Nightmare: Data Management on an Individual and Household or User Level

Individual Account Management by merchant and end user created a more complex non-standardized security system.  Individualized Advanced Cyber Security protocols that vary by type of software system, merchant, and value thresholds creates greater risk for security breaches.  Internet Account Management is not only difficult for designers and developers to track, secure, and maintain, but also users because security policies and procedures are varied and voluntary.  The current one for one design on Internet Security Policies, such as credit card and personal information management leaves ‘financial data’ the primary area of security, when there are many other areas in need of protection.  While high level policies are published, many companies violate these rules and laws, creating an information security problem across the Internet.  If anyone can learn and design Internet Stores without following adherence to rules and policies, then any user is at risk of a breach and if all policies are varied, an entanglement occurs.  Not allowing everyone to learn and design, creates a closed industry, managed only by large companies and banks, limiting competition and commerce.  Not only is this an information security problem for E-Commerce Providers, but also users due to the massive security requirement of protecting information by account, rather than by system or household. 

Government Agencies in charge of this information are often under-skilled in protections and fail to provide adequate Security Management solutions for both Industry and Consumers; they are building on top of the Internet when the Internet’s design should change.  This paper is not based on a ‘scientific’ study presented as an experiment, but includes experimental research and problems encountered for consideration.  Social engineering improves ease of personal security information collection without committing a crime, but once the information is shared or misused, it can take years to clean up and involves serious damage to personas, relationships, credit, and systems.  Protection and preventative procedures are managed by system and device.  When users become more comfortable using multiple private and public connections or personas the risks and complications increase.  Constant warnings and ‘threat’ based terminology causes psychological insecurity which affects biometric systems, beyond fingerprinting and facial scanning.  Warnings are often ignored and are no longer used or seen in Online E-Commerce Systems.  Finance, security, information protection, and environmental laws are undefined for specific computer system areas, forcing the cycle of teaching and learning, developing, testing and manual security processes to continue, just as the cycle of criminal development in society with a vast, unknown ratio.  Just as Humans are not born with an understanding and automatic adherence to basic rules and laws, the Internet was not born with basic security.  Relying on a secure set of windows or other operating system does not guarantee online privacy and security, nor does a simple password protected system.  A lock can be purposely or accidentally picked, broken, and objects or items and articles stolen, making privacy and protection a lifelong online requirement beyond a simple Secure Socket Layer or HTTPS lock icon on an Internet Site. 

Just as kids become more trusted when they learn independence, a system should also be trusted, but the process of system trust, use, and security is not the same as raising a child and teaching them right from wrong.  As E-Commerce becomes more standardized, end users become more secure in use, but it requires a greater level of account management; developers must manage and build systems using many different types of systems and languages, thus creating obvious security management problems.  Information virality in Social Media or what the Cyber Security community calls “Social Engineering” can be dangerous when there are untrained and malicious users seeking to steal, clone, copy, or misuse information.  Sharing and control has been a common practice, but it too has its limits, just as ownership and protection.  Individualized management on a site level can be automated but is also dangerous. 

WARNINGS, CONTRACTS, & DISCLAIMERS

Simply stated promises, warnings, and handshakes are no longer enough because these are ways in which breaches occur and viruses spread.  Personal responsibility is often abandoned and corporate or business responsibility is varied, forcing the need for more than health protections into the realm of Technology.  Well intended buyers and sellers of new systems or businesses don’t often start secure – they are forced to achieve it in a highly restricted advanced online environment which deters many from starting their own businesses or using Systems the way they could and should be.  Even in the use of free systems, there are management problems.  While Online Systems are vast and varied, the use of all or even some requires time, money, and protection.  To obtain 500 or more viewers or friends and share information creates greater personal risk than to publish an Internet Site as a Fictitious Business Name with a registered domain advertised to 500 online users.  Deciding what to share and who to share it with, along with who to market and advertise or do business with is what is critical and in E-Commerce, but online sales and customer service is a more distant activity than physical commerce.  There is a three- or four-sided protection problem in determining who is responsible for what and to what amount in case of damages.

Problem

An individual system security approach creates a high-risk environment forcing system owners and users to manually recall, protect and/or purchase protection when it should be inherent in basic design before any online transaction takes place for both individual users and business owners/users.  It took about 10 years to trust a browser to store and reuse credit card and login information – and still causes problems today because of ‘auto billing’ and other disorganized account management processes.

Terms such as “Transactions” are not limited to financial actions, just as “Terms and Conditions” are not created and standardized in all E-Commerce transactions for every contract or product or service purchased.   Broad legal requirements of financial and privacy or information laws gives leeway but complicates the damage and remedy process.  Strict requirements stifle growth and opportunity, as well as production and sales, on both ends of the spectrum:  the lawful and unlawful, as well as the open and ultra-secured.  Offering “layered systems” and small software vault protection programs or encouraging storage of information in a browser to be used across the Internet for purchases does not fix the Security Management issue and are only temporary solutions to ease the burden of accessing and securing account information.  Simply publishing a disclaimer regarding privacy and the sale or protection of information is not enough due to inability to prove data or information was misused without a serious technical investigation.  Publishing guidance on ‘how to protect yourself and others on the Internet” or “threat based terminology and warnings” instills a belief that Internet Users are not secure online and are responsible for their own protection, creating a ‘fearful or scary’ environment before they even have a chance to talk to a person from another country, browse freely without fear, or confidently make purchases and contacts.  Content ratings and freedom of ‘publishing’ any information is also at issue, such as adult material and the manipulation of information for the purpose of health screening, job interviews, program evaluations, business ownership, probation or parole violations, or even just child protections.

Some companies sought to force Privacy and E-Commerce Laws and Rules by the requirement of logins, receipts, promises of personal information protection and sales policies, as well as credit card protections, but because systems are not connected to Government Systems such as the IRS, or a centralized identification and protection processing center, there is no real financial accountability or promisable identity protection.  After the fact recovery solutions offered by Banking Institutions, forces every business owner to publish policies, buy individual security, and carry insurance that are not designed specifically for Information Management.  Biometric Systems fall short in Identity Protections due to biological cloning and low budget systems.  After the fact solutions are designed for post-criminal or accidental protections and does not prevent breaches or misuse.  Anti-viruses and Anti-Theft Devices are often behind, constantly fighting security threats, scams, and viruses; this shows the convergence of Humanity and the Computer design.

To prevent fraud, misuse, and an insecure system, it must be delivered fully tested, protected, maintained, and guaranteed.   There are no set standards for such a guarantee, which leaves E-Commerce insecure and dependent upon each system owner and user’s abilities to follow laws, and recommended policies or procedures.  Automatic Account Management is not yet available and requires Human intervention to verify and monitor transactions.  Bank alerts, blocks, and credit card monitoring is available, but this creates another inconvenience in security.  This heavy burden on developers, online business owners, and end users is manageable, but more work than it should be.  Sadly, a small business owner cannot promise complete Information Protection, leaving Security up to the Financial Industry and currently, only identity and monetarily focused. 

It is suspected that any business that does not monitor internet site traffic cannot promise Information Security Protections and can only be held responsible for the delivery of goods and services as promised through online transactions, leaving it to the courts for remedy and personal information at risk for duplication and misuse.  Inter-state commerce and World-Wide information processing that relies on post-security breach protections are disastrous, therefore preventative automatic measures must be taken.  The current design is far too complicated for individual designers, users, and store owners.  It is unknown if Centralized Identity Verification Agencies exist, just as it is unknown if your information is being used and duplicated in another location or country.  Users must assume it is not, but it cannot be proven.  The creation of Robots to scan information sites are useful, but security makes it more difficult to track misuse.  Information security is of the utmost importance not only for the protection of intellectualism and financial management, but also identity, ownership, biomedical, and now, even communications systems.  Categorizing, separating, and securing these systems into separate designs creates another problem in information management, reducing the desire the Internet and Online Software Systems offer for optimum business and personal management.

Purpose
To explain the multi-account personal and business security design challenges, outlining the spectrum of protection and propose a set of efficient security management practices.

LITERATURE REVIEW

A study found that customer’s online security and privacy concerns are positively correlated with not giving the credit card number to unprotected online shopping sites. It means that customers are not willing to give credit card number to the unprotected sites if they perceive privacy and security concerns being the barriers to online shopping (Patel, 2018).  This study appeared to be an American Study, but upon further research, showed elements of possible terroristic Cyber plagiarism, potential threat for usage of reference, or a direct attack against a Veteran of the United States seeking to show/uncover IT vulnerabilities and bad security designs.  It might also be that American Intelligence has been transferred to other institutions to forward International IT Intelligence, which causes more risk in National or International trust of online systems.  No statistics are available to show terrorism or agreements made between the US and other countries to study consumer IT behavior, but it is obvious either the profile and authorship of the research has been changed or a database problem has occurred because Indian writing does not often match the same APA referencing and writing styles as a report authored from a Turkish Educational Institution.  The points are accepted, but the authorship is questionable.

While some violations deliberately make the systems inaccessible and interrupt services, some of them occur due to accidental software or hardware failures. Either by accident or malice, security violations seriously affect the activity and reliability of an institution (Kashyap, 2013).  Every phenomenon causing a violation of any one of the principles of confidentiality, integrity, and accessibility—the three main elements of information security—is a violation of security (Mehmet Guclu, Cigdem Bakir, and Veli Hakkoymaz, (Sep, 2020). Again, another study obtained from the American Public University Library System that appears American, but is written by foreigners, causing severe distrust in the University Library and Internet works.  Although the point is accepted, suspicion of the authorship is natural due to past terroristic activities and the point itself.  A database error and terrorist attack could’ve occurred to change the author.  The American Public University System should separate and note International doctrine.  This lowers student trust and decreases confidence in the study results and quoting such works, not because of prejudice, but because of known terrorism and an obvious investment in International learning, at the detriment American knowledge.  If American business people struggle to understand technology and there are foreign intelligent authors, then it can easily be suspected that American IT is behind and failed to prioritize IT intelligence growth for its own users; an obvious mistake in authorship or purchased cyber terrorism attack directed at the student for pointing out flawed security designs.  If American IT studies are not readily accessible in the University’s library, then the University is now questionable in its ability to provide reputable and acceptable scholarly research for American students.  It also shows its more than a password breach or security vulnerability, but an advanced International attack on a major IT knowledge management and security issue at hand.  Outsourcing IT services to foreigners will not be discussed further in this research because America has yet to prove it can offer secure services within its own borders. 

Every phenomenon causing a violation of any one of the principles of confidentiality, integrity, and accessibility—the three main elements of information security—is a violation of security (Kim & Solomon, 2016).

In today’s environment, multi-cloud security is the most important task for data safety. Prioritizing security across all clouds is imperative to ensure no sensitive data is exposed to risk, all loopholes in the system are diagnosed, and workloads are protected. While managing additional servers is no small feat, following some best practices and working with a competent operations team can eliminate most issues (Campbell, 2021).  This is broad and generalized research showing obvious risks are inherent in working with multiple systems designed on different platforms.  It not only creates a password and network management issue, but a data collection issue when information is all over the place.  Information sharing and security policies must be implemented and well documented in IT Services, with standardized global processes if shared internationally.  If an organization cannot effectively do this within its own walls, then how can it effectively and efficiently do it globally and securely? 

Sasse et al (2001) observed that sharing passwords is considered a sign of trust among colleagues and friends. People who are not willing to share passwords with colleagues are regarded as “untrusting” (Sasse et al., 2001). Users who practice safe computing by having strong passwords are often described as “paranoid” or “antisocial” (Sasse et al., 2001).  This is an inference that can be viewed in two ways – a negative assessment against those who do not want to share and understand the purposes for protecting information beyond personal systems, but also high levels of responsibility in data management, systems, design, engineering, and interchanges and relationships beyond the human and computer, but in neural networks, and other artificially intelligent systems where information and systems are misused.  A perfect example is the need to protect the eyes and ears of others in certain companies where humans have not been taught or forced not to share personal details or misuse the eyes and ears of another to cause psychological trauma or negatively impact their career progression, educational goals, and health in certain environments.  Assuming ‘paranoia’ because a person seeks to protect their information is false, especially when industry and developers or designers of systems have recommended this process.  The use of “Anti-Social” behavior reference is also an attack on developers because the process of development is not a ‘social activity’ where some place human interaction as their top personality reference trait when computer programmers choose to spend their time working rather than ‘socially computing’ or interacting with others.  Passwords are protected not just against theft, but from those who can come in and purposely or accidently destroy works in progress or good designs.

By Sheri L. Wilson

Author, PhD Student; Doctor of Technology, Research