Information security

From CopperWiki
Jump to: navigation, search

Availability, integrity and confidentiality of information are paramount factors which drive business today. If this ingredient is not available, most business cannot function. How to protect this information, so diligently acquired, from misuse is one of the greatest concerns of business today.

Contents

Why should I be aware of this?

In order to overcome information security threats, which have become a major concern in organizations, we must develop awareness, and contingency plans must be in place. Poorly written software makes an organization vulnerable to threats like internal breaches, external breaches, computer viruses and worms. This is like keeping a door wide open to external breaches which include hackers and crackers. The former usually breaks into a system just for personal benefits and does not usually damage or steal any type of information. Crackers break into a system with intention to steal or damage.

How does this affect me?

  • Commercial – loss of e-business due to damage, loss of confidential customer information such as credit card details, theft of essential information.
  • Reputation – brand damage through appearing vulnerable, damage to consumer confidence, service suffers as a result of vandalism.
  • Financial – negligence and compensation claims, cost of repairs.

All about information security

Effective information security systems incorporate a range of policies, security products, technologies and procedures. Software applications which provide firewall information security and virus scanners are not enough on their own to protect information. A set of procedures and systems needs to be applied to effectively deter access to information.

Standard security systems such as firewalls can be bypassed by hackers who use their technological skills to break into computer systems and access private information. Even a virus planted can erase all information. If the firewall is shut down even for a few minutes, it is enough to give access to a computer hacker.

Computer operators need to be fully aware of the importance of information security. If an operator gives out or resets passwords without verifying who the information is for, then anyone can easily gain access to the system.

Information security and IT security

There is a general confusion between information security and IT Security. IT security implies protection of hardware, software and a network of an organization from the perils of disaster and external attacks (through virus, hacking, etc). It concerns electronic data and is covered in the IT Policy of an organization. Information Security Policy, on the other hand, goes beyond the network and applies to the organization as a whole. It encompasses data stored in digital fashion (electronic format), trade secrets, know-how, intellectual property rights, historical data, information on data access, policies and procedures laid down, compliance & standards established within the organization, plans and budgets, financial & management data, brochures, images, logo and designs, employee information etc.

Internet Security is more concerned with the internet architecture and covers the protection required during communication between two computers over the internet / intranet.

What can I do?

  • The first step is to create risk analysis which would focus on the threat level, weaknesses within the system, value of the system, and the importance of data. To make this plan to work, everyone must understand his or her responsibility.
  • The next step is to physically secure the components of a computer with anti virus controls.
  • Configure the system by updating all software, and securing the email system. The Network manager must secure the network, this job would include: determining who has access, securing passwords, and securing desktop and notebook computers.
  • Determine levels of security for each employee, as well outsourcers.
  • Most important is putting in place a system to determine how to detect intruders, and what should be done when intruders are detected.

CopperBytes

  • Information security must be seen as a management and business challenge, not simply as a technical issue to be handed over to the experts.
  • Virus protection software is cheap, widely available and easy to manage. Manage is the key word – viruses change all the time, and software must be updated to cope with new threats. [1]

Unlearn

Moving digital information is dangerously easy. Someone who would never dream of accidentally sending sensitive information to the wrong postal address may accidentally click on the wrong e-mail address without even realising.

References:

  • Why Information Security is important for your organization
  • What is Information Security?
  • Information security threats

Source

  1. Information Security: Hard Facts