The Concepts Of Information Security

Published Date: 02 Nov 2017

Information Security

Abstract:

Information is the most important element of an organization. Information must be protected from leaked or passed to unauthorized users. Organizations must have proper policies, procedures, and standards in place in the organization in compliance with laws and regulations. Information technology provides the information security to the data that is used in the transmission of the data or producing the new technical products. Technology was designed to protect the information from the different types of hackers and from the identity theft. The typical terms involves when dealing with information security involves IT Security and Information Assurance. Information Technology Security is information security when applied to technology while Information Assurance is the act of ensuring that data is not lost when critical issues arise for example computer or server malfunction, physical theft, or any other instance where data has the potential of being lost.

Keywords: Information, Information Technology, Information Security, Information Technology Security, Information Assurance

Introduction

Over the past decade, management of information systems security has emerged to be a challenging task. In today world, the use of information in organizations is very essential. Currently, people lived in the "information age" where people have become dependent on information and the internet as the medium of gaining and exchanging information. Many organizations today are fully dependent on information technology for survival. Information security is one of the most important concerns facing the modern organizations. Many threats can affect the information of the organizations such as the attacking of virus, malware, theft of information and so on.

There are many issues that facing by the organizations related to information security. Hacker attack is the main issue that faced by the organizations related information security. Hacker usually fake IP address of people in organization so that they will think it is sent from a location that it is not actually from. This may cause some operating systems such as Windows to crash or lock up. Other than that, the issues that are facing by the organizations is also interruption. Interruption is an attack on availability such as a denial of service attack (or DOS). The purpose of interruption is to make resources unavailable. Computer attacks such as viruses, Trojans, malware, worms and so on. These types of computer attacks can make the computer malfunction, the information susceptible, lost, and damage.

Methodology

Definitions and concepts of information security

In today’s world, the use of information is widely in the organizations. Most of the information must be protected with having the security of information. Security can be defined as the prevention of and protection against assault, damage, fire, fraud, invasion of privacy, theft, unlawful entry, and other such occurrences caused by deliberate action. Information security can be defined as the protection of data or information and its critical elements including hardware and the systems that use, store and transmits that information. Information security also deals with the terms of Information Technology Security (IT Security) and Information Assurance. The history of information security begins with the computer security. In 1970 to 1980, the ARPANET became popular and most widely used and potential for its misuse grew. Robert M."Bob" Metcalfe, who is credited with the development of the Ethernet, one of the most popular networking protocols, identified fundamental problems with ARPANET security in December 1973. Individual remote users’ sites did not have sufficient controls and safeguards to protect data from unauthorized remote users.

The core principles of information security are the CIA triad which is confidentially, integrity and availability. The concept of information security such as confidentially, is determine that information that should stay secret and only those persons authorized to access it may receive access. Confidentiality is the principle that information and information systems are only available to authorized users, that that they are only used for authorized purposes, and they are only accessed in an authorized manner. Confidentiality also determines information disclosure authority and conditions; unauthorized disclosure or use of confidential information could be harmful or prejudicial. In today’s world, where it is called as information age, access to information is very important. Information that is accessed by unauthorized persons may have devastating consequences, not only in national security applications, but also in commerce and industry. Someone that read or copied the information without the permission is known as the loss of confidentiality. Cryptography and access controls are the main mechanism of protection of confidentially in information systems. Confidentiality is necessary for maintaining the privacy of the people whose personal information a system holds. Confidentiality is very important attributes. The example of loss of confidentially is some location such as hospital, banks, or other agencies have the legal obligation to protect the privacy of individuals.

Integrity is also the core principles of information security. Insecure network can make information corrupted. The loss of integrity is when the information is modified in unexpected ways. The changes of the information should only be possible if the change is authorized.

Information Security Framework