![]() ![]() "Information security is the protection of information and minimizes the risk of exposing information to unauthorized parties." (Venter and Eloff, 2003)."A well-informed sense of assurance that information risks and controls are in balance." (Anderson, J., 2003).".information security is a risk management discipline, whose job is to manage the cost of information risk to the business." (McDermott and Geer, 2001)."Information Security is the process of protecting the intellectual property of an organisation." (Pipkin, 2000)."Ensures that only authorized users (confidentiality) have access to accurate and complete information (integrity) when required (availability)." ( ISACA, 2008)."The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability." (CNSS, 2010).Note: In addition, other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved." (ISO/IEC 27000:2009) "Preservation of confidentiality, integrity and availability of information. ![]() Various definitions of information security are suggested below, summarized from different sources: Essentially, procedures or policies are implemented to tell administrators, users and operators how to use products to ensure information security within the organizations. Information Systems are composed in three main portions, hardware, software and communications with the purpose to help identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers: physical, personal and organizational. Definition Information Security Attributes: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). However, the implementation of any standards and guidance within an entity may have limited effect if a culture of continual improvement is not adopted. This standardization may be further driven by a wide variety of laws and regulations that affect how data is accessed, processed, stored, transferred, and destroyed. To standardize this discipline, academics and professionals collaborate to offer guidance, policies, and industry standards on passwords, antivirus software, firewalls, encryption software, legal liability, security awareness and training, and so forth. Monitoring the activities and making adjustments as necessary to address any issues, changes, or improvement opportunities.Where risk mitigation is required, selecting or designing appropriate security controls and implementing them.Deciding how to address or treat the risks, i.e., to avoid, mitigate, share, or accept them.Identifying information and related assets, plus potential threats, vulnerabilities, and impacts.This is largely achieved through a structured risk management process that involves: Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability (also known as the CIA triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity. Protected information may take any form, e.g., electronic or physical, tangible (e.g., paperwork), or intangible (e.g., knowledge). It also involves actions intended to reduce the adverse impacts of such incidents. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It is part of information risk management. Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. Security information and event management (SIEM).Host-based intrusion detection system (HIDS).Protecting information by mitigating risk Part of a series on ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |