The Goals of Information Security

A possible risk arises when our computer connects with a network and starts to communicate and download programs. Protecting the files and the Internet account of our computer from other users who can cause harm to it is known as Internet Security. Certain security measures, which help us to protect our computer, would be making backup copies of our important data, changing file permissions every now and then, and assigning passwords, which only we know.

The various IT systems, which are used in different businesses, view security concerns as an important aspect. Internet users need to be sure that their computers, which contain valuable information are completely secure. Cybercriminals can cause many damages and thus, effective security measures are necessary. The professionals who handle Internet security need to be confident about certain areas like penetration testing, audit or legal compliance, incidence response, and intrusion detection. The goal of the information security system is to stop these menaces (Ammari, 2007).

In this context, two terms are extremely vital. One is Digital Liability Management and the other is Vulnerability. Vulnerability means the chances of threats of the information security system and its information are exposed. On the other hand, Digital Liability Management indicates the exact amount of threats of the information security system and its information. This is a methodical computation and is a very essential part of the information security system. The indication of vulnerability and Digital Liability Management assessments help an organization to act against information threats (Ammari, 2007).

The goal of securing an information system can be achieved by following certain norms. It is a set of the official statement of certain rules through which an organization or firm is made secure and its employees can access its technology, information, and system assets. It defines the various security and business objectives and goals of the management. It must be economically viable, consistent in its working, provide proper protection to the objectives and goals, easily understandable and its procedure should be tolerable.

The following characters are necessary for an organization to implement in its security policy:

  • Physical security – a person may be given physical access based on authorization or payment. People can be checked from entering an area by a ticket collector, door attendant, or guard. They can also be checked before they exit the premises of the secured place.
  • Authentication and access control – authentication is the process of finding the actual identity of a user who is attempting to access a secure system. The user’s identity is verified by using passwords, response calculators, or personal challenges. Access control refers to the capability to either deny or permit the usage of a resource by an entity. There can be physical access control or electronic access control. While the former controls the topic of when, where, and who, the latter utilizes a computer to resolve the restrictions of various mechanical keys and locks.
  • Network security – refers to the different requirements of the infrastructure of a computer network, the various policies that have been adopted by the administrator to protect its resources and network from illegal access, and the steady and constant monitoring of the given procedures. We start network security by authenticating the user first by their password or username. Then the user is allowed access to certain services by the Stateful Firewall. In case there are Malwares, an Intrusion Prevention System or IPS helps to prevent and detect it and it monitors the network traffic for its volume, anomalies, and content.
  • Auditing or accounting procedure – auditing or accounting is the process of data collection and analysis that allows the administrators and others, like the IT auditors, to verify that the users and the authorization rules have produced the intended results as defined by the organizations business and security policies. To effectively analyze the security of a network and to respond to the security incidents procedures should be established for collecting network activity data. (Lazinger, 2007)

References

  1. Ammari, Habib M; 2007; Using group mobility and multihomed mobile gateways. International Journal of Communication Systems. 19, 10, 1137-1165.
  2. Lazinger, Susan S, Judit Bar-Ilan, Bluma C. Peritz. 2007. Internet use by faculty members in various disciplines: A comparative case study. Journal of the American Society for Information Science. 48, 6, 508-518.