Professional Documents
Culture Documents
OVERVIEW
THE INTERNET HAS CHANGED DRAMATICALLY from its origins. It has grown from a
tool used by a small number of universities and government agencies to a worldwide
network with more than 3 billion users. As it has grown, it has changed the way people
communicate and do business, bringing many opportunities and benefits.
Today the Internet continues to grow and expand in new and varied ways. It supports
innovation and new services such as IP mobility and smartphone connectivity.
When the Internet started, the majority of connected devices were solely computers,
whether for personal use or within a company. In the most recent years, however, an
increasing variety of devices beyond computers, including smartphones, appliances,
vending machines, smart homes, and smart buildings, can connect and share data.
Today, people interact with the Internet and cyberspace as part of normal day-to-day
living.
This includes
personal use
business use.
Users must now address issues of privacy data security and business data security.
personal
Business use of your Internet-connected device.
Intelligent and aggressive cybercriminals, terrorists, and scam artists lie in wait in the
shadows.
Worse, attacks on computers and networked devices are a threat to the national
economy, which depends on e-commerce. Even more important, cyber-attacks threaten
national security. For example, terrorist attackers could shut down electricity grids and
disrupt military communication.
The world needs people who understand computer security and who can protect
computers and networks from criminals and terrorists. Remember, it’s all about
securing your sensitive data. If you have sensitive data, you must protect it.
Before you learn about information security and see how important it is, you first need
to understand terms like information and security.
When you see these two words “information and security” you might wonder what type
of information is being discussed and why you would need to secure it.
The truth is that people unknowingly do many things that put their personal information
at risk and they often don’t know the impact of this mistake.
Securing information is a big challenge. This includes not only the protection of your
personal information but also of organizations that store your personal information on
their systems.
The type of information that you need to secure includes personal and organizational
data.
Personal information includes banking data like ATM card details, transaction
details, information regarding banking passwords, and other personal details.
Medical reports are also at risk of being stolen this can be in the form of
electronic reports or hard copies.
Organizational data, such as trade secrets, product designs, and customer
information, is also at risk and must be secured.
There are various ways and means to protect information. In this book, you will learn
about the various best practices.
Data
Data can be any raw fact used to make decisions. Data is defined as a group of
numbers, letters, special characters in the form of text, images, voice recordings, and
so on. For
example, the number 1034778 could be a bank account number, an enrollment number
at a university, a vehicle number, and so on. The number in this example is just raw
fact and hence it’s called data.
Information
Information is data that has been processed into a form that is meaningful to the
recipient and is of real or perceived value in current or prospective actions or decisions.
• Availability: The information is available when required. For example, if you need
some back-dated data that you saved on the cloud a few years ago, it should be
available when required.
• Accuracy: The information is correct. The decisions that you make are based on the
accuracy of the information. For example, an experienced team member estimates the
project’s timeline and your budget is allocated based on that information. If the
information is not correct, that may lead to project delays or even termination.
• Authenticity: This term refers to the originality of the information. It should not have
been altered by anyone else. For example, if you are presenting a status report to your
client, it should be authentic or original.
Confidentiality: Only those people who have access rights or are authorized can see the
information. For example, salary data is confidential, so only authorized persons should
be able to access that information.
• Integrity: Integrity refers to the completeness of the information. The information that
you save must be complete and not corrupted. For example, you save important
information to the database. When you access it, it must be retrieved the same way it
was saved.
It is important to know international standard for information security. Lets see ISO
27001
Imagine you are responsible for securing confidential data. What if this information was
stolen? What if your competitor accessed this information? In the wrong hands,
personal information can be used against you. This section explains how ISO 27001 can
safeguard your information.
The latest published version of the Information Security Management System (ISMS)
standard is BS EN ISO/IEC 27001: 2017.
• Confidentiality
• Integrity
• Availability
Confidentiality
In terms of personal information, say you want to open a new savings account at the
bank and need to invest $10,000. This information is confidential, as only the bank and
you can access it.
Integrity
Integrity refers to the consistency, accuracy, and trustworthiness of data over its entire
lifecycle. If you transfer $1001 to your friend, you want to be sure that he receives
$1001. You want to be confident that an unauthorized attacker can’t alter or manipulate
it to make it $100, or that the bank won’t make an error.
Availability
The availability of data is also very important. If the data is stored in a database, it is
very important that the business or authorized user can access it when needed. The
data should be readily available to authorized users. If the data is secured but not
available when it’s requested, this can be a big risk to the company. Say you go to the
bank to withdraw some money from your account, but the bank official tells you that
service is not available at that time. You will likely lose faith in that bank. Availability is
ensured by continuously maintaining the hardware and software. It is important to
ensure an optimal environment that is free from software conflicts. Security equipment,
such as firewalls and proxy servers, can guard against downtime and ensure protection
from denial of service (DoS) attacks.