Information security is rapidly increasing in relevance and importance to 21st century Sri Lanka. The widespread growth of Information Technology has been the major deciding factor of this. Although we must realize that even though the relevance of information security is majorly increasing because of the advance in technology, we must not assume that the concept of information security is a new one or merely a current trend.
Information security was a theme that widely affected people from early days who were involved with securing any information at all, be it secret messages. It is just that the security systems used then have evolved greatly to match up to the current technological advances and is used extensively as more threats arise with newer business opportunities. Defining Information security in simple terms would be ‘the protection of data against unauthorized access’ as in the PCmag website.
If we look into a thorough definition, Wikipedia identifies information security as ‘protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction’. As mentioned before information security is a concept that continued from those days. Heads of state and military commanders all over the world, even here in Sri Lanka, persons needing secure communications used wax seals and other various sealing devices and even secret words which only internal members would know to completely protect all confidentiality of their messages.
But nowadays in Sri Lanka, due to information technology’s major impact in businesses many alternatives are looked upon in order to protect data and information. We all know information assets are critical to any business and paramount to the survival of any organization in today’s globalised digital economy as almost all would say. If not information leaks could be critical to the growth and existence of many of these organisations. Therefore protecting information against various threats is imperative as there are many businesses that cannot do without solid information security mechanisms.
When considering any business, it has an internal and external environment which consists of entities that are vital for its function. For example, companies have to connect and communicate with their own employees, customers, suppliers and even business partners too. Here, the method of connecting with such people is mainly the internet. Because of the growing availability of internet and more connections between various parties been made, with them many threats arise. Hackers’ attacks, virus attacks, spyware, web worms, adware, eavesdropping, unauthorized access and internal/external security threats.
These all eventually look for all possible leaks in various systems to steal intellectual property and corporate assets in order to manipulate them for their own personal benefit. Sometimes such criminals even directly break into such systems in certain businesses and cause problems to customers and even information exchange between the employees. In the ‘Managed security monitoring: Network security for the 21st century’ report by Bruce Schneier mentions that ‘computer security is a fundamental enabling technology of the internet; it’s what transforms the internet from an academic curiosity into a serious business tool’.
He goes on to say that ‘The limits of security are the limits of the internet. And no business or person is without these security needs’. So when making this text relevant to the information security of 21st century Sri Lanka, I must say that the level of information security requirement is no less than anywhere around the world as there are many businesses that run with highly critical systems. For instance the banking industry here owns a massive amount of customer confidential data.
Therefore protecting such information to the highest possible level is a huge responsibility of each organization. Even so, However developed the banking industry has become here in Sri Lanka, we have not yet risen to the level of biometric technology which analyses unique features of people in order to be assured of their identity. One popular biometric technology is Fingerprint recognition. Americas’ Citibank has been using biometrics for employee access to computer server rooms and are researching in implementing it for their customer base as well.
According to a report to be released this month by Gartner Inc. in Stamford, Conn. , one in 12 online consumers surveyed said they had been victims of identity theft or of someone else using their personal information to steal money or buy products. Meanwhile, 1. 13% of all online transactions are lost to fraud, representing billions of dollars each year and overall nearly 500,000 cases of identity theft in the U. S each year, consumers are gradually getting comfortable with this concept s it will guarantee them of their privacy and identity. Lucas Meridien believes that there are uses for biometrics in banking because the technology can offer “security to customers at their ATMs, within branches to authorize transactions and for online banking. ” The technology can also be used inside a company as a means to secure vaults and monitor access to doors and computer systems. So it is obvious that biometrics is slowly but steadily introducing itself to the business world.
Hopefully this technology will soon enter the business domain in Sri Lanka too as we are heavily interacting with the outside business world and as a result has a higher threat to information security. Other than this biometric technology concept there are various other mechanisms to safeguard the confidentiality, availability and integrity of information within a business such as digital certificates, passwords, firewalls, SSL, encryption etc.