All About Information Security
Technology-driven modern society is highly dependent on information. Confidential information must be kept and cannot be changed, altered or transferred without permission. Information security is protecting that information or data from unauthorized access, disruption, modification, or destruction of information. The Scope of information security is vast, from tiny chips to massive server farms, local private networks to public networks like the entire Internet, and Hardware, Software applications, Operating Systems, Database, and Networks. Computer security is itself which is the operational structure of an organization.
To determine what to protect requires that we first identify WHAT has value and to WHOM assets are allocated:
- Computer Components
- Network and communication channels
- Mobile Devices
- Operating Systems
- Off the shelf programs and apps
- Custom or customized programs and applications
Threats and vulnerabilities of information security
In Information Security threats there are many threats like theft of intellectual property, identity theft, theft of equipment, information extortion and software attacks, and identity theft. Securing information is equivalent to ensuring that computers keep your secrets, hold valid information, are ready to work when you are, and keep records of your transactions.
A major goal of Information security as a discipline and as a profession is to protect valuable assets. To study methods of assets protection, we use vulnerability-threat-control framework:
- A weakness in the system
- Vulnerabilities can be exploited to cause loss or harm
- A human who exploits a vulnerability is perpetrating an attack on the system.
An action, device, procedure or technique that eliminates or reduces vulnerability. Its also called countermeasure.
- A set of circumstances that has the potential to cause loss or harm Control:
Objectives of Information Security:
Information Security programs are built around 3 objectives, commonly known as CIA – Confidentiality, Integrity, Availability. Threats can apply to Confidentiality, Integrity or Availability which is commonly known as C-I-A of a system. To safeguard each system and to ensure that the following security objectives can be applied:
Confidentiality:It is difficult to ensure and easiest to assess in terms of success. The ability of a system to ensure that assets are viewable only by authorized parties.
Integrity: The ability of a system to ensure that assets are modifiable only by authorized parties.
Apart from C-I-A, authentication, nonrepudiation, and auditability are also desirable system properties.
Harmful acts are caused by various categories of attackers such as :
- Authentication: The ability of a system to confirm the identity of a sender.
- Nonrepudiation: The ability of a system to confirm that a sender cannot convincingly deny having sent a message.
- Auditability: The ability of a system to trace all actions related to a given asset.
Hackers- They are generally non-malicious in nature.
Crackers- They are termed as malicious and breaks into someone else's computer system or often on a network, passwords or licenses in computer programs. They generally conduct this for profit or for some altruistic purpose or cause.
Organized Crime Syndicates- Causing crime across the globe.
Cyber Terrorists State- Supported spies and information warriors
Several harmful acts are enlisted below:
Data theft is an act of illegal access to computer-based information from an unknown victim to compromise privacy and obtain confidential information. It is an increasing issue for individual computer users, as well as big corporate firms. Each of these 4 above acts can cause harm to a system by affecting its ability.