IT based risks are the most common threat to data security today. With advancements being witnessed in technology, the techniques for infiltrating IT systems is also re-evaluated for arriving at the most appropriate prognosis. Gone are the days when a simple firewall and some data security filters provided enough security to ensure the safety of the systems. With the entire world becoming dependent on information systems and IT support, the need for securing data on the systems has gained paramount importance as every geek with a portable computer system and net access can hack into information systems. In order to manage these risks and eliminate them, a range of IT security solutions are implemented, often being done so on a multi-tier basis.
Image source ancarb.co.uk
The first category of IT security solution is technical or logical control which includes devices, protocols as well as processes that work in coordination with other procedures to ensure data safety in the desired system(s). These logical controls are used to monitor suspicious activity occurring within the system and also ensure data encryption that may be single or multiple layered depending on the security requirement. The logical controls are beneficial in terms of managing the internal environment of the system along with its interaction with the outer environment. However the disadvantage of using logic based controls is that the logic used behind the implemented measures can be hacked by using counter logic. Though this is not possible to be done by every person but there is risk of infiltration to a certain extent.
Preventive controls can also be used to provide IT security solutions to the target systems which prevent harmful activities from reaching the main systems. But these can be bypassed using appropriate methods following which the data is exposed to a significant degree. Detective controls are used to identify malicious activities being done for acquiring unauthorized data. While these may be beneficial in the detection process, the required remedial actions often need manual inputs or pre-programmed instructions, both of which are executed with delay. By the time the execution of remedial actions is done, data may have been compromised to external efforts.
Recovery is the most important IT security solution as data loss is a common occurrence in information systems which may arise due to system crashes or due to manual mistakes. Either situation is resolved with the use of recovery options that accesses an independent storage medium for retrieving the copy of the original data stored. However this option has been misused often for tricking the system into believing the data recovery being requested is genuine whereas the deception has been carefully crafted by hackers to gain passwords or other access credentials.