Some words about Information Security

Monday, June 07, 2010

Jorge Mieres


Organizations are increasingly dependent on their computer networks and a problem affecting them, no matter how small, can compromise the continuity of operations, a situation which inevitably results in economic loss.

An increasing number and complexity of new computer attacks, becoming more specialized skills whose goals are an economic nature for the benefit of the attackers also in the midst of this variety, have been increasing disrespectful actions of privacy.

In addressing the issue on Information Security, a common tendency to scan only the aspects of computer media (backups, maintenance of computers, servers, networks, etc..), All aimed at ensuring that information is available, ignoring other aspects that must be addressed because they keep the same level of criticality, such as confidentiality and integrity of data and services.
It is important to note that the human factor covers over 90% of security and that the remainder consists of the technological aspect. Therefore, overconfidence and lack of awareness are the main problems.
Keep the information protected is equivalent to keeping it safe to threats to its functionality, either corrupt, improperly accessed, removing, and even stealing information.

Therefore, information security is to protect the information of an organization preserving and protecting three basic parameters: confidentiality, integrity and availability.
In the first of which seeks to ensure that only authorized persons have access to information. If the information is confidential should not be disclosed because the loss of confidentiality equivalent to the loss of secrecy. Furthermore, the more valuable the more information should be its degree of confidentiality and the greater the degree of confidentiality, the higher the level of security that must be implemented.
For its part, the integrity of the information ensures that data will not be altered, removed or destroyed by unauthorized entities, preserving completely with the methods used for processing. If the information is altered then it loses integrity.

Instead availability ensures that authorized persons have access to information, and its associated resources whenever they need it. The availability involves not only information but also all the physical and technological structure that allows access, transit and storage to ensure it arrives in a timely manner.
These three key areas form the main column of information security, and constitutes the essential mechanisms to ensure confidence in the business processes so they have the desirable situation for any organization.

"The information security is achieved by implementing a set of controls that include policies, practices, procedures, organizational structures ... depending on what you are trying to protect." However, every implementation must provide a balance between use and transparent maximum safety, all at a reasonable cost.

Cross-posted from SecurityIntelligence

Enterprise Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked