See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/330778559

INFORMATION SECURITY

Conference Paper · January 2019

CITATION READS

1 3,658

2 authors:

Yogesh P. Surwade Hitendra J Patil

Dr. Babasaheb Ambedkar Marathwada University Institute of Chemical Technology, Mumbai
32 PUBLICATIONS 40 CITATIONS 15 PUBLICATIONS 22 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Yogesh P. Surwade on 01 February 2019.

The user has requested enhancement of the downloaded file.

 INFORMATION SECURITY
Yogesh P. Surwade* Dr. Hitendra J. Patil **

* Jr. Library Assistant,

Abstract: - With the development of the network and information
Knowledge Resource Centre,
Dr. Babasaheb Ambedkar technology, Information security has become the key of information
Marathwada University,
technology in 21st Century. Today we are living in “Information world”.
Aurangabad, Maharashtra,
India. Information is present in everywhere. Information is so important for us. If
we want to handling and doing any work we always want to up-dated
* Librarian,
SVKM's Institute of ourselves according to the current and updated information. If we are in
Pharmacy,
education world or business world or any other type of working world then
Dhule, Maharashtra,
Maharashtra, India. we all want the required information in a less wasting time and the second
thing of required information is its “Security”. It is giving an overview of
QR Code
Information security, like when we are giving or taking any information from
one place to another then we must know this that how much of required
information is secure or insecure. So first of all we have to check that the
information is not wrong and the information is totally secure.
Keywords: Information, Security, Information security, Information
protection, Information safety, CIA Triad.

Information: Information is a valuable collective ways and processes by which

asset. Information includes both in electronic and
physical forms such as paper, electronic, video,
audio, voice or knowledge.
Security: A number of computing
researchers and practitioners have attempted to
define security in various ways. Here are some
definitions that researcher thinks are generic
enough to stand the test of time. Security based on
computer system security perspective is a branch
of technology known as Information Security as
applied to computers and networks. It refers to the
information, property and services are protected
from theft, corruption or natural disaster, while
allowing them to remain accessible and
productive to its intended users (Wikipedia,
2010).
Security is “The quality or state of being
secure that is to be free from danger.” It means to
be protected from adversaries from those who
would do harm, intentionally or otherwise. A
popular organization should have the following

! "#" # $ % " # # & "' ( ) *# + , *" # - ! "#". # - " #

# * / ,# *#". 01 &# 2 34
multiple layers of security in place for the important characteristics of information that
protection of its operations. determine its value to an organization:
Physical Security: To protect the physical
the scarcity of the information outside the
items, objects, or areas of an organization
organization;
from unauthorized, access and misuse.
the share ability of the information within
Personal Security: To protect the
the organization, or some part of it.
individual or group of individuals who are
authorized to access the organization and
Simplifying somewhat, these
its operations.
characteristics state that information is only
Operations Security: To protect the details
valuable if it provides advantage or utility to those
of a particular operation or series of
who have it, compared with those who don't. Thus
activities.
the value of any piece of information relates to its
Communications Security: To protect an
levels of share ability and scarcity. The aim of
organization’s communications media,
information security is to preserve the value of
technology, and content.
information by ensuring that these levels are
Network Security: To protect networking
correctly identified and preserved. Threats to
components, connections, and contents.
information influence the organization's ability to
Information Security: To protect of
share it within, or to preserve its scarcity outside.
information and its critical elements,
And threats that are carried out can cost millions
including the systems and hardware.
in compensation and reputation, and may even
jeopardize an institution's ability to survive.
What is the Information Security?
Information security means protecting History of Information Security: The
information (data) and information systems from need for computer security or to secure the
unconstitutional access, use, disclosure, physical place of hardware from outside threats,
disruption, modification, or destruction. began almost immediately after the first
Information security defends information (and the mainframes were developed. Groups developing
facilities and systems that store, use and transmit code-breaking computations during World War II
it) from a wide range of threats, in order to created the first modern computer. Symbols, keys,
preserve its value to an organization. This and facial recognition of authorized personnel
definition of information security is adapted from controlled access to sensitive military locations. In
that of the American National Security contrast, information security during these early
Telecommunications and Information Systems years was elementary and mainly composed of
Security Committee (NSTISSC). There are two simple document classification schemes. There

“Knowledge Librarian” An International Peer Reviewed Bilingual E-Journal of Library and Information Science
Special Issue, January 2019 &# 2 3
were no application classification jobs for created a new operating system called UNIX.
computers or operating systems at this time, While the MULTICS system had planned security
because the primary threats to security were with multiple security levels, and passwords, the
physical theft of equipment, espionage against the UNIX system did not. In the late 1970s the
products of the systems, and sabotage. microprocessor brought in a new age of
computing capabilities and security threats as
The 1960s: During the 1960s, the Department of these microprocessors were networked.
Defense’s Advanced Research Procurement
Agency (ARPA) began examining the feasibility Definition of Information Security:
of a redundant networked communications system According to Merriam-Webster Dictionary,
designed to support the military’s need to security in general is the quality or state of being
exchange information. Larry Roberts, known as secure, that is, to be free from harm. According to
the Founder of the Internet, developed the project Oxford Students Dictionary Advanced, in a more
from its inception. operational sense, security is also taken steps to
ensure the security of the country, people, things
The 1970s and 80s: During the next decade, the of value, etc. Schneier (2003) consider that
ARPANET grew in popularity and use, and so did security is about preventing adverse consequences
its potential for misuse. In December of 1973, from the intentional and unwarranted actions of
Robert M. Metcalfe, indicated that there were others. Therefore, the objective of security is to
fundamental problems with ARPANET security. build protection against the enemies of those who
Individual remote users’ sites did not have would do damage, intentional or otherwise.
sufficient controls and safeguards to protect data According to Whitman and Mattord (2005),
against unauthorized remote users. There were no information security is the protection of
safety procedures for dial-up connections to the information and its critical elements, including the
ARPANET. User identification and authorization systems and hardware that use, store and transmit
to the system were nonexistent. Phone numbers that information. Information security is the
were widely distributed and openly publicized on collection of technologies, standards, policies and
the walls of rest rooms and phone booths, giving management practices that are applied to
hackers easy access to ARPANET. Much of the information to keep it secure.
focus for research on computer security centered
on a system called MULTICS (Multiplexed The information security performs four
Information and Computing Service). In mid- important functions for an organization which is
1969, not long after the restructuring of the enables the safe operation of application
MULTICS project, several of the key players implemented on the organization’s Information

“Knowledge Librarian” An International Peer Reviewed Bilingual E-Journal of Library and Information Science
Special Issue, January 2019 &# 2 50
Technology (IT) systems, protect the data the
organizations collects and use, safeguards the
technology assets in use at the organization and
lastly is protect the organization’s ability to
function. The information security also enables
the safe operation of application implemented on
the organization’s Information Technology (IT)
systems. This is because to protect the data, the
organization will applied or install the appropriate
software that will secure the data such as antivirus Figure

and others protected applications. So, information Classical CIA triad of Information Security

security is very important in an organization to Confidentially:

protect the applications that implemented in

Ensures that the essential level of secrecy
organizations and protect the data store in
is enforced at each junction of data processing and
computer as well. Besides protect the data, the
prevents unauthorized disclosure. The level of
application installed also need to be protect
secrecy should prevail while data resides on
because it can contribute to information lost or
systems and devices within the network, as it is
damages.
transmitted and once it reaches its destination.
Core Information Security Principles:
Threat Sources:
The three fundamental principles of security are
availability, integrity, and confidentiality and are
• Network Monitoring
commonly referred to as CIA(Central Intelligence
• Shoulder Surfing- monitoring key
Agency) or AIC triad which also from the main
strokes or screen
objective of any security program. The level of
• Stealing password files
security required to realize these principles differs
• Social Engineering- one person posing
per company, because each has its own unique
as the actual
combination of business and security goals and
requirements. All security panels, mechanisms, Countermeasures:
and safeguards are implemented to provide one or
more of these principles. All hazards, threats, and • Encrypting data as it is stored and
vulnerabilities are measured for their potential transmitted.
capability to compromise one or all of the AIC • By using network padding.
principles. • Implementing strict access control
mechanisms and data classification.

“Knowledge Librarian” An International Peer Reviewed Bilingual E-Journal of Library and Information Science
Special Issue, January 2019 &# 2 51
• Training personnel on proper procedures. • Use of certain firewall and router
Integrity: Integrity of data is protected when configurations.
the assurance of accuracy and reliability of
information and system is provided, and
unauthorized modification is prevented.

Threat Source:

• Viruses
• Logic Bombs
• Backdoors

Countermeasures: Figure
Modified and more realistic CIA triad of
• Strict Access Control
Information Security
• Intrusion Detection
IMPORTANCE OF INFORMATION SECURITY:
• Hashing
Information security (InfoSec) is the exercise of
Availability: Availability ensures reliability
protecting information while still providing access
and timely access to data and resources to
to those who need it. Learn about the three ethics
authorized individuals.
that are the foundation of good InfoSec. In the era

Threat Sources: of the Internet, protecting of information has

• Device or software failure.
• Environmental issues like heat, cold,
humidity, static electricity, and
contaminants can also affect system
availability.
• Denial-of-service (DoS) attacks.
Countermeasures:
• Maintaining backups to replace the failed
system
• IDS to monitor the network traffic and
host system activities
become just as important as protecting our
property. Information security (InfoSec) is the
practice of protecting together physical and digital
information from destruction or unauthorized
access. Every day we take phases to protect the
things that are important to us. The reasons we do
these things are simple -- we don't want people we
don't know or trust to get a hold of our valuables,
and we don't want those valuables to come to any
damage. There are many things that could be
measured information that we need to protect. We
might have individual medical or financial records
that we want to keep private. We usually don't
want one and all in the world reading emails or

“Knowledge Librarian” An International Peer Reviewed Bilingual E-Journal of Library and Information Science
Special Issue, January 2019 &# 2 5
social media posts that we send to our friends or
family. We also want to keep certain things like
our Internet passwords, credit card numbers, and
banking information from getting into the
erroneous hands. Information security is not just
about keeping secrets. Sometimes we just have
records, such as family photographs and videos or
other documents that we want to have access to at
any time and that we don't want to be demolished
or erased.
• To comply with regulatory requirements
and fiduciary responsibility.
• To improve efficiency
The information security is important in
the society because it can protect the confidential
information, enables the organization function,
also enables the safe operation of application
• INCONSISTENT
implemented on the organization’s Information
Technology system, and information is a benefit
for an organization.
CHALLENGES OF THE INFORMATION
SECURITY: There are some challenges in our
constantly changing environment that makes it
difficult to adequately protect our resources.
There are blending the corporate and personal
live, inconsistent enforcement of policies, lack of
awareness in information security, information
security threats etc.
• LACK
• BLENDING THE CORPORATE AND PERSONAL
LIVE: Free internet services have make
employees takes its advantages b used it
“Knowledge Librarian” An International Peer Reviewed Bilingual E-Journal of Library and Information Science
Special Issue, January 2019
for personal purposes. For example,
employees use company email for some
individual communications, and some
employees may be allotted a blackberry or
cell phone that they use for limited
personal use. Several people may not even
have a home computer and use their
company issued laptop for everything
including running personal software, like
their tax software. On the flip side, some
employees may bring a personal laptop
into the office and try to plug it in. The
employees used organization asset that
purpose to access and kept organization
information for personal purposes. The
hazard of this action is, the information
may be can access by other person from
external organizations.
ENFORCEMENT OF
POLICIES: Many companies either haven’t
enforced their policies in the past, or have
done so inconsistently depending on the
position of the employee. The sources of
many issues when a security function tries
to crack down of violators. Many
organizations have misjudged the
important of implement policies and
regulation about the information security.
This makes many group writes the
information policies but does not applied it
OF AWARENESS IN INFORMATION
SECURITY: Lacking in information security
accepting makes the employees in an
organization not secure the information
&# 2 5
 properly. They are lacking in awareness on Sometimes organizations do not take
vital of information security makes the seriously about hiring staffs based on their
information is easier to being attacks. qualification. This is because there are
Basically, employees keep the organizations that appointing employees for the
information, but they do not take proper information security manager but it is doesn’t
method in secure the information. This match with his qualification or skill that he have
may put the confidential information in about information security. So, it is difficult for
risk. that staff to keep the organizations data with
proper protection. This will makes other foes
• INFORMATION SECURITY THREATS: New
easier to attacks and stole the information if the
security fears are emerging every day from
employees don’t have skill or knowledge on how
malware programs that can be
to protect the confidential data. Even though the
inadvertently installed on a user’s
information is important in organization, there are
machine, to phishing attempts that deceive
numerous challenges to protect and manages the
employees into giving up confidential
information as well. One of challenges faced in an
information, to viruses, worms, and
organization is the lack of understanding on vital
strategic identity theft attempts.
of information security. When employees is lack
Sometimes threat assaults the information
of information security knowledge in term of
in organizations is difficult to handles. It is
keeping their information, the society is easy to
because the protection programs that
being attacks by hackers or another threats that try
mounted in the computer system to protect
to stole or get the organization confidential
the data are not properly function or not
information.
good enough. Difficulties in manage of
Information Security for Libraries: Today,
information security because of do not the
library surroundings are increasingly reliant on
suitable qualification in information
computer technology. Many libraries of all sizes
security.
have dropped use of card catalogs in favor of
electronic versions– and many of the electronic
versions previously accessible only via
workstations within library buildings are now
Web-accessible. Online searching of anexcess of
databases and other information sources has
become ubiquitous for the end user, rather than
being restricted to librarians trained in online
searching. Access to broad purpose

“Knowledge Librarian” An International Peer Reviewed Bilingual E-Journal of Library and Information Science
Special Issue, January 2019 &# 2 5
microcomputers and software, as well as to the
Internet, is offered in nearly all libraries of
significant size. Although some new texts on
library security address aspects of information and
computer security
Minimally, effective information security in
libraries should include:
• Staff assigned to information security
tasks
• Training all personnel in information
security issues and procedures
• Specific policies dealing with information
privacy, physical security of equipment,
and computer security procedures
• Physical security plans
• Data integrity measures
• Levels of access to data or equipment, and
monitoring for different types of access.
These points are proposed for all types of
libraries–public, academic, corporate, and
special libraries and collections. They are
intended for libraries of all sizes, with all types of
patrons, backing models and organizational
structures. In a particular library, theasset in
information services, computer apparatus and
personnel may be greater or smaller than in
another library, but the need for effective
information security exists in both.
Conclusion: As we see that today’s world
is much dependent upon the “Information” and its
“security” too. “Information security” is very
important for everyone because if someone is
taking any type of Information the taking any type
“Knowledge Librarian” An International Peer Reviewed Bilingual E-Journal of Library and Information Science
Special Issue, January 2019
of Information the giving or taking information
must be so much “secure” it means the required
information is “authentic” “protective” “secure”
and “much highly appreciated”. Information
security is much needed in Libraries also because
the libraries also because the libraries are the
storehouses of “Information” and if the Libraries
are handling the “Security” process in giving or
taking any information then the “Users” can be
effectively use the proper information then the
“Uses” can be effectively use the proper
information for their purposive work and its result
will be evaluated in our libraries progress and
developments. Information security is an ongoing
and never ending process. Information security
includes personnel security, privacy, policy and
computer security. Information security is crucial
in organization. So it is crucial and important to
all staff in an organization to have knowledge and
understanding about the importance information
security practice in an organization to protect the
confidential data. Information accessed without
authorization is called a data breach. Data
breaches can be intentional or unintentional.
References:
1. Aniruddha Singh, Vaish, Abhishek
andKeserwani, Pankaj Kumar, “Information
Security: Components and Techniques,
International Journal of Advanced Research in
Computer Science and Software Engineering,
Volume 4, Issue 1, January 2014, ISSN: 2277
128X. Available online at: www.ijarcsse.com
&# 2 53
2. Stamp, Mark (2011) Information Security: 10. http://www.staffs.ac.uk/support_depts/infoserv
Principles and Practice, Second Edition, New ices/rules_and_regulations/Infosecurimp.jsp
Jersey: John Wiley.
11. http://www.oecd.org/document/42/0,3343,en_2
3. Newsby, Gregary B., “Information Security in
649_201185_15582250_1_1_1_1,00.html
Libraries.” In Kisielnicki, Jerzy (Ed),Modern
Organizations in Virtual Communities. 12. Importance of Information Security In

Hershey, Pennsylvania: IRM Press: 134-144. Organizations Information Technology

4. Roberts, S.J. (2014) “The Necessity of Essay.html

Information Security in the Vulnerable 13. Information Security (2017) Wikipedia, the
Pharmaceutical Industry”. Journal of Free Encyclopaedia.
Information Security, 5, 147-153. http://en.wikipedia.org/wiki/Information_secur
http://dx.doi.org/10.4236/jis.2014.54014 ity
5. Sattarova Feruza Y. and Prof.Tao-hoon Kim,
“IT Security Review: Privacy, Protection,
Access Control, Assurance and System
Security”, International Journal of Multimedia
and Ubiquitous Engineering, Vol. 2, No. 2,
April, 2007
6. Shumann, Bruce A. (1999) “Library Security
and Safety Handbook”: Prevention, Policies,
and Procedures, Chicago: American Library
Association.
7. Qadir, S. and Quadri, S.M.K. (2016)
“Information Availability: An Insight into the
Most Important Attribute of Information
Security”, Journal of Information Security, 7,
185-194.

8. Confidentiality, Integrity, Availability. The

three components of the CIA Triad Stack
Exchange Security Blog.html

9. http://www.open.edu/openlearn/science-maths-
technology/computing-and-ict/introduction-
information-security/content-section-1

“Knowledge Librarian” An International Peer Reviewed Bilingual E-Journal of Library and Information Science
Special Issue, January 2019 &# 2 55

View publication stats