Introduction To Information Security

Published Date: 02 Nov 2017

ABSTRACT:

Information security in today’s enterprise is a well-informed sense of assurance that the information risks and controls are in balance. This paper has specifically focused on the information security and how it comes to mean what it does today. This paper attempts to know more details about key terms and critical concepts of information security. For that, this paper investigates the characteristic of information component of system and securing the component and also outlines the phases of the security systems development life cycle. The roles of professionals involved in information security within an organization will be a key component and the vital force for a successful implementation of an information security program.

KEYWORDS:Information security, Concepts of information security, Security Professional

INTRODUCTION

Information security can be defined as protection of information and its critical elements including the systems and hardware that use, store and transmit that information.. Many information security practitioners recognize that aligning information security needs with business objectives must be the top priority. But the first that need to be look up is what security is? In detail, security is "the quality or state of being secure from danger". On the other hands, to be protected from adversaries which is from who would do harm, intentionally or otherwise.

Security has divided in four layers in place for the protection of its operations. The first are physical layer that have to protect the physical items, objects or areas of an organization from unauthorized access and misuse. The second are personal security means to protect individual or group of individuals who are authorized to access the organization and its operations. Others are operations security. Operations security means to protect the details of a particular operation or series of activities and the last are communications security. It’s mean to protect an organization’s communications media, technology, and content.

Although information security has always had an important role as technology has advanced, it has become one of the hottest topics in the recent past. The Internet’s open design and the explosive usage along with rapid adoption of technology systems became the main factor for the explosion in demand for security services. That’s why information security becomes the main topics among the individuals and company that want to save their confidential information.

METHODOLOGY

In order to complete this term paper, I have used primary and secondary literatures to make sure can get more understanding of what actually means information security. For the primary sources, I used to observe all related article and journal that related to the information security. On the other hands, I also used to look up at the video that have related to the information security. By using all these methods, I can get a lot of information in order to complete this term paper. For the secondary methods, I prefer to refer to the article journal, internets sources and any other literature to complete this term paper. From these two literatures, I used to know and understand more what is actually information security is. I also know how much important information security to people nowadays. Without information security, our information that we save may be not secure anymore and the consequences are high. From the primary and secondary literature also, I also know the challenges that faced in information security. In order to reduce the challenge that faced nowadays, I was proposing some recommendation to solve the challenges that faced in information security fields.

(NAK KENA TAMBAH)

DEFINITIONS AND CONCEPTS OF INFORMATION SECURITY

According to www.jobsearchtech.about.com (2013), information security or sometimes shortened to InfoSec actually means protecting information and information systems from unauthorized access, use, disruption, or destruction. On the other words, information security also can be defined as protection of information and information systems against unauthorized access or modification of information, whether in storage, processing, or transit, and against denial of service to authorized users.

Many institutions of all sizes either small or bigger collect and kept a huge volume of confidential information to their company and the information could be about employee, customer, suppliers, their products or financial operations. The information that has been collected processed and stored on computers and might be transmitted over networks. It can lead to lost business, identity theft or may be bankruptcy of the business if the information fell into the wrong hands.

In this information security field, the professional that works in the field is security professionals. These skills include information risk management, business knowledge, information governance, advisory and consulting, compliance, privacy, change management, communications, and organizational behaviour. In this era of cloud computing and mobile device use, the role of the security professional has to change. Their roles become broader and they need to be more comprehensive about their jobs. They need to give more commitment regarding their works.

The actual purpose of information security is just to protect sensitive information. On how we protect sensitive or confidential information, it based on our company. In information security or security triad, there have three primary goals which is confidentiality, integrity and availability. Confidentiality means that we must make sure that nobody that should not to see our information cannot see, then integrity means make sure our information or data that has not been changed from how it was intended to be. Others availability is for making sure that the information is available for use when you need it and easy to retrieved it.

As a simpler, this security triad can be remember by the letters CIA that means C for confidentiality, I for integrity and A for availability. When most people think about Information Security, they will generally only think of the first item, Confidentiality,and for good reason, since that's all the media seems to think security is about. Confidentiality is also the principle that information and information systems are only available to authorized users,they are only accessed in an authorized manner and only used for authorized. It does also include for protecting personal privacy.

For integrity, it is the part of the security triad that affects the most people in the IT world. The files on your operating system must maintain a high level of integrity, but worms, viruses and trojans are a major issue in IT, and can also be a way that an attacker can get information out of your network, or inject his own information into it. On the other words, integrity is the principle that safeguards reliability, accuracy, and completeness of information assets.

The third concepts of information security are availability. Availability is the part of the triad most administrators have to worry about at work, and with good reason. It's mostly about system uptime for them, but it can also cover subjects such as accidentally denying a user access to a resource they should have, having a user locked out of the front door because the biometrics does not recognize his fingerprints, or even major issues such as natural disasters, and how the company should recover in case of one

The others concepts are identification. Identification is a user claims their identity to a system or who is the user.  The most common example is the User ID.  This identification entity is commonly used for access control which is identification is necessary for authentication and authorization. If we as an employee or customer have an user ID, it will easier for us to access any kind of information that we want because only authorized person can do for it. Then, authentication. Authentication is the testing or reconciliation of evidence of users’ identities. It establishes the user’s identity and ensures that the user proves he, she, or it is who they claim they are.  The most common example of an authentication entity is a password. By having a password it will give us an identity that no ones can replicates it. If we have password, then we can be recognized by the system.

Simultaneously for authorization. Authorization is the granting of rights and permissions to an individual that enables access to an information resource. Once a user’s identity and authentication are established, authorization levels will determine the extent of system rights.  Examples of authorization are access control lists and security classes. Authorization also is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular.Such in an access control list, consumers should only be authorized to access whatever they need to do their jobs.

Information security also must have accountability which is refers to a system’s capability to identify that particular individual and to determine and track the actions and behaviours of a single individual within a system. Accountability is also sometimes referred to as non-repudiation. Audit trails and system logs support accountability. By having accountability, the information will be secure and we can save more information that in confidential and only authorized person can access it.

INFORMATION SECURITY CONCEPT

Figure 1: Information security concept.

CHALLENGES IN INFORMATION SECURITY

There are several challenges that faced in information security fields. These challenges can be a border to the people that wants to secure their information.Here’s a look at some of the information security issues we all face.

Lacks of awareness among people.

- People nowadays seems like do not be aware about their information either confidential or not. Awareness and education are the main points in information security issues that we faced today. People must accept and know the risks that they face by using technology and internet. They just put the information without think the consequences that they will faced. Same with organizations. Organization also need to clear about threat as it really is today, not as they think it is. What we can see now, many organization hired employee that not suitable with their job description because they want to cut costs.

Complacency

-Many organizations are suffering from being complacent when they are losing their information either causes of people or malware.This ties in very strongly to my first point of view. It is important to protect the information for which you as a company are responsible. This information can fall into many categories such as intellectual property, personally identifiable information (PII), corporate, state or nationally sensitive information, login credentials, financial results, patient or customer information. Every company has their own confidential of data and the relevant things need to do to protect that important data from both malicious exposure and inadvertent

No root causes analysis.

-Information needs to be secure. If the information are highly confidential, its need to be more secure. But now there have many attacks to information that we securing either from virus, malware or person. Seems now,traditional security solutions, server or client have focused on blocking or cleaning up the result of malicious software infections and detection but do not apply effective root-cause analysis. We also need to know where the malware is coming from, was it comes by download, an infected by USB drive, email, instant messaging or something else. This may allow the company the comfort of knowing they got away with it this but it does not give anyone the information they need to improve the security posture and lower the risk level of their business and prevent the same or similar infections from recurring

5.4A Wealth of Online Possibilities

In terms of information security, by doing online banking, credit cards, smart phones, bill pay, and countless other Internet options open individuals to more hacking risks and opportunities for criminals to try stealing personal information. Because many of us now like to do online services, they do not think about the consequences after put their information over the internet.

5.5 Recognizing Problems

Being able to recognize the warning signs of identity theft might keep a problem but just because every threat can be avoided, but from escalating as much as it could have if left unchecked. Unauthorized account changes or withdrawals, unexplained denials of credit, and letters or phone calls about services or products you haven’t requested are all good indicators that you might have a problem on

your hands and that steps should be taken to stop these issues. People now do not know on how to recognize the signs of identity of theft.

Recommendation to address the challenges in Information Security

To prevent the challenges that faced in information security, I have provided some recommendation to prevent this problem become bigger.

Organization must do a training or seminar to their employee.

-The organization also needs to do training or awareness talk about important of information security. The managementneeds to make sure their users are educated on how to use the Internet and Internet resources from a position of awareness and caution rather than blind trust in a technological solution.Employee should be aware of how invisibly infections can occur and where to go if they are concerned they may be a victim. By doing this session, the employees can know the important and can be more aware about on how to keep information more secure from go to other hands. People also need to be made aware of the real monetary value of their own and other people’s personal information and must to treat it with the care it deserves.

6.2Joint class with qualified professionals

-There have an choices to people either want to attend training session or joining class from qualified professionals who work daily to keep information and technology safe and secure, consider attending college for information technology training. We can learn on how to prevent cyber-attacks and also can teach people how to protect their important files. Many colleges and universities offer this degree and you can start checking for class if this recommendation is suited with you or sounds like the right profession for you.

6.3 Management of risk

-Companies and individuals are responsible for managing the risks associated with keeping personal information in computer files. Then individual and companies, they need to know on how to handle risk management regarding information security. People and businesses should know what information is in their files, and keep only what is absolutely necessary. Then, there must have proper planning to keep those essential files safe and secure.

6.4 Provide lot information about online services

-What we can see nowadays, many people like to use online service in their daily life. Online banking, smart phones, credit cards, bill pay, and countless other Internet options as an example of the service that they use but by using this option it will lead to criminal easy to steal our information. Then to overcome this problem, the users need to be provided with information about on how to secure our information when using online services.These will help individuals handle some of these risks by doing such as careful selection of account passwords and safeguarding Social Security numbers.

6.5 Commitment from the individuals or employees.

-Individuals or employees must show their commitment in their work. They need to shows a full commitment to the clients in order to gain trust and confidence from then clients. They need to show their capability in front of the clients. The employees need to do more attention regarding the information that they keep to make sure the information are secure. Other than that, they cannot show that they are blurring while serving the client. The clients only will trust them to keep their information when they give a full commitment when serving their client with full attention. If the individuals and employees show their confidence in front of

Clients, the clients will be assured towards them and feel that the information that they hold are secure with them.

CONCLUSION

In conclusion, information security is important. Even we have the best planning or implementations, to obtain perfect information security are difficult or impossible. Information security cannot be free, there must have a process not a goal. On the others word, a complete information security will secure our information from being attacks by other malware or people ware. To maintain information security, the organization itself must responsible to do any others thing to make sure their information are secure.