Free Essay

Information Security

In:

Submitted By cploss
Words 1443
Pages 6
IT SECURITY All of new technologies of the modern age have changed the way the human race commutates with other human beings. Also, this feat has made the way business is conducted today very convent and easier to do. The Internet is a huge discover for mankind for the commutation barrier. With all of these new products like smartphones, tablets, and computers made this new capability for anyone in the world that can afford at least one of these products. Since this new commutation barrier is being used daily by the human race, this very much-changed the “business world”. Databases of your personal information, such as credit card numbers, social security numbers, and even your address are on the Internet somewhere. IT has proved to be a significant employer. Many people with knowledge of computers have got jobs in this field, and have successfully made a career out of it. Since it has changed the business world in such a dramatic way, Corporations need employees that have the skill to protect this values and private information. Information technology has helped one find cures for several diseases; thereby, serving mankind in plentiful ways. Many other programs have helped individuals that have visual or hearing impairment. Corporations use information in databases to run operating activities day to day. In the world we live in today information technology is only becoming more and integrated in our daily lives, as we know it. To the average human, not much is known about safety of their personal information on the World Wide Web. Since millions of people have all this information on the Internet, it’s only human nature for unethical people to find ways to access this information and do whatever with it. Many people have had their identities stolen last tons of their money. These “hackers” are very smart and have a special skill that as I stated before can be used in an unethically matter. For example, a breach can lead to identity theft and damage to financial history or credit rating. Recovering from information breaches can take years and the costs are huge. The consequences of an information breach are severe. For businesses, a breach usually entails huge financial penalties, expensive lawsuits, loss of reputation and business. This threat is a huge concern especially for corporations that do business with general public. This is why an IT security personnel needs to be a very trustworthy person because if they are only people who really have the skill to stop these hackers, who says they won’t steal and use information unethically. IT security personnel often have access to confidential data and knowledge about individuals' and companies' networks and systems that give them a great deal of power. That power can be abused, either deliberately or inadvertently. In fact, many IT professionals approach their work with a hacker's perspective: whatever you can do, you're entitled to do. Organizations have extreme amount information out there on the Internet somewhere that they don’t want an unauthorized individual to get ahold of. This is a risk that every Major Corporation faces today! Tons of pressure is on these IT security people to make sure that no unauthorized person can get classified information. Corporations such as Amazon, eBay, Google, Facebook, Apple has been the leading innovator of how information security has been improving. Millions of people use their products daily and as time as gone on, security of these websites has improved dramatically. This security protection has been a fundamental component of these corporations. Who would ever buy things off they Internet if no one were monitoring these transactions? Nobody with an educated brain would! These corporations spend millions of dollars to stopping hacking into personal information meaning they have teams of people that make a living to stop this problem! One-way corporations that deals with the general public electronically are using to stop hacking are by making everybody have a unique username and passwords. Username and passwords are basically is a tool that is used to block stealing of their information by an outside source or a hacker. This tool should make people feel more confident about putting personal information on the Internet to these businesses. The problem of Information security isn’t just with the businesses that deal with the general public, all manufactures have to deal with information electronically also has to deal with this problem. It’s not just the bank accounts and transactions amount, they also have to worry about commutation via email being protected. A lot of people have different intentions on what they want to use this information for. For example, a company could unethically hack their way into another competing companies database and try to find out classified information. This would be highly unlikely in the world of business world but is a possibility. Advances of technology have been it possible for businesses to use a more high technical security system while monitoring assets. Security cameras have been being used for quite some time now but have been key into putting many into justice for trying to steal a businesses’ asset. The first thing a police department does when investigating a crime that occurred at business is look at the security camera of the business to find an identity of the suspect. Convenient stores every-where have used this new security system to full advantage for many years now. Many companies have been turning to using retina/thumbs scanners for access to entry in certain parts of a building. Retina and thumb scanners have the capability of reading a person’s biological detail regarding their identity and if they are a permitted person to gain access in a certain area. Many of the higher positioned personnel in a business doesn’t know anything about the programming of an access entry so this is another huge way IT security is being used, also it shows why they need to pay these people well because they can access all of these classified information. Many larger corporations require access cards for employees to get in and out of their office building. With terrorist attacks always be a threat, especially in areas of high populations, larger corporations have been putting serious thought in this prospective. Granted there is only so much IT security can do to stop such a terrible act but with new ways electronically entryways a good start in making sure the permitted personnel is in the building at all times. The primary importance of information technology with regards to education is that various learning resources can be accessed. Teachers have gone as far giving exams online. Many professor at this university use programs online to give homework weekly. The information that can be accessed though the online programs can accessed at any time making doing homework even more convenient for students (as long as they have internet capabilities at their homes). Think about it, you can access a whole library of information on the learning programs from your fingertips. As for teachers, they also have the same luxury as the student as regards to grading the online homework; many programs can grade the homework for them (depending on the class). Why is information technology important? Imagine waking up to discover that your IT systems have been hacked. Your company's financial accounts have been taken. Obviously, this event would be devastating to an organization and without a good IT security system that can be real threat from a hacker. Causes of damage such as malicious code, computer hacking, and denial of service attacks have become more common, more ambitious, and increasingly sophisticated. Information security is a very serious business issue! An example of how terrible a breach can be, a recent, well publicized information breach occurred at the popular TJX clothing company during 2006-2007 years when over 45 million credit/debit cards and nearly 500,000 records containing customer names, social security and drivers license numbers were compromised. It is believed that the information had to have been compromised due to inadequate protection on their wireless networks, leaving the information exposed. The final costs of the breach are expected to run into the $100s of millions and possibly over $1 billion.
Breaches into companies’ databases are a very real thing that happens in modern time. To fully understand why information security is important, one needs to understand both the value of information and the consequences of such information getting into the wrong hands such as identify thieves. IT security systems will always a have big part of this ever growing electronically growing world.
http://www.shortinfosec.net/2011/09/five-information-security-issues-we-all.html

Similar Documents

Premium Essay

Information Security Technologies

...Research Paper: Information Security Technologies by Benjamin Tomhave November 10, 2004 Prepared for: Professor Dave Carothers EMSE 218 The George Washington University This paper or presentation is my own work. Any assistance I received in its preparation is acknowledged within the paper or presentation, in accordance with academic practice. If I used data, ideas, words, diagrams, pictures, or other information from any source, I have cited the sources fully and completely in footnotes and bibliography entries. This includes sources which I have quoted or paraphrased. Furthermore, I certify that this paper or presentation was prepared by me specifically for this class and has not been submitted, in whole or in part, to any other class in this University or elsewhere, or used for any purpose other than satisfying the requirements of this class, except that I am allowed to submit the paper or presentation to a professional publication, peer reviewed journal, or professional conference. In adding my name following the word 'Signature', I intend that this certification will have the same authority and authenticity as a document executed with my hand-written signature. Signature _____Benjamin L. Tomhave________________________ Benjamin L. Tomhave 12/7/2004 1 Research Paper: Information Security Technologies by Benjamin L. Tomhave Abstract The following research paper provides analysis of thirteen (13) information security technology topics, arranged in ten (10)...

Words: 12903 - Pages: 52

Premium Essay

Information Security

...Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...)[1] Two major aspects of information security are: • IT security: Sometimes referred to as computer security, Information Technology Security is information security applied to technology (most often some form of computer system). It is worthwhile to note that a computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory (even a calculator). IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber attacks that often attempt to breach into critical private information or gain control of the internal systems. • Information assurance: The act of ensuring that data is not lost when critical issues arise. These issues include but are not limited to: natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost. Since most information is stored on computers in our modern era, information assurance is typically dealt with by IT security specialists. One of...

Words: 768 - Pages: 4

Premium Essay

Information Security

...The definition of Information Security is defined as “the protection of data itself.” Kim and Solomon (2012) Information Systems can be a combination of information technology and the people that support operations, management, and decision-making. Information Security, is the protection of information and information systems from unauthorized access, disclosure, use, disruption, modification, inspection, recording, or destruction. The terms Information Security, Computer Security, and Information Assurance are frequently used interchangeably. Although these terms are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information, there are some subtle differences between them. The differences lie primarily in the approach to the subject, the methodologies used and the areas of concentration. Information security is focused on the confidentiality, integrity, and availability of data regardless of the form the data may take. While computer security focuses on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer. Governments, military, corporations, financial institutions, hospitals and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across...

Words: 1040 - Pages: 5

Premium Essay

Information Security

...implementing the information security management standards, plus potential metrics for measuring and reporting the status of information security, both referenced against the ISO/IEC standards. Scope This guidance covers all 39 control objectives listed in sections 5 through 15 of ISO/IEC 27002 plus, for completeness, the preceding section 4 on risk assessment and treatment.  Purpose This document is meant to help others who are implementing or planning to implement the ISO/IEC information security management standards.  Like the ISO/IEC standards, it is generic and needs to be tailored to your specific requirements. Copyright This work is copyright © 2010, ISO27k Forum, some rights reserved.  It is licensed under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.  You are welcome to reproduce, circulate, use and create derivative works from this provided that (a) it is not sold or incorporated into a commercial product, (b) it is properly attributed to the ISO27k Forum at www.ISO27001security.com, and (c) derivative works are shared under the same terms as this. Ref. | Subject | Implementation tips | Potential metrics | 4. Risk assessment and treatment | 4.1 | Assessing security risks | Can use any information security risk management method, with a preference for documented, structured and generally accepted methods such as OCTAVE, MEHARI, ISO TR 13335 or BS 7799 Part 3. See ISO/IEC 27005 for general advice. | Information security risk management...

Words: 4537 - Pages: 19

Premium Essay

Information Security

...Information Security August 10, 2012 One of the biggest issues in the Information Technology field these days is information security. Today almost anything can be found on the internet. Even like how to videos on how to put in a window, break-into a house, or even hack computers. The digital age has many perks but it also has many down falls to it as well. The perks that we enjoy so much from the internet also leaves us open to identity theft and company information theft. This gives Information Technology professionals a lot to think about when they consider Information Technology. One of the biggest threats facing the IT industries today is the end users non-malicious security violations that leave companies vulnerable to attack. In a recent Computer Security Institute survey, 41 percent of the participating U.S organizations reported security incidents. (Guo, 2012 p. 203-236) Also according to the same survey it was found that 14 percent of the respondents stated that nearly all of their company’s loses and or breaches were do to non-malicious and or careless behavior by the end users. (Guo, 2012 p. 203-236) Some of the end users behaviors that help these threats along were the peer-to-peer file-sharing software installed by the end user that might compromise company computers. Some other examples of security being compromised by end users would be people that use sticky notes to write there passwords down and leave them where other people can see them...

Words: 1422 - Pages: 6

Premium Essay

Information Security

...production from the worm outbreak last month, and they directed us to improve the security of our technology. Gladys says you can help me understand what we need to do about it.” “To start with,” Charlie said, “instead of setting up a computer security solution, we need to develop an information security program. We need a thorough review of our policies and practices, and we need to establish an ongoing risk management program. There are some other things that are part of the process as well, but these would be a good start.” “Sounds expensive,” said Fred. Charlie looked at Gladys, then answered, “Well, there will be some extra expenses for specific controls and software tools, and we may have to slow down our product development projects a bit, but the program will be more of a change in our attitude about security than a spending spree. I don’t have accurate estimates yet, but you can be sure we’ll put cost-benefit worksheets in front of you before we spend any money.” Fred thought about this for a few seconds. “OK. What’s our next step?” Gladys answered, “First, we need to initiate a project plan to develop our new information security program. We’ll use our usual systems development and project management approach. There are a few differences, but we can easily adapt our current models. We’ll need to appoint or hire a person to be responsible for information security.” The Need for Security Our bad neighbor makes us early stirrers, Which is both healthful and good husbandry...

Words: 24411 - Pages: 98

Premium Essay

Information Security

...Information security means protecting information and information systems from unauthorized access, use, disclosure, modification or destruction. Since the early days of writing, heads of state and military commanders understood that it was necessary to provide some mechanism to protect the confidentiality of written correspondence and to have some means of detecting tampering. For over twenty years, information security has held confidentiality, integrity and availability as the core principles of information security. Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds. In information security, integrity means that data cannot be modified without authorization. When Management chooses to mitigate a risk, they will do so by implementing one or more of three different types of controls. Administrative controls form the framework for running the business and managing people. Logical controls (also called technical controls) use software and data to monitor and control access to information and computing systems. Physical controls monitor and control the environment of the work place and computing facilities. Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called encryption ...

Words: 4064 - Pages: 17

Premium Essay

Information Security

...The Importance of Information Systems Security Mario M. Brooks Webster University SECR 5080 – Information Systems Security November 17, 2012 Abstract Information System Security is critical to the protection of vital information against unauthorized disclosure for legal and competitive reasons. All critical information must be protected against accidental and deliberate modification. The establishment and maintenance of documents that have been created, sent, and received will be the cornerstone of all financial establishments in modern society. Poor security practices and weak security policies lead to damages to systems. Criminal or civil proceedings can be the result if the perpetuators are caught and if third parties are harmed via those compromised systems. In this paper, Information System will be defined. The paper will also discuss the lapses, vulnerabilities, and the various ways of improving the system. It is very important that the make-up of Information Systems Security and their capabilities are understood. Information Systems can be a combination of information technology and the people that support operations, management, and decision-making. Information Security, is the protection of information and information systems from unauthorized access, disclosure, use, disruption, modification, inspection, recording, or destruction. The terms Information Security, Computer Security, and Information Assurance are frequently used interchangeably...

Words: 1133 - Pages: 5

Premium Essay

Information Security

...Assessment Information Management Dovile Vebraite B00044098 Department of Business School of Business & Humanities Institute of Technology, Blanchardstown Dublin 15. Higher Certificate of Business Information Management 20/08/2014 Contents What is Information Security? ........................................................................ 3 What are the Goals of Information Systems Security? ….……………………………. 4 How big is the Security Problem? ………………………………………………………………. 5 Information Security Threats ……………………………………………………………………… 6 How to Secure the Information Systems? ………………………………………………….. 7 Conclusion …………………………………………………………………………………………………. 8 Bibliography ………………………………………………………………………………………………. 9 What is information security? ‘’Information security, to protect the confidentiality, integrity and availability of information assets, whether in storage, processing or transmission. It is achieved via the application of policy, education, training and awareness, and technology.’’ (Whitman, Mattord, 2011). Information security is the protection of information and information systems from unauthorised access, modification, disruption, destruction, disclosure, or use. In other words it handles the risk management. The definition of information security is based on the concept that if there is a loss of CIA (confidentiality, integrity and availability) of information, then the person or business will suffer harm. What are the goals of information systems...

Words: 1543 - Pages: 7

Premium Essay

Information Security

...Why Information Security is Hard – An Economic Perspective Ross Anderson University of Cambridge Computer Laboratory, JJ Thomson Avenue, Cambridge CB3 0FD, UK Ross.Anderson@cl.cam.ac.uk Abstract According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. In this note, I put forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons. risk of forged signatures from the bank that relies on the signature (and that built the system) to the person alleged to have made the signature. Common Criteria evaluations are not made by the relying party, as Orange Book evaluations were, but by a commercial facility paid by the vendor. In general, where the party who is in a position to protect a system is not the party who would suffer the results of security failure, then problems may be expected. A different kind of incentive failure surfaced in early 2000, with distributed denial of service attacks against a number of high-profile web sites. These exploit a number...

Words: 5786 - Pages: 24

Premium Essay

Information Security

...Human differences Human beings are prone to certain characteristics that tend to affect their relation to information security. Information security refers to the ability of an individual to ensure that information is free from any kind of access by unwarranted individuals. There are several human inadequacies that affect the level of information security. However, this discussion is going to concentrate on three major human characteristics that affect information security. These include: acts of omission, acts of commission and acts of sequence. These three acts are important in to information security because they are not related to distortion of information but they increase the challenges in regard to making information secure. Information security involves the ability of an individual to access certain preserved information with ease. Information security does not involve distortion of information. These reasons make these three acts to be a concern to stakeholders within the information security sector. These three acts have distinct influence on the level of security in regard to information. Parsons et.al (2010) argues that acts of omission involve the inability to execute important activities when dealing with information. There are certain requirements in the field of information that require constant activities. For example, it is recommended that one should change his passwords regularly to reduce cases of illegal access by unwarranted individuals (Parsons et.al...

Words: 974 - Pages: 4

Premium Essay

Information Security

...Attack On Government Computers Computer Security Attack on Government Computers The emergence of computers has augmented information storage in various sectors. Information System (IS) refers to an assembly of computers that aids to collate, stockpile, process, and commune information. The government is one of the principal entities that utilize IS to ensure safety of the country’s information. However, the storage systems normally face attacks by some outer entities. The aim of such hackings ranges from access to confidential information to attacks. Some of the remarkable attackers encompass rival states, revolutionaries, criminals, as well as illegal insiders (Rainer Jr & Cegielski, 2009)The software and information engineers have the required expertise to safeguard the systems thus evading and countering the attacks. The US government has faced myriads of attacks, especially the security information. It is imperative to assert that the notable attacks arise from the terrorists who target the government and other critical points within US. Records show that cyber attacks on federal computer networks increased 40 percent last year, and that figure is likely low as it reflects only the reported attacks. Based on data provided to USA Today by US-CERT, unauthorized access to government computers and installations of hostile programs rose from a combined 3,928 incidents in 2007 to 5,488 in 2008. (Government, 2008) According to Brad Curran, Frost & Sullivan...

Words: 540 - Pages: 3

Premium Essay

Management of Information Security

...Review Questions for Chapter 7 – Security Management Practices Read Chapter 7 in the text, Study the Power Point Presentation and answer these Review Questions 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. What is benchmarking? What is the standard of due care? How does it relate to due diligence? What is a recommended security practice? What is a good source for finding such best practices? What is a gold standard in information security practices? Where can you find published criteria for it? When selecting recommended practices, what criteria should you use? When choosing recommended practices, what limitations should you keep in mind? What is baselining? How does it differ from benchmarking? What are the NIST-recommended documents that support the process of baselining? What is a performance measure in the context of information security management? What types of measures are used for information security management measurement programs? According to Dr. Kovacich, what are the critical questions to be kept in mind when developing a measurements program? What factors are critical to the success of an information security performance program? What is a performance target, and how is it used in establishing a measurement program? Answer: Performance targets are values assigned to specific metrics that indicate acceptable levels of performance. They make it possible to define success in the security program. 14. 15. List and describe the fields found in a properly and fully...

Words: 1387 - Pages: 6

Premium Essay

Information Security Policy

... Information Security Policy Student Name: Brice Washington Axia College IT/244 Intro to IT Security Instructor’s Name: Professor Smith Date: 11/7/2011 Table of Contents 1. Executive Summary 1 2. Introduction 1 3. Disaster Recovery Plan 1 3.1. Key elements of the Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. With advancements in technology there is a need to constantly protect one’s investments and assets. This is true for any aspect of life. Bloom Design is growing and with that growth we must always be sure to stay on top of protecting ourselves with proper security. For Bloom Design...

Words: 4226 - Pages: 17

Premium Essay

Information Security

...Computer Security Anyone would agree that private information needs to remain private. To keep any information secured takes a lot of time and effort. In order to make sure the information will be kept private the information itself has to satisfy certain properties in order to make sure the information is kept secured. “Confidentiality, integrity and availability have been considered the three core principles of information security for more than two decades. They are commonly referred to as the CIA triad” (Cyber Secure Online, 2013). When designing security controls you will definitely be addressing one or more of these core principles. Even though these principles were considered core security professionals realized that the focus cannot solely be on these three principles alone. The CIA triad was expanded by adding an additional four principles that have enhanced and would now have a more sufficient in protecting confidential information. Listed here are the seven principles of the Expanded CIA triad: Confidentiality, Integrity, Availability, Possession, Authenticity, Utility, and Accuracy. As stated above many of the security professionals did not want all concentration to be on the original three, so it made sense to expand. This will ensure that the information that needs to be protected is protected thoroughly. “Each time an information technology team installs a software application or computer server, analyzes an data transport method, creates a database...

Words: 453 - Pages: 2