Information Security

Information security can be explained as a process of securing information and preventing various practices such as unauthorized access, modification and destruction of information etc. Information can be of any type, but securing that information is the main motive of information security. Information security is a vast field it covers many areas such as cryptography, mobile computing and cyber forensics etc.

Information security is based on 3 main objective known as CIA triad. They are as follows:

  1. Confidentiality:
    Sensitive and confidential information needs to be protected with the greatest privacy. Only authorized users can have access to the information with high priority and secrecy.
  1. Integrity:
    The information should not be tampered with. It needs to be accurate and exact.
  1. Availability:
    It indicates that the information should always be available to authorized users whenever needed.

IMPORTANCE :

  1. Protecting the functionality of an organization:
    The authorities in an organization can opt for various information security policies so that their organization can run efficiently and securely.
  1. For safe operations of application:
    Various applications are used in an organization. So to protect the organization’s IT infrastructure it is important that the application used in the system is secure.
  1. Protecting data:
    An organization has a lot of data which is collected and used for various purpose. The collected data can be in rest or in motion. As that data is useful, it is essential to make sure that the data is secure and it is not corrupted by any means.
  1. Protecting technology assets:
    Organization should look after their functionalities and size of their organization. According to that they should deploy various technologies which can be helpful for safeguarding their technology assets.

THREATS :

  1. Malware
    It is a program code which is designed to perform malicious activity on the system. 

For example: virus, Trojan, rootkit etc.

  1. Theft of intellectual property
    The breach of intellectual property rights can be considered as theft of intellectual property.
  1. Identity theft
    When someone impersonates another in order to get their sensitive information it is known as identity theft.
  1. Sabotage
    Sabotage can be explained as a process of damaging an organization website so that the customer’s trust towards the company is broken.
  1. Information extortion
    It deals with stealing any the information or property of an organization to receive payment in exchange.
  1. Outdated security software
    Upgradation of software on a regular basis is very important to maintain the security of any organization / individual’s information.
  1. Social engineering
    It is a process of socially deriving information from an individual to use it in a devious manner or for extortion purposes.

ADVANTAGES:

  1. It protects our network from malicious attacks.
  2. It avoids users to get unauthorized access to the network.
  3. It secures the information.
  4. It curbs cybercrimes.

DISADVANATGES:

  1. Sometimes it can slow down the productivity.
  2. If any single details or areas are missed while implementing the information security whole system could be compromised.
  3. It can be expensive sometimes to purchase every upgrade.

CONCLUSION:

As the cyber-crimes and attacks keeps increasing, it is very essential that every organization should opt for information security methods and policies. It will assist them to safeguard their valuable assets which can get compromised if are not properly secured.