Upload
emid-nunez-conde
View
8
Download
2
Embed Size (px)
DESCRIPTION
An article of Cyber Security to recognize the significance of protect the business information.
Citation preview
Why is information security
important? ThehomeoffreelearningfromTheOpenUniversityThehomeoffreelearningfromTheOpenUniversity
Thisunitintroducesyoutoinformationsecurityanditsmanagement.
Asuccinctdefinitionofinformationsecuritymightrunasfollows:
Informationsecurityisthecollectionoftechnologies,standards,policiesandmanagementpracticesthatareappliedtoinformationtokeepitsecure.
Butwhyisitimportanttosecureinformation?Andhowshoulditssecuritybemanaged?Tostartthinkingaboutthesequestions,considerthefollowingstatementsaboutinformation:
Intoday'shightechnologyenvironment,organisationsarebecomingmoreandmoredependentontheirinformationsystems.Thepublicisincreasinglyconcernedabouttheproperuseofinformation,particularlypersonaldata.Thethreatstoinformationsystemsfromcriminalsandterroristsareincreasing.Manyorganisationswillidentifyinformationasanareaoftheiroperationthatneedstobeprotectedaspartoftheirsystemofinternalcontrol.
(NigelTurnbull,2003,p.xi)
Competitiveadvantageisdependentonsuperioraccesstoinformation.
(RobertMGrant,2000,p.186)
Informationistheoxygenofthemodernage.Itseepsthroughthewallstoppedbybarbedwire,itwaftsacrosstheelectrifiedborders.
(RonaldReagan,1989)
http://www.open.edu/openlearn/science-maths-technology/computing-and-ict/introduction-information-security/content-section-3
Itisvitaltobeworriedaboutinformationsecuritybecausemuchofthevalueofabusinessisconcentratedinthevalueofitsinformation.Informationis,asGrantsays,thebasisofcompetitiveadvantage.Andinthenotforprofitsector,withincreasedpublicawarenessofidentitytheftandthepowerofinformation,itisalso,asTurnbullclaims,theareaofanorganisation'soperationsthatmostneedscontrol.Withoutinformation,neitherbusinessesnorthenotforprofitsectorcouldfunction.Valuingandprotectinginformationarecrucialtasksforthemodernorganisation.
Ifinformationwereeasytovalueandprotect,however,youwouldbeabletobuyofftheshelfinformationsecuritymanagementsolutions.Therearethreecharacteristicsofinformationsecuritythatmakethisimpossible.
1. Thecollectionofinfluencestowhicheachorganisationisexposedvarieswiththeorganisation:theinformationtechnologythatituses,itspersonnel,theareainwhichitdoesbusiness,itsphysicallocationallthesehaveaneffectoninformationsecurity.
2. Informationsecurityaffectseverystructuralandbehaviouralaspectofanorganisation:agapinasecurityfencecanpermitinformationtobestolenavirallyinfectedcomputerconnectedtoanorganisation'snetworkcandestroyinformationacupofcoffeespiltonacomputerkeyboardcanpreventaccesstoinformation.
3. Eachindividualthatinteractswithanorganisationinanywayfromthepotentialcustomerbrowsingthewebsite,tothemanagingdirectorfromthemalicioushacker,totheinformationsecuritymanagerwillmakehisorherownpositiveornegativecontributiontotheinformationsecurityoftheorganisation.
Thusinformationsecurityanditsmanagementneedtobeexaminedwithinanorganisationalcontext.Tothisend,amajoraimofthisunitistogiveyoutheopportunityto:
investigateyourorganisationanddeterminetheprecisemixofinformationsecurityissuesthataffectit
explainthelinksbetweenareasofanorganisationandnavigateyourorganisation'sinformationsecurityweb
identifythesecuritycontributionsofeachindividual,andsosuggeststrategiestomakethesumofthepositivecontributionsgreaterthanthesumofthenegativeones.
Beforeyoucaninvestigateinformationsecurityanditsmanagementwithinyourorganisation,weneedtointroduceyouinmoredetailtothecomplexitiesofthetopic.Thisisthepurposeofthisunit.Section2discussesthemeaningofthetermsinformation,informationsecurityandinformationsecuritymanagement.Section3looksatinformationsecurityanditsimperativesandincentives.Section4discussesinformationassets.Section5examinestheplanningofaninformationsecuritymanagementsystem.Section6addresseshowriskstoinformationsecuritycanbeassessedandhowinformationassetscanbeidentified.
Section7describeshowasystemforinformationsecuritymanagementcanbeimplementedandcontinuallyimproved.Whyisinformationsecurityimportant?Thisunitintroducesyoutoinformationsecurityanditsmanagement.Asuccinctdefinitionofinformationsecuritymightrunasfollows:Informationsecurityisthecollectionoftechnologies,standards,policiesandmanagementpracticesthatareappliedtoinformationtokeepitsecure.Butwhyisitimportanttosecureinformation?Andhowshoulditssecuritybemanaged?Tostartthinkingaboutthesequestions,considerthefollowingstatementsaboutinformation:Intoday'shightechnologyenvironment,organisationsarebecomingmoreandmoredependentontheirinformationsystems.Thepublicisincreasinglyconcernedabouttheproperuseofinformation,particularlypersonaldata.Thethreatstoinformationsystemsfromcriminalsandterroristsareincreasing.Manyorganisationswillidentifyinformationasanareaoftheiroperationthatneedstobeprotectedaspartoftheirsystemofinternalcontrol.(NigelTurnbull,2003,p.xi)Competitiveadvantageisdependentonsuperioraccesstoinformation.(RobertMGrant,2000,p.186)Informationistheoxygenofthemodernage.Itseepsthroughthewallstoppedbybarbedwire,itwaftsacrosstheelectrifiedborders.(RonaldReagan,1989)Itisvitaltobeworriedaboutinformationsecuritybecausemuchofthevalueofabusinessisconcentratedinthevalueofitsinformation.Informationis,asGrantsays,thebasisofcompetitiveadvantage.Andinthenotforprofitsector,withincreasedpublicawarenessofidentitytheftandthepowerofinformation,itisalso,asTurnbullclaims,theareaofanorganisation'soperationsthatmostneedscontrol.Withoutinformation,neitherbusinessesnorthenotforprofitsectorcouldfunction.Valuingandprotectinginformationarecrucialtasksforthemodernorganisation.Ifinformationwereeasytovalueandprotect,however,youwouldbeabletobuyofftheshelfinformationsecuritymanagementsolutions.Therearethreecharacteristicsofinformationsecuritythatmakethisimpossible.Thecollectionofinfluencestowhicheachorganisationisexposedvarieswiththeorganisation:theinformationtechnologythatituses,itspersonnel,theareainwhichitdoesbusiness,itsphysicallocationallthesehaveaneffectoninformationsecurity.Informationsecurityaffectseverystructuralandbehaviouralaspectofanorganisation:agapinasecurityfencecanpermitinformationtobestolenavirallyinfectedcomputerconnectedtoanorganisation'snetworkcandestroyinformationacupofcoffeespiltonacomputerkeyboardcanpreventaccesstoinformation.Eachindividualthatinteractswithanorganisationinanywayfromthepotentialcustomerbrowsingthewebsite,tothemanagingdirectorfromthemalicioushacker,totheinformationsecuritymanagerwillmakehisorherownpositiveornegativecontributiontotheinformationsecurityoftheorganisation.Thusinformationsecurityanditsmanagementneedtobeexaminedwithinanorganisationalcontext.Tothisend,amajoraimofthisunitistogiveyoutheopportunityto:investigateyourorganisationanddeterminetheprecisemixofinformationsecurityissuesthataffectitexplainthelinksbetweenareasofanorganisationandnavigateyourorganisation'sinformationsecuritywebidentifythesecuritycontributionsofeachindividual,andsosuggeststrategiestomakethesumofthepositivecontributionsgreaterthanthesumofthenegativeones.Beforeyoucaninvestigateinformationsecurityanditsmanagementwithinyourorganisation,weneedtointroduceyouinmoredetailtothecomplexitiesofthetopic.Thisisthepurposeofthisunit.Section2discussesthemeaningofthetermsinformation,informationsecurityandinformationsecuritymanagement.Section3looksatinformationsecurityanditsimperativesandincentives.Section4discussesinformationassets.Section5examinestheplanningofaninformationsecuritymanagementsystem.Section6addresseshow
riskstoinformationsecuritycanbeassessedandhowinformationassetscanbeidentified.Section7describeshowasystemforinformationsecuritymanagementcanbeimplementedandcontinuallyimproved.