Governance of Information Technology Security
A.Introduction: [1]
Security is an essential human idea that has ended up more hard to characterize and authorize in Information Age. The significance of information security drove social orders to create inventive methods for securing their information. Internet, has made it conceivable to send tremendous amounts of information over the globe easily. Nonetheless, the test of controlling and ensuring that information has developed exponentially now that information can be effortlessly transmitted, put away, replicated, controlled, and pulverized.
Inside a vast organization, information technology for the most part alludes to laptop and desktop PCs, servers that shape a network, despite the
…show more content…
Confidentiality is shielding access to sensible information from the individuals who don 't have a legal need to utilize it.Integrity is guaranteeing that information is precise and dependable and can 't be modified in unforeseen ways. The Information technology security is regularly the test of adjusting the requests of clients versus the requirement for data confidentiality & integrity.
B.Understanding Your Adversaries :[9]
Who is breaking into networked systems is the most complex of assaults!!It just doesn’t make a difference regardless of who the attackers may be, they all need to be shielded against:
Industrial Spies A few people have attempted to pay off or blackmail the data from its legitimate proprietors for instance, by offering to help an organization close its vulnerabilities in return for a substantial money payment. There have likewise been reports of assailants who have attempted to sell organization secrets to contenders of the organizations that they have entered.
Ideologues and national agents
There is a little yet developing populace of "hacktivists" who break in sites for ideological or political reasons. Regularly, the expectation of these individuals is to destroy website pages to create an impression or something to that affect, by defacement of law implementation agencies, annihilation of sites by ecological groups. In some cases, the incidents may be completed against national interests. In different cases, you see people in one purview
Integrity is only allow authorized subjects (person, process, or program) to make modification or fabrication to the object (data item); Confidentiality is about allowing only authorized subjects to view or access the object.
In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.
Integrity: This is the preventing of unauthorized modification of the information or data. It also helps in ensuring the accuracy of data, and making sure it is up to date. the controls that helps to protect integrity include the principles of least privilege, separation of duties.
Information security involves the protection of information regardless of whether it is in digital form, being stored on computers, or in transit over a network. It is a set of strategies for managing the processes, tools, and policies necessary to prevent and detect threats to
Integrity – This ensures that the data or information system can be trusted. Having encryptions ensures information is protected.
Network Security Issues – major threats and the means to fight them Network security issues are the top priority of all who want to protect their data.
For example, in July 2015, a group known as “The Impact Team” hacked the Ashley Madison website. Knowing that the website was promoting adultery, The Impact Team threatened Avid Life Media, who are the owners of Ashley Madison, and wanted them to take down their website. If the owners didn’t comply, the hackers would then display the data from the website to the general public. That data included names and emails which in other words would expose all the people who had an affair using the
Security in the age of internet has become a tremendously important issue to provide comfort not only for paranoid people but for many others who are naïve to believe that protection in digital era is essential to communication between millions of people that increasingly used as a tool for commerce.
In today’s vastly technological world, when it comes to internet and computer security, people are either scared or unaware of the dangers present. Everything we use in our daily lives, from devices such as phones, tablets, and computers, to cars, gas stations, and electrical plants, is run by computers. This puts millions and billions of people at risk with impending security attacks just a keystroke away. The threat of an attack or breach in a system puts information security at a premium for many organizations and individuals. Therefore the onus is on businesses and organizations to ensure the confidentiality of information in their possession. Securing information prevents breaches and cyberattacks, protects the privacy of
These types of hacktivist organizations believe that are performing acts of civil disobedience and exercising their right to free speech rather than vandalizing virtual private property. Yet, other hackers may engage in website defacement out of pure malice. Look at an example, a hacker may choose to break into a website's code and leave a message that indicates that the business affiliated with the page has closed its doors as a way to drive users away. Then the longer these messages stay up, the more people will see it and believe that this incorrect information is true and harming the website owners ("Website Monitoring & Server Monitoring Blog").
Each community of interest has a role to play in managing the risks that an organization encounters. Because the members of the information security community best understand the threats and attacks that introduce risk into the organization, they often take a leadership role in addressing risk. Management and users, when properly trained and kept aware of the threats the organization faces, play a part in the early detection and response process. Management must also ensure that sufficient resources (money and personnel) are allocated to the information security and information technology groups to meet the security needs of the organization. Users work with the systems and the data and are therefore well positioned to understand the value these information assets offer the organization and which assets among the many in use are the most valuable. The information technology community of interest must build secure systems and operate them
Information governance [IG] is an approach that employs multiple activities and technologies effectively within an organization. This policy incorporates more than traditional records management as multiple departments are involved in its implementation. An established information governance policy is necessary to reduce accompanying jeopardies and expenses. According to the 2005 Second Annual Data Breach Industry Forecast, after 62 percent of consumers reported they had received at least two data breach notifications involving separate incidents in the past two years, perhaps surprisingly the most frequent response was inaction. [1] This may be an indication that a stronger IG is necessary for some organizations. With the expanded use of cloud and other budding future technologies, more breaches are likely to increase. There are several steps an organization can take implement an effective IG policy..
Confidentiality is being able to protect information. It is the process of keeping certain items private and not viewed by unauthorized individuals, outside or inside parties, a need to know. Depending on the subject’s position, title, job title or extra duties the user has requested will depend on the type of information or need to know
Safety of information is the most valuable asset in any organization particular those who provide financial service to others. Threats can come from a variety of sources such as human threats, natural disasters and technical threats. By identifying the potential threats to the network, security measure can be taken to combat these threats, eliminate them or reduce the likelihood and impact if they should occur.