has its pros and cons but the pros certainly out do the

cons. In this interconnected computing environment which includes various insecure networks

including the Internet one has no choice but to rely on technology for security. This paper

discusses how a community college apply technology to achieve information security and the

pros and cons of such application. It begins with an overview of the institution’s information

security infrastructure and exiting problems, followed by a discussion on the pros and cons of

how some security technologies are used and concludes with a discussion on some information

security technology considerations for the institution.

An Overview of the institution IT infrastructure and its Information Security Issue:

Success Training College is a small community college located in the Bahamas. The college has

three different campuses located on separate islands in the country. The college has

approximately 1000 students. In terms of information technology the institution has two

computer labs, one is used as a classroom for the computer courses and the other lab is made

available to the students during the days. There is also a wireless internet service made available

to the students and faculties which can be accessed while on campus. The main software that is

used by the institution is Campus Anywhere. Campus Anywhere is a software that allows campus

PCs and applications to be securely available to students, staff, and faculty from ‘anywhere’, at

anytime. Campus Anywhere provides 24/7 computer lab access to students from anywhere; it

allows faculty and staff to access it on their own desktop PCs from anywhere. As it relates to

technical staffing, the institution does not have a structured IT department of such. The main IT

person is the institution’s systems administrator who ensures the smooth running of the network
 Security via Technology 3

and oversees other systems tasks such as information security. There is also one lab technician

who monitors the activities in the computer labs. All other IT duties are carried out by outsiders.

As it relates to security technology the college uses mainly endpoint security technology

such as antivirus, anti-spyware, and firewall software. The entire network is password protected

which means to use any of the institution’s IT resources including the wireless Internet access

authentication is required. The main software used by the institution CampusAnywhere allows

students, faculty and administration staff to connect with strong client authentication

and strong data encryption (SSL up to 256-bit AES) via a Web browser. An intrusion detection

system is implemented to detect and stop certain external threats, along with an Incident

Response Policy for occasions where intrusions do occur. The application of such technologies

helps in safeguarding the institutions information technology resources, however there are a few

disadvantages that still exist.

Some Disadvantages of security via Technology at STC: One of the major

disadvantages of using technology to achieve security at STC is the fact that some users

disregard the institution’s security procedures. This is because they believe that since the

technology is in place to safeguard the institution they can ignore certain security rules. For

example, system users tend to think that since an antivirus program in installed it means they can

download and install just about any program from any web site.

Due to the application of the security technology the technical team is not a vigilant as

they should because they believe that the technology is in place taking care of the safeguarding

activates. This might be partially true, however the human element is needed to monitor the

technology and assess to reports in order to make better information security decisions.
 Security via Technology 4

Security is a trade-off (Scheiner, 2008). This is another disadvantage users has to trade-

off time and convince for security. Keying in a different password for every application can

become a very annoying task, not to mention if the system is programmed to go into hibernation

mode for security purposes.

Other security technology STC should consider applying: Although security via

technology may have a few disadvantages it is worth the trade-off. Therefore STC should

consider the implementation of more security technology.

One of the most effective means of secure information is cryptography—particularly

public key cryptography. Cryptography enables the storage and transmission of sensitive

information on insecure media or cross insecure networks (like the Internet) so that it cannot be

read by anyone except the intended recipient. A cryptographic algorithm, or cipher, which works

in combination with a key (a word, number, or phrase — to encrypt the plaintext), is a

mathematical function used in the encryption and decryption process (Network Association Inc,

1999). The technology is effective because it keeps the data secure whether or not the medium

on which the data is stored or transmitted is secured and the public key cryptography can be used

as a means of authentication. Encryption technology may be embedded into a few of the

applications used by STC, however, if the institution is to obtain good security cryptography

needs to be more prevalent in its security infrastructure.

Presently the institution does not use a secure e-mailing system. Students, faculty and

administrators communicate using e-mail providers such as Yahoo, Hotmail, Gmail etc. Wheat

the institution needs is a private email system in which public key cryptography can be

effectively implement and practice.

 Security via Technology 5

Finally, rather than communication sensitive information across the Internet, the

institution should consider implementing its own intranet service. This will enable the institution

to keep it communication within the circle of authentic individuals who have right to the

information.

Conclusion

Information security via technology is a necessity. It may have a few drawbacks such as

users disregarding their security procedures because they believe that technology should be

doing the safeguarding. The benefits of security via technology far out ways the drawbacks and it

is well worth the trade-offs. Therefore institutions such as STC with proper planning should

endeavor to implement the very best security technology to protect its information.

References

Scheiner, B. (2008). The psychology of security. Retrieved January 28, 2010 from

http://www.schneier.com/essay-155.html

Network Association Inc. (1999). How PGP works. Retrieved March 12, 2010 from

http://www.pgpi.org/doc/pgpintro/#p9