1. INTRODUCTION
Information Systems (IS) plays a vital role within organisation. Therefore, it is important to ensure the reliability and the accuracy of IS. Businesses such as banks, airlines, or credit card companies could loose millions of pounds every hour their systems are not operational. An error in such a vital system can cause
catastrophic damage to an organisation. IS security deals with the issues of safeguarding the system from disasters, failures and possible errors.
The society has come to rely heavily on IS. We come in contact with IS on our daily life in many ways, directly or indirectly. A failure of such a system or a breach of security can affect us in many ways,
personally, socially, or financially.
The objectives of IS security are:
- To control the loss of assets
- To ensure the integrity and reliability of data
- To improve the efficiency/ effectiveness of IS applications
IS Security includes the procedures, mechanisms taken by managers of a system to exercise a directing or restraining influence over the behaviour, use and content of the system. This control is employed to achieve the security objectives of the system, such as data integrity and confidentiality.
Some of the facts the managers need to check:
- What are we trying to secure
- What is the state of building security
- What is the profile of I.T. staff
- Is there an inventory of equipment
- Is there a record of procedures
- Attitude of users to security
Actions:
- Set a security policy
- Appoint a Security manager
- Disaster Recovery Plan (DRP) which must be documented and tested
In a disaster recovery plan we need to consider:
- Up to date documentation
- Disk and backup management
- Good supplier relations
- Inventory of all equipment and software
- Is there a disaster recovery plan
- Equipment for emergency operations
- Power down and UPS
- Air conditioning and water detection
- Duplicate external communication lines
- Reciprocal backup site
- Document the plan
- Keep it simple and train staff
- Test it
- Regular reviews
2. Risks & Threats to Information Systems
2.1 Risk
Risks refer to potential loss to the firm, whether those losses are direct or indirect. The losses may result from total loss, partial damage, or even temporary loss of an IS asset. For example: a loss may occur:
- when a computer is stolen
- when a computer is damaged while moving
- when a data file is destroyed
- when a line connecting a customer to a sales order-entry employee fails
2.2 Threats
A threat refers to people, actions, events, or other situations that could trigger losses. A thief is a threat, so is a sprinkler system placed over a mainframe computer system. Thus threats are potential causes of loss.
A threat to IS may be caused in a variety of different ways. A number of threats are more common and needs careful attention by managers. Gupta (1999) classifies these under three broad categories:
- Accidental or unintentional errors
- Intentional errors
- Natural disasters
Threats include:
- Physical damage e.g.: fire, flood, power failures, vandalism, terrorism
- Employee errors
- Hacking (information loss, industrial espionage, data diddling)
- Copyright (unlawful copying)
- Viruses - time bombs, logic bombs (disruption of operations)
- Trojan Horses
- Worms
- Trap Doors
- Fraud - software piracy, copyright infringements (huge losses per year)
Each security exposure must be attacked in 3 ways:
- Minimise the probability of it happening at all
- Minimise the damage if it does happen
- Design a method of recovering from the damage
2.3 Controls
Controls are counter measures to threats. They can be classified by their type:
- Physical controls: physical locks, programmed locks, alarms, identification controls, backup procedures
- Electronic controls
- Software controls: anti-virus software, firewalls, e-mail gateways, call back systems, controls over user error, cryptography, passwords
- Management Controls: dispersion of responsibility
| Reference(s) | |||
 | Book | ![Gupta, U. G. (1999) Information Systems: Success in the 21st Century. Prentice Hall: United States of America (USA), Virginia (VA), Fairfax, Langley. [ISBN: 9780130108579]. [Available on: Amazon: https://amzn.to/3WeHDZy].](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA0fogT3dRWgC6bEJ4_DAUHgOJgLoLsBk5ir5plgVQ1lzAzMWVZjvjGVdovKpQF6LCtowkgadjo1MRIR0V46bGA3d2C9QOZfBHNeEguEcKDh8ZhxDMctFok87F1DWhqH4-j_YzadKsAoQ_7m0c8papRooBkX5tJ5tyOn-d_38Mws-22gA/s1600/Book-1999-Gupta-9780130108579.jpg "Gupta, U. G. (1999) Information Systems: Success in the 21st Century. Prentice Hall: United States of America (USA), Virginia (VA), Fairfax, Langley. [ISBN: 9780130108579]. [Available on: Amazon: https://amzn.to/3WeHDZy].") | Gupta, U. G. (1999) Information Systems: Success in the 21st Century. Prentice Hall: United States of America (USA), Virginia (VA), Fairfax, Langley. [ISBN: 9780130108579]. [Available on: Amazon: https://amzn.to/3WeHDZy]. |
| Reference (or cite) Article | ||
![Kahlon, R. S. (2012) Information System Security [Online]. dkode: United Kingdom, England, London. [Published on: 2012-06-12]. [Article ID: RSK666-0000046]. [Available on: dkode | Ravi - https://ravi.dkode.co/2012/06/information-system-security.html].](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1QAw0HHVAsw96tyjOTY02IagXr-zhdVtJRyUDsAaICwZroxbpnwCX-zNgES2I34hXdkOxpikEtky4waS6ytDbEa4X1Xw6ty4HJkRFZbI9JJBnmrIw8HhyphenhyphenpQfz3nPPaSOyohjqQSeB2TeROMz4U20KQHWfj46x1sfWQ2JhIMTclZlaecIYCHqYYinU6g5s/s1600/reference-dkode.png "Kahlon, R. S. (2012) Information System Security [Online]. dkode: United Kingdom, England, London. [Published on: 2012-06-12]. [Article ID: RSK666-0000046]. [Available on: dkode | Ravi - https://ravi.dkode.co/2012/06/information-system-security.html].") | Kahlon, R. S. (2012) Information System Security [Online]. dkode: United Kingdom, England, London. [Published on: 2012-06-12]. [Article ID: RSK666-0000046]. [Available on: dkode | Ravi - https://ravi.dkode.co/2012/06/information-system-security.html]. | |
No comments:
Post a Comment
Comments on this blog are not moderated.
But, offensive ones will be deleted.