Professional Documents
Culture Documents
Importance of Information Security
Importance of Information Security
INFORMATION SYSTEM
SECURITY
1 Group Assignment 1
10/12/2010
INFORMATION SYSTEM SECURITY
The goals of ISS are to protect our information and
information systems.
Information security means protecting information and
information systems from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection,
recording or destruction-wiki
It also ensures that information systems are available to
its users.
This means that a secure information system maintains
confidentiality, integrity, and availability.
2
GOALS OF AN INFORMATION
SECURITY PROGRAM
Confidentiality
Prevent the disclosure of sensitive information from unauthorized people,
resources, and processes
Integrity
The protection of system information or processes from
intentional or accidental modification
Availability
The assurance that systems and data are
accessible by authorized users when needed
3
CONFIDENTIALITY
Confidentiality of information ensures that only
those with sufficient privileges may access certain
information
To protect confidentiality of information, a number
of measures may be used, including:
Information classification
Secure document storage
Application of general security policies
Education of information custodians and end users
4
INTEGRITY
Integrity is quality or state of being whole,
complete, and uncorrupted information
The integrity of information is threatened
authorized users.
6
INFORMATION SECURITY MODEL
Processing Information States
Information Security
Properties Storage
Transmission
Confidentiality
Integrity
Availability
9
External attack
• Initiated by individuals or groups working outside of a company.
• They do not have authorized access to the computer systems or
network.
• They gather information in order to work their way into a network
mainly from the Internet or dialup access servers.
Internal attack
• More common and dangerous.
• Internal attacks are initiated by someone who has authorized access
to the network.
• According to the FBI, internal access and misuse account for 60 to
80 percent of reported incidents.
10
• These attacks often are traced to disgruntled employees.
Passive attack
Listen to system passwords
Release of message content
Traffic analysis
Data capturing
Active attack
Attempt to log into someone else’s account
Wire taps
Denial of services
Masquerading
Message modifications
11
So to save our INORMATION?
12
WHY WE NEED ISS?
In the past, computers were standalone systems that were relatively
easy to protect. But now computers are globally connected to
network. Because of the interconnected nature of our information
systems, a risk to one is a risk to all.
14
IMPORTANCE OF ISS
INFORMATION has a value.
E-Governance
E-Business
E-Money
17
If we start implementing strong security now and start
experiencing the benefits of a secure site and trusting
consumers.
An information leak with in the company can failure
18
WITH OUT PROPER ISS
Customer complaints
Competitor messages and internal messages related to
competitors
Customer satisfaction levels with your organization's security
and privacy practices
Providing for customers with special needs and requests
Number of legal noncompliance reports regarding security
and privacy
Perceived strength of posted security and privacy policies
Marketing through what is considered as spam
Number of staff grievances
19
EXAMPLES
What happens when enough stories about security
problems come to the forefront of public knowledge?
How much trust did TJX lose over their incident?
20