Sunday, April 25, 2010

Information security

ABSTRACT :

Information security means protecting information and information
systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Key concepts

For over twenty years information security has held that confidentiality, integrity and availability (known as the CIA Triad) are the core principles of information security.
Integrity
In information security, integrity means that data can not be created, changed, or deleted without authorization. It also means that data stored in one part of a DATABASE system is in agreement with other related data stored in another part of the database system (or another system). For example: a loss of integrity can occur when a database system is not properly shut down before maintenance is performed or the database server suddenly loses electrical power A loss of integrity occurs when an employee accidentally, or with malicious intent, deletes important data files. A loss of integrity can occur if a computer virus is released onto the computer. A loss of integrity can occur when an on-line shopper is able to change the price of the product they are purchasing.
.
Risk management
A comprehensive treatment of the topic of risk management is beyond the scope of this article. We will however, provide a useful definition of risk management, outline a commonly used process for risk management, and define some basic terminology.

Risk is the likelihood that something bad will happen that causes harm to an informational asset (or the loss of the asset). A vulnerability is a weakness that could be used to endanger or cause harm to an informational asset. A threat is anything (man made or act of nature) that has the potential to cause harm.

In broad terms the risk management process consists of:
1. Identification of assets and estimating their value. Include: people, buildings, hardware, software, data (electronic, print, other), supplies.
2. Conduct a threat assessment. Include: Acts of nature, acts of war, accidents, malicious acts originating from inside or outside the organization.
3. Conduct a vulnerability assessment, and for each vulnerability, calculate the probability that it will be exploited. Evaluate policies, procedures, standards, training, physical security, quality control, technical security.
4. Calculate the impact that each threat would have on each asset. Use qualitative analysis or quantitative analysis.
5. Identify, select and implement appropriate controls. Provide a proportional response. Consider productivity, cost effectiveness, and value of the asset.
6. Evaluate the effectiveness of the control measures. Ensure the controls provide the required cost effective protection without discernable loss of productivity.

Controls
When Management chooses to mitigate a risk, they will do so by implementing one or more of three different types of controls.

Administrative
Administrative controls (also called procedural controls) consist of approved written policies, procedures, standards and guidelines. Administrative controls form the framework for running the business and managing people. They inform people on how the business is to be run and how day to day operations are to be conducted.

Logical
Logical controls (also called technical controls) use software and data to monitor and control access to information and computing systems. For example: passwords, network and host based firewalls, network intrusion detection systems, access control lists, and data encryption are logical controls.

Physical
Physical controls monitor and control the environment of the work place and computing facilities. They also monitor and control access to and from such facilities. For example: doors, locks, heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, barricades, fencing, security guards, cable locks, etc. Separating the network and work place into functional areas are also physical controls.


Security classification for information :
An important aspect of information security and risk management is recognizing the value of information and defining appropriate procedures and protection requirements for the information. Not all information is equal and so not all information requires the same degree of protection.

Conclusion
Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption. The never ending process of information security involves ongoing training, assessment, protection, monitoring & detection, incident response & repair, documentation, and review

27 comments:

  1. Its a broad concept. There are so many techniques and strategies that fall under information hiding. I find this article very informative and useful to learn most of the things about how to secure information.
    PDF signature

    ReplyDelete
  2. Closed Circuit Television (CCTV) comprised of mini security cameras can catch criminals in the act and give police valuable information for the quickest response rates to crimes. Cost of Security Camera Systems Tampa, FL cameras have dropped significantly in recent years making it a viable option for homeowners.

    ReplyDelete
  3. Once I initially commented I clicked the -Notify me when new feedback are added- checkbox and now each time a comment is added I get four emails with the same comment. Is there any way you possibly can take away me from that service? Thanks! Bed Bugs Treatment Abu Dhabi

    ReplyDelete
  4. Exactly where maybe you’ve discovered the resource for the purpose of the following article? Great reading through I have subscribed to your blog feed. putlocker

    ReplyDelete
  5. There are many types of software that are available in the market for managing and controlling your unmanned aerial vehicle (UAV). The following are some of the most commonly used software for controlling UAVs. website scanning

    ReplyDelete
  6. Is your old technology replaced with new technology before you're ready to let it go? And does technology sometimes move too fast? Or is it really just moving too slow? https://cheap8cpills.com/2020/11/22/an-successful-safety-digital-camera-process-is-all-about-locale-place-site/

    ReplyDelete
  7. Learn about some effective tips to select the best security guards for your business. Stop taking other peoples poor performing guards. Security companies need to provide good security guards and these 10 tips will show you how. Security Guard

    ReplyDelete
  8. Nowadays, you can encounter many varieties of cameras on sale. Thus, you need to pick is the appropriate one as the price range and also requirement. There are special prices of cameras inside market place to help you select the very best one as far as your own spending budget is concerned. get more info here about camera installation

    ReplyDelete
  9. I believe, life’s more for example a battlefield, both equally armies skin oneself, the light gives you Pifu all the bravery is just not just enough, there has to be tip, there are actually certain schemes together with projects prior to they’re able to do anything whatsoever, we will need to think carefully about, not necessarily blind to this problem, systems work efficiently possibly not set off unneeded waste together with letdown. 먹튀

    ReplyDelete
  10. Many thanks for sharing this first-class article. Very inspiring! (as always, btw) 918kiss kiss918 apk download

    ReplyDelete
  11. The ideas you provided here are extremely precious. It turned out this kind of pleasurable surprise to acquire that expecting me when I woke up today. They can be constantly to the stage and easy to be aware of. Thanks quite a bit with the valuable ideas you’ve got shared below. 파워볼사이트

    ReplyDelete
  12. This website is actually a walk-through it really is the information you desired relating to this and didn’t know who ought to. Glimpse here, and you’ll undoubtedly discover it. 토토사이트

    ReplyDelete
  13. Technology refers to the collection of tools that make it easier to use, create, manage and exchange information. In the earlier times, the use of tools by human beings was for the process of discovery and evolution. Tools remained the same for a long time in the earlier part of the history of mankind but it was also the complex human behaviors and tools of this era that modern language began as believed by many archeologists. pricing info here

    ReplyDelete
  14. Is your old technology replaced with new technology before you're ready to let it go? And does technology sometimes move too fast? Or is it really just moving too slow? good security services company

    ReplyDelete
  15. Starting an online business regardless of what type it is, can really be a daunting process. With hundreds of businesses cramming the internet on a daily basis and with the millions already there, I have to ask the question, Do I have a chance of success in whatever niche my business falls into? There are times when some of us have come to the end of the road for our 9am to 5pm jobs, and we think it's time to take on the challenge of being our own boss and manage our own business. However, there are a number of things to take into consideration when thinking about starting your own business. I will only focus on ten main things from a long list which, in my opinion, are of paramount importance when considering an online business. security guard services

    ReplyDelete


  16. 사설토토시장은 수천개에서 수만개에 이릅니다. 일반 사용자들이 100%먹튀없는 사설토토사이트를 찾는것은 거의 불가능하다고 볼수있습니다. 저희 토토스타트에서는 보증금을 통해서 검증을하고 문제가 생길시 저희토토스타트에서 책임지고 전부 해결해 드리고 있습니다.사설토토사이트중 자신에게 맞는 사이트추천을 받아서 이용하시면됩니다. 이제 토토사이트를 이용하실 땐 토토스타트와 함께하세요.
    토토사이트


    ReplyDelete
  17. 918kiss/ Kiss918 Download APK IOS 2021 | Register Login dgn Livemobile88, Welcome Bonus + No Turn Over Cuci . Livechat support 24/7!

    ReplyDelete
  18. Very good points you wrote here..Great stuff…I think you’ve made some truly interesting points.
    먹튀검증

    ReplyDelete
  19. Capturing the events through CCTV cameras can never help in reaching efficiency in the field of security. To get security, monitoring of the CCTV is required. กล้องวงจรปิด cctv

    ReplyDelete
  20. 우리카지노 계열 브랜드 소개 및 가장 많은 쿠폰을 지급합니다. 카지노수사대에서는 가장 인기가 많은 메리트카지노,더킹카지노,샌즈카지노,퍼스트카지노,007카지노, https://casino112.com / 우리카지노.

    ReplyDelete
  21. I loved to read blogs and your blog is one of the best blog.Satta King

    ReplyDelete
  22. Thanks for sharing. This article is very informative.
    Regards: physion

    ReplyDelete
  23. Impressive insights! Florida Wind Security Services is your trusted partner for Security guard service in Tampa FL . They are known for being the best security guard agency in the city.

    ReplyDelete