INTRODUCTION TO INFORMATION SECURITY
INTRODUCTION TO INFORMATION SECURITY
Two hundred years ago, you probably would have made a living in agriculture. One hundred years ago, you most likely would have worked in a factory. Today, we live in the Information Age and almost everyone has a job somehow connected to information stored in digital form on a network. During the agricultural age, crops and the tools to produce them was the most important asset. During the industrial age, manufactured goods and the factories that produced them was the most important asset. Today, information is a key asset of almost every organization and individual! Once spying was person against person, country against country.
Today, spies sit on fiber-optic cables and our Wi-Fi networks. They steal data and information without breaking any glass. Keeping data confidential is one core mission of information security (think identity theft!). Wrong information is worse than no information. When users of information lose confidence that the information is accurate, they‘ll never rely on it. Have you ever tried to fix an inaccurate credit report? It‘s not easy! Maintaining data integrity is also a core mission of information security.
Information security doesn‘t mean locking everything down. If people don‘t have the information they need, they can‘t do their jobs. Information security professionals must be able to balance access to information and the risk of damage. A third core mission of Information Security is making information available when needed.
Information is an asset which, like other important business assets and personal attributes, has value to an organization and an individual in absolute sense, thence it consequently needs to be suitably protected and security is the protection of information assets through the use of technology, processes, and training and information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
“The concepts, techniques, technical measures, and administrative measures used to protect information assets from deliberate or inadvertent unauthorized acquisition, damage, disclosure,
manipulation, modification, loss, or use is information Security.”
Information Security protects information from a wide range of threats in order to ensure business continuity, minimize business losses and maximize return on investments and business opportunities. It also protects privacy of an individual. Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films, or spoken in conversation. Whatever form the information takes, whatever the means by which it is shared or stored, it should always be appropriately protected. It is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of the organization are met. This should be done in conjunction with other business management processes.
IT Security encompasses data stored in digital fashion (electronic format), trade secrets, know-how, intellectual property rights, historical data, information on data access, policies and procedures laid down, compliance & standards established within the organization, plans and budgets, financial & management data, brochures, images, logo and designs, employee information and so on and so forth. It includes the organization’s policy on Internet Security, Enterprise Data Security, etc. To put it in other words, it looks at protecting / safeguarding information and information systems from anyone including employees, consultants, suppliers, customers and of course, malicious hackers, the protection of hardware, software and a network of an organization, from the perils of disaster and external attacks (through virus, hacking, etc.,).