Role Of People In Operational Security And Physical Security In A Data Centre

Identification of Ways on Compromising with IT and Communications

1.1: Identification of Ways on Compromising with IT and Communications

The different ways in which people could be able to intentionally or unintentionally compromise with the assets of communications and information technology are:

1. Insider Malicious Attacks– The people within an organization could sometimes cause a major form of breach within the internal systems. They might steal the vital data within the organization. These employees could cause malicious insider attacks that would result in the exposure of driver license numbers, social security numbers of customers and their other forms of personal details. The various forms of data breaches could threaten the reputation of the company and brand image (Zhou and Liu 2014). They also pose a risk that some hackers would be able to retain the data stored within the premises of the organizations and thus would charge a ransom amount in order to release the vital information.
2. Hack of Passwords– There are some employees within an organization who would cause a trigger of virus within the computing systems within the organization. They might be able to install a virus injection within the systems, which would spread throughout the processes of the entire system. The virus would then be able to infect the entire system and thus would be able to steal the vital data of the business processes. The systems who do not have a proper form of antivirus system would get hacked automatically. There should be proper level of encryption standards based on which the computer systems should function. These attacker mostly target the computers who do not have a strong sense of passwords. These employees could gain access to the vital assets of the company and then could charge a ransom amount in order to release the data of the organization (Kato and Klyuev 2013). This might be a major threat to the assets within the organization and thus cause huge level of damages to the internal processes of the organization.

1.2: Security Awareness and Training 

There are various kinds of security related threats within an organization. In the recent times, newer form of threats to the security protocols are being affected. Companies are thus investing newer form of measures within the use of data and security systems of the organization (Cheng et al. 2013). In order to ensure a higher level of safety for the assets of the organization, organizations should train their employees in order to deal with the various security issues and thus provide a wide range of solutions that could be taken and thus be applied within the system procedures.

The right form of training in the particular form and direction to the employees would enable to become an important assets for the organization. A high form of security awareness program would be able to enable the organization with the correct form of security bearing as they would offer the employees with the best form of knowledge in order to tackle the various security aspects (Guo 2013). In order to properly secure the assets of the company, all the employees from lower level of the organization to the higher level should be able to have a better form of understanding of the various updated policies in relation to the security aspects. They should be equally aware of the aspects related to the security of the systems and computing devices within the organization (Von Solms and Van Niekerk 2013).

The management personnel who have the major responsibilities in relation with the security would also require an additional form of training based on security aspects within the organization. As the managerial position is one of the important aspect of an organization, which holds the sole responsibility of binding each of the assets of the organization, hence it would be extremely vital for them to undergo a proper form of training based on the scenarios. Without the proper form of understanding of the security aspects, the organizations would not be able to ensure the security within the environment of the organization (Crossler et al. 2013).

2.1: Key Risks to Information within Data Centre

Two key risks related to information within the data center due to poor level of security are:

Security Awareness and Training

Failure of Security Server – The data centers are engineered in order to store the data of the organization in an efficient and reliable manner. The facilities provided by the data centers rely entirely on human activity and technology, which might get prone to failure at some point of time. The failure of the data servers would lead to high level of security implications within the daily operations of the servers (Schmittner et al. 2014). In some of the cases, the security personnel are unable in order to manage the access to cards, verify the authenticity of the card holders and manage the usage of web applications. The data centers are considered to be a highly developed form of platform in order to store the data of the organizations. Hence, the stored data within the data centers should ensure higher form of security levels in order to avoid the chances of errors and failures within the systems. 

Failures due to Network Connection – IT has been seen that most of the system failures mainly occur due to failures due to network connectivity issues. The processes of information security mainly depend on the connectivity to the internet platform. A high form of generator within the organization would prove to highly helpful in various kinds of failure due to power outages. The all-time connectivity to the internet network is a major matter of concern for a data center. Hence proper form of measures should be taken by the organization in order to deal with the issues that would be raised by the organization (Mukherjee, Habib and Dikbiyik 2014).

2.2: Physical Security Controls to Reduce Potential Risks

Use of Cluster Software – In order to reduce the potential risks of losing data due to the failure within the security based server, the solution that could be suitable in this case is based on the shifting of data to a cluster software (Barroso, Clidaras and Hölzle 2013). The cluster software helps the storing of data and assets of the organization in a highly secure platform. The process of clustering involves the processing of applications based within the data centers to be stored on another server in the cases when the primary system would fail to perform their daily operations. The process of clustering of applications would help in the continual processing of applications based on another server in the cases when the primary system would fail or when there would be a massive need to shut down the computing systems. The process of clustering would help the system processes to be performed in an efficient and easy manner. This would be done by distributing the workloads in an efficient manner.

Key Risks to Information within Data Centre

Cluster softwares would help several servers in order to operate in a synchronized manner with a proper level of coordination with one another. This process would highly help to protect the data and thus would be recovered in an immediate manner. The process of clustering of data onto secured servers would help the organizations to help the teams of security for mitigating the incurred losses within the organization. The cluster software would also enable the non-stop functionality of the vital processes within the organization (Chen, Mao and Liu 2014). This is achieved by switching between servers in a seamless manner. This would allow the teams of security to minimize the downtime of the systems while the performance of the server would be maintained properly.   

Smart Patch Panel System – As data centers face a huge issue within the failures due to poor network connectivity, hence this problem could be solved with the implementation of smart patch panel systems. These systems would help the user for controlling the structural links that would be used within the network. These panels would help for monitoring and controlling of the individual systems of the network. This would help in checking and ensuring that the links would be maintained properly, the networks are functioning wholly and also that the connections within the network are properly secure (Kashfuddoja and Ramji 2013). These smart panel systems are able to designate certain links to be confidential and thus would allow the designated equipment to edge with the established connection.  

In the cases of establishment of illegal connections, an alarm based notification would be sent to the users attached with the network. This functioning capacity is beyond the capability of the systems and thus have a lower impact on the entire security of the entire system. The smart panel systems also have the functionality for integrating with other forms of security systems that would include the surveillance systems (Fang and Yu 2014). These system would be able to maintain a survey within the system procedures and thus report severe form of threats within the system procedures. 

References

Barroso, L.A., Clidaras, J. and Hölzle, U., 2013. The datacenter as a computer: An introduction to the design of warehouse-scale machines. Synthesis lectures on computer architecture, 8(3), pp.1-154.

Chen, M., Mao, S. and Liu, Y., 2014. Big data: A survey. Mobile networks and applications, 19(2), pp.171-209.

Cheng, L., Li, Y., Li, W., Holm, E. and Zhai, Q., 2013. Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers & Security, 39, pp.447-459.

Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security, 32, pp.90-101.

Fang, F. and Yu, X., 2014. Design and Implementation of Next-generation Data Center Infrastructure. Applied Mechanics & Materials.

Guo, K.H., 2013. Security-related behavior in using information systems in the workplace: A review and synthesis. Computers & Security, 32, pp.242-251.

Kashfuddoja, M. and Ramji, M., 2013. Whole-field strain analysis and damage assessment of adhesively bonded patch repair of CFRP laminates using 3D-DIC and FEA. Composites Part B: Engineering, 53, pp.46-61.

Kato, K. and Klyuev, V., 2013, September. Strong passwords: practical issues. In Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2013 IEEE 7th International Conference on (Vol. 2, pp. 608-613). IEEE.

Mukherjee, B., Habib, M.F. and Dikbiyik, F., 2014. Network adaptability from disaster disruptions and cascading failures. IEEE Communications Magazine, 52(5), pp.230-238.

Schmittner, C., Gruber, T., Puschner, P. and Schoitsch, E., 2014, September. Security application of failure mode and effect analysis (FMEA). In International Conference on Computer Safety, Reliability, and Security (pp. 310-325). Springer, Cham.

Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.

Zhou, M. and Liu, J., 2014. A memetic algorithm for enhancing the robustness of scale-free networks against malicious attacks. Physica A: Statistical Mechanics and its Applications, 410, pp.131-143.