Information is an input that transmits a message and involves a sequence of symbols while security is a form of protection against criminal activities, damage or even loss. Information security means protection of information systems and the information itself. Julius Ceaser is known for invention Ceaser cipher which secured his information from 'wrong' hands. There has been much advancement, through World War II to 20th and 21st century, in technology which has led to electronic businesses and use of electronic data processing methods. This has led to emergence of many organizations with their main goal being information systems reliability and security (Volker, 2002).
The goal of information security is to protect the basic principles of information which include; the availability, integrity, confidentiality and privacy from use, destruction, disclosure, inspection and modification amongst others. All data is under a threat of insecurity regardless of whether it is printed, electronic or in any other form (Peltier, 2005). Most of businesses, individuals and governments store their information in computers. This information may range from the operations, objectives, workers and their confidential details to their liquidity. Some of the security measures used include; passwords, digital certificates and biometric techniques. Digital certificates and biometric techniques are more secure compared to passwords which cannot validate an actual owner but just an entry of a correct number. This means that anyone in possession of such passwords can access the information (Calabrese, 2004).
The key basic principles of information security are known as triad and there are debates to extend them. The three concepts widely known are integrity, availability and confidentiality. The proposed and are debated upon are Accountability and Non-Repudiation. This does not give the definite concepts because Donn Parker has proposed another model known as six atomic elements of information. Integrity means that any data modification can be noticed while confidentiality means that the information is not disclosed to any individual, organization or system that is unauthorized. Availability means that the information needed is accessible, no disruptions or failures and correct functioning of the systems. Non-Repudiation is more connected to law; it is the protection of both the sender and the receiver of the information against each other. Authenticity means validation of the parties involved (Calabrese, 2004).
Information security can only be effective if it takes into account procedures, technologies and security products just to name a few. Virus scanners and firewall information security have to incorporate systems and procedures in order to become effective. Information in computers is mostly vulnerable to hackers. These are people who break into computer systems and access information that they are not entitled to by use of their technological skills. Hacking can result to loss of information or plantation of a virus that may erase any information in the computer. However, the authorized users are more dangerous as far as information insecurity is concerned. It is difficult to differentiate between genuine and malicious acts in their day to day use of such information (Peltier, 2005). When there is leak of information about security or business matters to an enemy or a competitor, it can lead to war or elimination from the market. In reference to information security, this paper uses case USA air forces as an example.
The methods used to collect data during the study were questionnaires and interviews. However, it was difficult to interview some of the senior US air force officers due to their ever tight schedule. During the interview, Air force officers were expected to explain how the US Air force ensures security of its information and the challenging that the organization was facing. Those who were unwilling to be interviewed or could not be available for the interview were issued with questionnaires where they filled their views on the blank spaces left after every questions. Other information was obtained from the force's website and other written materials from the ministry of defense that explains how the US Air force operates (Peltier, 2005).
The US Air Force uses different methods used depending on the kind of information involved and the parties concerned. There are those that are generally used because every officer has an equal right to access them and others that can only be shared between the air force information custodians. Information security is very vital to such a super power country's air force because any leakage means an advantage to the enemy. They have incorporated the developments from their researchers as well as advancement in technology to ensure that their information is secure. Security means protect from their own hands as well as any unauthorized individual. Some of the methods that they use are discussed below (Peltier, 2005).
The first method is cryptography. Cryptography is the conversion of an original text (plaintext) into a secret code (ciphertext) via encryption algorithm for transmission over networks including the public and it has advanced to being electronic. The algorithm uses keys with bits 40 to 256 in length and the strength depends on the numbers used. It is these keys that encrypt the data and only the receiver with the same bits can unlock and convert it to the original form. It exists in two major architectures; secret key and the public key. Secret key is also known as the symmetric method and it uses such algorithms as DES and AES. It is faster and both the sender and the receiver encrypt and decrypt using the same key (Peltier, 2005). However, it is difficult to send the key to the receiver. Public keys are also known as the asymmetric system which uses two part keys. Both have a secret key and a share a public key. It is only the public key that is involved in transit hence the private key is more secure. This method is used by officers in the same camp and also those in different camps (Calabrese, 2004).
Authentication is another method which refers to a designed measure that prevents fraudulent transmission in communication by use of message. It helps in distinguishing official and genuine documents from those forged or fake. It is the verification of a user and also verifies the eligibility of individuals and can disclose strangers. It involves proof in order to at least secure that individuals are the authorized. Password is used to test on what the user knows. Digital certificates verify on what the user has. It is more secure compared to a password and when used together, they can add to security. They show the physical things in possession of the user and include; laptops and smart cards. Biometrics is difficult to forge and tell who you are. Iris recognition and fingerprints are some examples. Dynamic biometrics show what the user does and are in form of voice recognition and signatures (Peltier, 2005).
Thirdly, they have a Sensitive Compartmented Information Facility (SCIF) which handles sensitive information and is ultra secure. It has intrusion detectors, sound masking and data handling equipment for security purposes. All the authorized personnel have swipes and identification cards which they use during any entry and at exit because all the doors have been fixed with security components. Possessing a card does not mean that every individual can access every door or room with such systems. They are created in a way that no person can make an entry in an area that he/she is not entitled to. It may be designed according to ranks and duties. For sound masking, it covers conversations which generate sounds that are electronic and use loudspeakers to broadcast them hence increasing privacy. By use of these systems, even eavesdropping is impossible and use of laser can not affect them even if they are aimed through the windows (Volker, 2002).
Antivirus software is used in protecting a computer from viruses that get unleashed each week. It should be updated often to ensure that it is up to date. This software can detect or even remove a computer malware. It uses signature based detection, heuristic based detection or file emulation in detecting virus. Signature based detection relies on signatures and though effective, signatures must have been created else it may not be able to detect. There has been advancements of this detection like polymorphic, oligomorphic and metamorphic which was recently written (Bidgoli, 2006). They do not match the dictionary signatures but rather disguise or encrypt themselves.
Heuristic is used in more advanced/sophisticated antivirus software and are used in detection of new variants of an already existing or known malware. It applies generic detection because a virus may infect as single but in the process, grow to different dozens of stains. This is caused by refinements or mutation and can be detected and removed by use of single virus definition. File emulation is a type of heuristic approach and involves logging what a program performs after which the software can work on it depending on the results of the logging. Nevertheless, rootkit detection approach can be used which is a form of malware that can infect a computer system without detection. The antivirus software scans to detect on the presence of rootkit on the computer and work on it. The Air Force ensures that all computers have active and up to date antivirus. This reduces any infection from the already existing viruses, or those that have been unleashed (Bidgoli, 2006).
Firewalls are also used by the U.S Air Force and refer to a barrier that is designed to prevent access of property or information by an unauthorized party. In computing world, firewall can allow or prevent transmissions and follows a set of rules. It exists in four types; Network layer and packet filters, Application layer, Proxies and Network address translation. Network layer is also known as packet filters and allows only the packets that match the set rules to go through. The said rules may be default or defined by an administrator. They are subdivided into stateful and stateless. Stateful firewalls speed the processing of packets by use of state information and always maintain the context. The packets that pass through it depend on the old rule or newly established rules (if a packet does not match existing rules, it is further processed and new rules are applied). Stateless firewalls deal with simple filters faster can also be used in protocols with no concept (Haselkom, 2007).
Application layer software works on browser traffic and protects the machine from reach of unwanted traffic. It also protects infection or spread of computer viruses by inspection of all packets involved. A proxy device can either be hardware or software which responds to inputs while blocking other packets. They make it difficult to misuse internal systems as long as they are configured and intact. Network address translations are used to hide protected addresses belonging to the protected hosts. It was developed to solve the problem of creating addresses for all computers in an organization as well as the limited Ipv4 addresses. Firewalls have been modernized and filter many more attributes in a packet. In the Air Force, secrecy is the guiding principle and the firewalls have enabled them to meet it (Peltier, 2005).
Biometrics has also been used a security measure, although the U.S Air Force had stopped the use of thumbprints as a form of identification in their gates and doors. It tries to identify an individual's unique characteristics and it is very effective. Some of their applications include; authentication of retina and iris pattern, recognition of voice waveform and face recognition. Use of biometrics is attributable to both technology advancements as well as threats of insecurity. There has been use of hand scanners which has saved almost $400,000 as costs of manpower since the introduction of these systems by the gates. They have been able to arrest and detain terrorists by matching their fingerprints with those found in terrorist attacks. If this system is incorporated with other systems, it can provide improved security. They are focusing on improvement of this system and its application has reduced the use of passwords. Identity theft (people trying to fake to be other people) is eradicated by earlobe geometry which is also a form of biometry (Air Force Association, United States Army, 1999).
Use of physical access controls is another form of information security. It ranges from the fence, a bouncer in a night club, border guards, and watchmen to use of turnstiles. Actually, this provides security to the entire organization. In the U.S Air Force gates, there is always restricted entrance as well as exit and only the authorized persons can access the property or a stranger but with permission. There are people who take care of different doors and gates regardless of other forms of protection. They have duty rotors on who is on duty, at what time of the day and which part of the base. This is to boost security since the gateman/woman scrutinizes every individual who gains access the rooms. The area occupied by the officers is fenced to discourage strangers and also ensure one way centralized points for entry and exit (Shon, 2008).
Smartfillter is another protection measure for delivering content and filtering the web. The U.S air force selected this software as a base to high performance. This software can allow them to access management in all its bases in the world. In each centre that it has been deployed, it can carry its own web access policies. It provides a single internet with accelerated content delivery that enforces standard internet usage. Smartfilter operates on the blue coat web which is used in formation of sophisticated webs and can deny access to some given websites by some users. The Air Force personnel have created a high intelligent web by use of the knowledge from this smarstfilters hence cheap access to the internet. This blue coat has enabled the U.S Air Force to have control of their documents by regulating on the accessing users (Alexander, 2008).
Information security is vital in all forms of organizations whether private or public, small or big. Most information is transmitted and stored in electronic systems like computers. Technology has made it easier to secure information but it has also created a risk of insecurity. Encryption ensures total security of any message on transmission. Public key option is safer than the symmetric algorithms because whether the key on transmission falls on the wrong hands, the message can still be decrypted. The private keys guarantee privacy and authentication. However, it is slower as compared to the symmetric which is faster but it is more prone to risk of insecurity. Organizations should use this when transmitting information to their branches some of the information involved include financial statements (Bidgoli, 2006).
Authentication is also secure and its characteristic identifications make it better. One of the most common forms of authentication is signature. It is used in showing the credibility of information or documents. However, most of them can be forged in a way that differentiating between the original and the forged is difficult. Biometrics offers better ways of security because if they are used in combinations, they can reduce insecurity chances. They are mostly common in financial institutions and very sensitive offices. They can be used in doors, gates or even in the computers (Meldhe, 2006). Not many businesses can be able to afford the systems used because they are expensive to acquire and also their maintenance cost is high; they require advancing with technology.
Antivirus is cheap and can be used to protect any information in a computer system. They can be upgraded, renewed or downloaded from the internet by the use of the system itself. Also, they can be acquired through installation from storage devices like flash disks, CDs, memory cards amongst others. Every computer has a capacity of acquiring antivirus by itself given that there is internet connection. You can never witness the function of antivirus but they really protect the computer against viruses. Each day, new viruses find their way in the computer world hence the need for updating. Although it is cheap, it can sometimes be defeated by the viruses that find their way to the computer hence exposing the system to risk. Also, the antivirus themselves can cause damage to the operating system I a way that it cannot be repaired and only a new OS can be installed (Stamp, 2006).
Physical access control in most cases is based by the doors and gates. Apart from electronic, use of watchmen, bouncers, security officers just to name a few is common in many organizations. It is used together with other forms not only to secure the information but also the property itself. Things like fences are of different kinds and are used though not to give a hundred percent, they minimize the risk of insecurity. By having individuals at the entrance, it is simple to detect strangers, visitors and also scare any unauthorized personnel. However, although it is the most practiced method, it is very insecure especially when fellow human beings act as the controls. They can be killed, corrupted or even their absence may present an opportunity for intruders to access the property, information or documents (Calabrese, 2004).
Firewalls have proven to be effective in information security. They ensure that only the wanted material is able to reach destination. It can discard other information in its network as long as it is not part of the information being transmitted. It reduces chances of manipulation, infection or loss of information and ensures that only the original message is delivered. It is expensive to install but if a business is able have it, it is guaranteed of some security of its information (Volker, 2002).
Challenges during the study
Collecting information from primary sources was challenging. It was not possible to make an entry to any of the U.S Air Force bases due to security reasons. The available air force officers were not willing to give detailed information during the interview. The public is always kept at bay /out of their lines of business especially when it comes to their information hence collecting information from such bases was not an easy task. It was not possible either to get a website, journal, a book or any articles with full details about this area of research. Their websites provide shallow information and most of it is on their achievements, explanation of their goals and mission. In others, they required me to be a member in order to log in.
Every individual, organization, government and businesses have information. This information is printed, stored in computer or kept in any other means. Some information can be public (for general public) while the other can be private (confidential). Security of such information is needed in order to keep it from the hands unauthorized personnel. If a competitor got information about your business, he/she is in a position to use it to destroy you or even eliminate from the market. Some vital information about security in a country must be kept secret. This is only achieved through ensuring proper mechanisms are put into place to ensure which detect, remove or even prevent any loss, damage, or infection of information. Regardless of the methods used in securing information, maximum security should always be given priority just like any other business. Everyone should acknowledge technology.