Information security

Catholic University Institute of Buea (CUIB) School of Information Technology. Junior Year In The Department of Cyber Security. November , 2017. Information Security and the Information Crises By Fon Ndikum Josue and Othniel Ambeli Abstract: In recent years with the boom in technology information has become a major part of our lives our information is very crucial to nearly all our activities. But too often people neglect to properly secure their vital personal information. This paper will expatiate on the various methods one can undertake to properly secure their personal information and to also touch on the best practices concerning information security. It will also touch on the challenges on information security. This paper will also touch as on the information crises touching the country. The paper determines that this is mostly a social problem and it stems from the fact that people are unaware that the information they disseminate on social platforms can have very real life serious consequences. It also comes from the fact that people are also not conscious of the fact that there various laws put in place that punish this action severely. It will also touch on the fact that this crises duded “Fake News Phenomenon” is a worldwide one and how the information crises experience in Cameroon is not peculiar only to Cameroon. The paper tries and identifies the reason such a situation and why it is such a problem today. The paper proposes some solutions but states there is no real solution to the problem. Keywords: Information security, confidentiality, integrity, availability, non-repudiation, CIA triad, fake news, social crises. INTRUDUCTION Information security is vastly becoming a major security concern in our daily lives. With the vast increase in the online activity information is vastly becoming more and more vital. The importance of proper information today cannot be overstated. It has the power to make and break not just companies but individuals as well. The gathering and proper handling of information has help organizations to grow and increase profits and stay ahead in very competitive markets. But it is not just an organization’s information that is vital. Personal information can prove to be extreme valuable depending on how it is handled. Yet too often while companies take extreme technology measures in securing their information their work is usually undone by its very own employees who don’t realize that securing their personal information could also be detrimental to the organization they work for. Today most people don’t take the necessary precaution needed to secure tier information. If a company has the toughest measures to secure its information, their work can be undone if their CEO has his personal email account hacked into and his emails are stolen. There are a hundred more scenarios like this one that demonstrate that proper information security needed by everyone. With social media being a major part of our lives most people get their information solely from these platforms. So what happens when there is the mass spreading and dissemination of false or incorrect information? We end up with information crises. This is often a very difficult situation because information crises usually arise whenever there is a new social crises or an escalation in an existing one. This often makes an already bad situation worse as false information spread to the public generate reactions which involves angry reactions and riots and further escalating the situation. It is hard to determine why people started such practices and what they hope to attain and one can only speculate but what we sure is that this phenomenon affects us in nearly aspects of our lives. LITERATURE REVIEW In a paper written by Dorothy E. Denning titled “INFORMATION WARFARE AND SECURITY” she writes: “In recent years, information warfare has captured the attention of government officials, information security specialists, and curious onlookers. The term is used to cover a broad spectrum of activity but especially a scenario wherein information terrorists, using not much more than a keyboard and mouse, hack into a computer and cause planes to crash, unprecedented power blackouts to occur, or food supplies to be poisoned. The terrorists might tamper with computers that support banking and finance, perhaps causing stock markets to crash or economies to collapse. None of these disasters has occurred, but the concern is that they, and others like them, could happen, given the ease with which teenagers have been able to romp through computers with impunity--even those operated by the U.S. Department of Defense.” There are many intersting discusion around informaation security such as in another paper written by R Anderson and T Moore writing for science.sciencemag.org states “he economics of information security has recently become a thriving and fast-moving discipline. As distributed systems are assembled from machines belonging to principals with divergent interests, we find that incentives are becoming as important as technical design in achieving dependability. The new field provides valuable insights not just into “security” topics (such as bugs, spam, phishing, and law enforcement strategy) but into more general areas such as the design of peer-to-peer systems, the optimal balance of effort by programmers and testers, why privacy gets eroded, and the politics of digital rights management.” Another important aspect of information security and on how most people neglect it. When we speak of securing personal information some people might start thinking of complicated technological applications or programs but it is just the really basic steps that can help someone to properly secure his or personal data. It is important that this aspect is demystified so that people can be curious to learn and get the best out of it. Fake news is a type of propaganda that consists of deliberate misinformation or hoaxes spread via traditional print and broadcast news media or online social media. Fake news is written and published with the intent to mislead in order to damage an agency, entity, or person, and/or gain financially or politically, often with sensationalist, exaggerated, or patently false headlines that grab attention . Intentionally misleading and deceptive fake news is different from obvious satire or parody which is intended to humor rather than mislead its audience. Fake news often employs eye-catching headlines or entirely fabricated news stories to increase readership, online sharing and Internet click revenue. In the latter case, it is similar to sensational online "clickbait" headlines and relies on advertising revenue generated from this activity, regardless of the veracity of the published stories. Fake news also undermines serious media coverage and makes it more difficult for journalists to cover significant news stories. Mr. Andrew Klavan from Prager University describes fake news as reporting which is biased and skewed towards the political views of who so ever is reporting. In this light he views any such reporting , whether the facts are correct or not as fake news. In our opinion Mr. Andrew has a point because of the situation which is currently going on in Cameroon. Why does fake news so well? This has mainly to do with the users of these social platforms. From our personal observation, most of these fake news stories are engineered to trigger negative emotion which is sure to generate the wanted reaction from the reader who is to immediately share it. These types of stories are also spread around by those who simply do not realize that these stories could have massive consequences and simply think of it as fun or a funny joke. Nowhere is this more apparent than in Cameroon. Also another common feature in Cameron are stories which are aimed to draw sympathy of a course by dramatically exaggerating stories of injustice so as to get the reader so stirred up he or she to share it How can we fight back against the fake news infecting our information feeds and political systems? New research suggests that education and filtering technology might not be enough: The very nature of social media networks could be making us peculiarly vulnerable. OVERVIEW OF INFORMATION SECURITY Information security is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. It chief area of concern is to insure confidentiality, integrity and availability which is also known as the CIA triad. CONFIDENTIALITY In information security, confidentiality is making sure that only the authorized people have access to private data. This is insured through various ways one of them being authentication. Authentication ensures that the only the authorized people are allowed to access certain areas with accordance to the company policy. Another way to ensure confidentiality is with the use of encryption. Messages transmitted over a communication channel can be encrypted so as to ensure that if the message is intercepted it will be hard to interpirt INTEGRITY In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire life-cycle. This means that data cannot be modified in an unauthorized or undetected manner. AVAILABILITY For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks, such as a flood of incoming messages to the target system essentially forcing it to shut down. NON REPUDIATION Another aspect of information security is non-repudiation. In law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction. While this concept is wildly used in technology with various tools such as encryption tools that assist nonrepudiation efforts, the concept is at its core a legal concept transcending the realm of technology. While there is a lot more involved in information security, these are the key concepts which are built upon so as to ensure information security. As it is often said users are the weakest link in any security system and so it is important that as an organization diligently secures its system its employees should be taken into account. Negligence or user apathy to company policies can be detrimental to an organization’s system as all the good work done by a company can be undone if its CEO’s personal email is hacked and sensitive information is recovered or if an employee working on a top secret project gets his lap top stolen which contained juicy details. This bring me to our next segment “Personal information security” SECURING YOUR PERSONAL INFORMATION Personal information security is the practice of taking responsible steps to protect personal information (including sensitive information) from misuse, interference and loss, as well as unauthorized access, modification or disclosure. Protecting your personal information can help reduce your risk of identity theft. There are various thinks one can do to Be Alert to Impersonators Make sure you know who is getting your personal or financial information. Don’t give out personal information on the phone, through the mail or over the Internet unless you’ve initiated the contact or know who you’re dealing with. If a company that claims to have an account with you sends email asking for personal information, don’t click on links in the email. Instead, type the company name into your web browser, go to their site, and contact them through customer service. Or, call the customer service number listed on your account statement. Ask whether the company really sent a request. Safely Dispose of Personal Information Before you dispose of a computer, get rid of all the personal information it stores. Use a wipe utility program to overwrite the entire hard drive. Before you dispose of a mobile device, check your owner’s manual, the service provider’s website, or the device manufacturer’s website for information on how to delete information permanently, and how to save or transfer information to a new device. Remove the memory or subscriber identity module (SIM) card from a mobile device. Remove the phone book, lists of calls made and received, voicemails, messages sent and received, organizer folders, web search history, and photos. Encrypt Your Data Keep your browser secure. To guard your online transactions, use encryption software that scrambles information you send over the internet. A “lock” icon on the status bar of your internet browser means your information will be safe when it’s transmitted. Look for the lock before you send personal or financial information online. Keep Passwords Private Use strong passwords with your laptop, credit, bank, and other accounts. Be creative: think of a special phrase and use the first letter of each word as your password. Substitute numbers for some words or letters. For example, “I want to see the Pacific Ocean” could become 1W2CtPo. Don’t Overshare on Social Networking Sites If you post too much information about yourself, an identity thief can find information about your life, use it to answer ‘challenge’ questions on your accounts, and get access to your money and personal information. Consider limiting access to your networking page to a small group of people. Never post your full name, Social Security number, address, phone number, or account numbers in publicly accessible sites. Use Security Software Install anti-virus software, anti-spyware software, and a firewall. Set your preference to update these protections often. Protect against intrusions and infections that can compromise your computer files or passwords by installing security patches for your operating system and other software programs. Avoid Phishing Emails Don’t open files, click on links, or download programs sent by strangers. Opening a file from someone you don’t know could expose your system to a computer virus or spyware that captures your passwords or other information you type. The information crises with relation to Cameroon Today the real crisis is being fought on Facebook and not in the real world. This is a sentiment often echoed by people with relation to the crises rocking Cameroon today. Indeed for a someone looking in, with Facebook being his or only window the situation has escalated to full blown genocide if one is to believe the reports. From popular belief among many even among some Cameroonians the Anglophone region of Cameroon have become war zones where people have lost joy of life and cower indoors in fear. This grim representation of the situation is far from being correct but is far from being entirely false either. Thus is the information crises faced by the people of Cameroon. This is caused by a wide number of factors. So what exactly is the problem? Well the answer to that contains various aspects. As stated earlier this is very similar to the fake news phenomenon gripping the world today but the situation is a lot more severie here. While the real consequences of fake news is debated the impact of this crises here in Cameroon is undeniable. So the problem is since November 2016, the country has been in a serious crises with various people voicing their crievances. In order to gain more support they took to various social media to voice what they felt were legitimate grivances. But as they did that something sinister was brewing in the background. People started expressing their hate and anger on these sites which let to them exaggerating the facts of their stories to gain more sympathisers. And the strategy worked! People paid more attention and continue to express support and help the stories spreed like wide fire this ensure that even more exaggerated stories where spreed apart Impact of these alternative facts These stories which spread where being widely considered as truth and served to nurture more hatred among the people. This was such that whenever the government tried to manage the situation, a story, picture or video that greatly damaged the government’s image will be spread around and turns public opinion away from them. This as you can imagine greatly frustrated any government endeavors to manage the situation. A prime example of this was in December 2016 when negotiations where going on between the government and the consortium (those striking). While the negotiations where going on, a story spread on Whatsapp and Facebook saying the members of the consortium where held hostage in the building until they signed an agreement. Within hours the building was surrounded by an angry mob ready to burn down the building. A representative of the consortium had to go and meet the public to debunk the story as false. And there are many stories such as these where completely false stories have escalated already precarious situations. But the biggest consequence of all was when the government started implementing punitive measures because they could not just handle the narratives that were spread around. These measures include cutting of internet access entirely in these region for almost half a year to restricting access to social media when the internet was restored. Parallels between Fake news and alternative facts So there are numerous parallels between what the western world is facing and what we are facing here in Cameroon. The first being their topic revoule around serious contended social issues and often happens when a new social issue comes up or there is an escalation in an existing one but that is where their similarities end. As earlier stated alternative fact has had major impact on the social crises, one can say it is the driving force of the entire situation and while the stories are bloated with incorrect facts, they are not always inherently false. Whereas the impact of fake news is highly debated. Some say fake news had a hand in President Trump’s rise to power but there is no clear evidence to sustain that claim. So researchers in the US say that these stories are read by a fraction of the population for if 10 million people read a story it only represents 1/10 of the entire population which is around 100 million. In the case of alternative facts though, they reach a wide variety of people and stirs up a lot of emotion How to spot fake news or alternatives facts Consider the source Read beyond Check the author Supporting sources Check the date Is it a joke? Check your biases Ask the experts RECOMMENDATIONS Person information security should be the concern of every individual in our modern day society. Neglecting this aspect of information security can leave you more vulnerable to identity theft. With regards to the information crises (or alternative facts), well it starts and ends with the users Users should be aware that their actions online has consequences in their lives They should know they can face defamation law suits for false stuff they post online. But the situation as a whole cannot fully disappear until the social crises that generated it is taken care of. Conclusion Information and information technology is becoming more ambiguous, mobile, vulnerable and grounded in the physical world. Security technologies are advancing, but so too are the tools for hacking which has made information security to always be a weakness and thus loosing it integrity.