StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Primary Objectives of Information Security - Coursework Example

Cite this document
Summary
This coursework "The Primary Objectives of Information Security" focuses on the objectives of the protection of information from a wide variety of threats, such as, getting accessed by unauthorized persons, disclosed, sold or destroyed, without the consent of the owner of the information. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.8% of users find it useful
The Primary Objectives of Information Security
Read Text Preview

Extract of sample "The Primary Objectives of Information Security"

Information Security Introduction Information security is the protection of information from a wide variety of threats, such as, getting accessed byunauthorized persons, disclosed, sold or destroyed, without the consent of the owner of the information (Whitman & Mattord, 2011, p.399). Thus, the primary objectives of information security are to ensure the privacy, reliability and accessibility of information. Information security is becoming one of the most important concerns in almost every profession and every field of life. Information security is a business issue, not just a technology issue. Sensitive information about the consumers and employees, finances, inventories, payments, research work, is being maintained by governments, organizations, companies, banks, armed forces, healthcare sectors, so on and so forth. This corporate information is the most crucial asset of a company and is at stake if proper measures are not taken to deter the security attacks. The information may have been stored in any form. For example, it may be in printed form; stored in files and documents; saved on the computers’ hard disks; shown on video tapes; and, transmitted by post, email or any other physical or electronic means. Organizations very rightly plan to invest in information security so as to protect themselves against competitive disadvantage and criminal access to the confidential information (Layton 2006). Companies and corporations need to secure their information shared with their consumers to cope up with delicate and sensitive business environment. A company’s sensitive information is at stake more due to illiteracy of the authorized staff, which handles the information, regarding information security. The secret business data can always be disclosed, altered and misused due to information security illiteracy. Designing an Information Security Policy Designing an information security policy is the first and the foremost step towards the implementation of information security (Peltier, 2004). It is vital for a company or an organization to design and implement a security policy regarding the protection of information before starting sensitive projects. Danchev (2003, p. 3) states that: The first step towards enhancing a companys security is the introduction of a precise yet enforceable security policy, informing staff on the various aspects of their responsibilities, general use of company resources and explaining how sensitive information must be handled. The policy will also describe in detail the meaning of acceptable use, as well as listing prohibited activities. A security policy acts as a centralized crucial document that will help in eliminating the risk of security breaches by securing the confidential information stores from getting disclosed to unauthorized persons. It defines the importance of a company’s information assets and lays out guidelines how these assets are to be secured. Danchev (2003) says that a well developed security policy must tell how the sensitive information is going to be handled; what methods should be followed to protects important IDs and passwords along with other accounting data; what steps must be followed in case of intrusion or a physical security threat; how to use the Internet and networks in a safer way; and, how to use the email system without becoming a victim to malicious attacks. Information Security at Physical Level Information security at physical level is defined as a blockade placed about a computing system using secured operating systems and other protective measures to prevent unauthorized access to the information stored on it. This kind of information security whose main objective is to secure the information saved in computer systems can also be referred to as computer security or cyber security or logical security, in which information is protected by operating systems and special softwares from unauthorized access. Moreover, the physical security of hardware has to be made sure along with the guarantee that the servers are running smoothly and have internet access. The computer systems today, thanks to the precious information stored on them, have become more prone than ever before to physical attacks like data theft, copying and selling of information, hacking and viruses. If such an attack occurs, the enemy easily gets access to the information stored on the computer system. He can use different methods to access this information like he can remove the hard disk of the target computer system and then later own run it on his own system, or he can use techniques to start the system with no passwords, or he can steal the information by copying it on disks, or he can damage the whole system by running files on it that contain viruses, or he can steal the whole system, be it a desktop, laptop or a PDA (personal digital assistance). Information Security Threats “A threat is defined as an event (for example, a tornado, theft, virus infection), the occurrence of which can have an undesirable impact on the well-being of an asset” (Kallhoff, 2007, p.1). In the field of computers, internet and networking, the information security threats are categorized as computer and network security threats, environmental threats, electrical threats, political threats and maintenance threats. Some of the major computer information security threats include theft, fraud, backdoor, DoS (Denial of Service) attacks, data flood, malicious code, document grinding, and enumeration. Frauds, like gaining access to computers that control access to important resources as inventory systems and financial accounts, are more likely to be attempted by authorized persons who are also referred to as insiders and the situation is called employee sabotage. Bogue (2003) states that, “Sometimes those who are gaining access to a system are not cyberterrorists; theyre just curious employees who want to learn more about the systems or perhaps play with some settings to see if they can allow themselves a greater ability to control their PCs.” Network security threats include malware, anti-DNS pinning, banner grabbing, backjacking, hacking, land attack, blue boxing, domain hijacking, and the list continues. Environmental threats include fire, windstorms, rainstorms, snowstorms, torrents, tornados, lightning, roof leaks, very high or very low temperature, heavy dust, earthquakes and moisture which can harm the computer system or network at a very high level thus posing threat to the information saved on it. Electrical threats include sudden surges or spikes in the power supply or voltage, congested electrical outlets, blackout (power loss or electricity failure) and brownout (inadequate voltage supply). Political threats are also there from which the organization, system and the information have to be secured. Approaches to Deter Information Security Attacks Physical Security of Hardware The first and foremost thing is that the system which contains sensitive and crucial information should be kept away from public place (Vacca, 2012, p.931). You need to make sure that the enemy does not get access to the computer system (routers, control boards, servers, electronic components) as stealing of information comes at the next stage. Use the ‘lock everything’ approach. Physical security may start from as little a thing as locking the doors and windows and using security systems like burglar alarms and security cameras with automatic log footage, and end at as complex a method as securing the whole network. One must look for devices that lock the computer cases to desks and lock the disk drives and the CPU as well. The system must be password protected. The BIOS of the system must be configured so that it does not boot from a floppy drive being used by the intruder. Though, laptops and PDAs are much common in use nowadays, they are also prone to theft because of their size and portability. It is very important to ensure the security of these handy systems and the information they contain. If this information includes sensitive business information, then it should be ensured that unauthorized persons to not get the grant of access. This way, if the system gets stolen, the information will remain secure. Moreover, it would be a matter of common sense to keep the portable system like a laptop or a PDA along wherever one goes or lock it using cable-type security locks. An important technique is to make backups of files containing important data. This way, one will always have a copy of the information that is lost. Doing so also helps in identifying the crucial information that will be at threat and thus one can carry out necessary steps to restore the information to a certain level. Physical Security of Networks In a network, those computers must be physically secured that hold sensitive information and network passwords on them (Engebretson, 2007, p.154). These may be kept in a separate room that is physically secured away from public. All sensitive servers and networks should be secured from the enemy by means of firewalls, code encryption and decryption (cryptography) and intrusion detection system because if the server has been physically accessed, then it is very easy to reboot it and gain access to its hard drives. Conclusion Information security has become the most important consideration in nearly every field of life. Businesses, organizations, firms, healthcare centers, financial corporations and military are always implementing newer ways that would help in securing the sensitive information saved on their hard copy documents and electronic means. As technology is more and more being incorporated into almost every profession, the need for information security is also arising with every passing day. Whether it is a child communicating with his friends over the internet or it is a business corporate sharing his confidential information through online collaboration tools, the security of information being exchanged must be ensured, so that it does not get into wrong hands to get disclosed, misused or sold without the consumer’s consent. References Bogue, R.L. (2003). What is physical security? Lock IT Down: Dont Overlook Physical Security On Your Network. Retrieved March 8, 2014, from http://www.techrepublic.com/article/lock-it-down-dont-overlook-physical-security-on-your-network/#. Danchev, D. (2003). Building and implementing a successful information security policy. WindowSecurity.com. Retrieved March 9, 2014, from http://www.windowsecurity.com/pages/security-policy.pdf Engebretson, D.J. (2007). Guide to Networking for Physical Security Systems. New York, NY: Security Networking Institute. Kallhoff, J. (2007). Physical security threats. Global Information Assurance Certification. Retrieved March 7, 2014, from https://www.giac.org/cissp-papers/287.pdf Layton, T. (2006). Information Security: Design, Implementation, Measurement and Compliance. New York, NY: CRC Press. Peltier, T.R. (2004). Information Security Policies and Procedures. Florida, CRC Press. Vacca, J.R. (2012). Computer and Information Security Handbook. New York, NY: Newnes. Whitman, M., & Mattord, H. (2011). Principles of Information Security. Boston: Cengage Learning. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(The Primary Objectives of Information Security Coursework Example | Topics and Well Written Essays - 1500 words, n.d.)
The Primary Objectives of Information Security Coursework Example | Topics and Well Written Essays - 1500 words. https://studentshare.org/information-technology/1813098-informationsecurity
(The Primary Objectives of Information Security Coursework Example | Topics and Well Written Essays - 1500 Words)
The Primary Objectives of Information Security Coursework Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/information-technology/1813098-informationsecurity.
“The Primary Objectives of Information Security Coursework Example | Topics and Well Written Essays - 1500 Words”. https://studentshare.org/information-technology/1813098-informationsecurity.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Primary Objectives of Information Security

Information Security in Supply Chain Security

Acknowledgement of the importance of information security must come with the acceptance of the fact that there are several problems that challenge the safety and security of information that are exchanged across the supply chains.... Ever since the supply chains have become technology dependent, the security aspect has faced significant impact from the ‘information security' aspect.... However, this ‘information security' aspect in the supply chain security is not as greatly investigated as the other areas are....
4 Pages (1000 words) Research Proposal

Network Security

The moment any form of computer device becomes network capable or dependent of some form of network function, there is a given need for protection to safeguard the flow of information to and from the said device on a given network whether public or private or from a trusted to non-trusted source.... The Internet has become a staple of the business world today It is because of this that a company should remain continually up to date with the latest security measures....
3 Pages (750 words) Case Study

Investigation into Uptake of COBIT Corporate Governance Auditing Methodology

with Your Name, Supervisors Name, University Name, Module code, Module title, Module Leader, Your Name, SID Number, etc.... (whichever applicable)> As an outcome of the analysis of the world famous Enron and… derson Scandal in late 2001, the US Government introduced Sarbanes Oxley Act 2002 that enforced a number of enhancements in the methodology of Corporate Governance and also ensured better accountability of auditors in control of corporate frauds....
5 Pages (1250 words) Essay

Security in E-Business

That is why concern for information security is a must for all small and big e-business organizations.... e-business enterprisers should conduct evaluation processes on their technological capabilities including multiple areas (“Approach to e-business security”, 2007), Core authentication and authorization functions Security policy setting Support for existing enterprise software Manageability Scalability and reliability Privacy Software quality Above all, protection of information or data focuses on three core elements as pointed out in E-business guide (“Protecting”, 2008) Confidentiality: Assuring sensitive data is disclosed only to authorized individuals....
1 Pages (250 words) Essay

Information Security Proposal

Also the privacy issues of the… Being mobile phone users it is essential for us to understand how the company deals with the information security and the measures that are in place for the IT disaster recovery plan as information security Proposal Aim and Objectives of Project: To identify the issue faced by mobile phone network providers in regards to the privacy issues and the network downtime issues.... Justification of the Project:information security issues within firms are many....
2 Pages (500 words) Essay

Information securtiy

Thus, The Primary Objectives of Information Security are to ensure the privacy, reliability and accessibility of information.... Legislatures like Canadian Law and HIPAA have been Some lines have dedicated to explain the ISO/IEC 17799:2005 standard of information security policy.... First part deals with a general discussion about information security.... An introduction is given as to what information security… Then, the importance of designing an information security policy has been discussed....
12 Pages (3000 words) Essay

Cyber Security as the Process of Different Security Measures

This essay analyzes that Cyber security refers to the process of applying different security measures to foster integrity, confidentiality, and accessibility of data.... Cyber security ensures the protection of assets of an organization, including servers, data, buildings, humans, and desktops.... hellip; This essay discusses that national security, economic vitality, and daily life of individuals vastly depend on safe, resilient, and stable cyberspace....
6 Pages (1500 words) Essay

Current Trends in Information Security

hellip; The Primary Objectives of Information Security are; integrity, confidentiality, and availability.... The paper "Current Trends in information security" examines the significant current threats to information security and the most important controls that WebCenter should be considered as a priority to mitigate the risks of these threats being realized.... Current threats to information security ... he two major threats to information security include; phishing and hackingPhishingPhishing, also known as “carding” or “brand spoofing,” refers to a form of social engineering where an attacker, known as a phisher, deceptively retrieves data of a legitimate user's confidential information by copying electronic communications from an organization in an automated manner (Shi and Saleem 2012)....
8 Pages (2000 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us