Information System Security
Information systems security involves protecting a company or organization’s data assets. Programs in this career field are available at the undergraduate and graduate levels and can lead to a variety of job options.
It also refers to:
- Access controls, which prevent unauthorized personnel from entering or accessing a system.
- Protecting information no matter where that information is, i.e. in transit (such as in an email) or in a storage area.
- The detection and remediation of security breaches, as well as documenting those events.
The term is often used in the context of the U.S. Navy, who defines INFOSEC as:
COMPUSEC + COMSEC + TEMPEST = INFOSEC
Where COMPUSEC is computer systems security, COMSEC is communications security, and TEMPEST is compromising emanations.
WHAT IS INTERNET SECURITY?
Internet security is a catch-all term for a very broad issue covering security for transactions made over the Internet. Generally, Internet security encompasses browser security, the security of data entered through a Web form, and overall authentication and protection of data sent via Internet Protocol.
Malware and Anti-Malware
- Malware, meaning malicious software, includes viruses, worms and Trojans. Although “virus” is used colloquially to refer to various malware types, its meaning is quite specific. A virus is a program that replicates itself throughout a system; it can spread to other computers, but needs user involvement since it requires a host file to spread: an individual must download the virus from the Internet or connect infected storage media, such as a USB drive, to his computer. A worm replicates itself and spreads more actively. A Trojan (from Trojan horse) can appear useful, but is actually dangerous. Trojans can steal data such as passwords or financial details or allow “back-door” access into computers. Networks of compromised computer systems, called botnets, are used to send spam or disseminate further malware. Install and use anti-malware applications to protect your computer.
- Think of a firewall as a filter consisting of a device or array of devices that allow or deny access to a network. Firewalls, which can be hardware or software devices, prevent sensitive information from being uncovered and stolen from networks and also prevent dangerous information — such as malicious code — from being planted on networks. Firewalls apply a specific set of rules to all information coming in or going out of networks to determine whether it’s dangerous or benign.
- Browsers can have security flaws, which allow hackers and cyber-criminals to attack computers and networks. You must choose a secure browser and keep it updated with new security patches the developer releases. One example of a dangerously insecure browser is Microsoft’s Internet Explorer 6 (IE6). Still in widespread use, IE6 has so many security flaws that even Microsoft wants to stop people from using it.
- Electronic mail (email) offers many potential vulnerabilities. It’s often used to send sensitive information, which then becomes vulnerable to theft, and is also used to distribute malware. A solid email security strategy includes both anti-malware applications and good practice by users, such as not sending sensitive information via unsecured email and not opening suspicious messages.
- Denial of service (DoS) attacks are performed against computer resources such as websites. The aim of a DoS attack is to make a resource unavailable to users. One example is when a website is so overwhelmed by repeated communications requests that it cannot keep up with the demand. When multiple systems are involved, it becomes a distributed denial of service attack (DDoS). Methods for protecting against such attacks include firewalls and systems such as “clean pipes,” in which website traffic is routed through a proxy server that drops bad traffic, allowing only genuine requests.
- The strongest firewall and best anti-malware suite won’t protect your system if you give away sensitive information such as passwords or security questions. Social engineering uses tricks to make you hand over information to criminals. An example is phishing, in which an email appears to come from a reputable organization such as a bank, tricking the recipient into entering their personal details. The phisher can then collect and use them to log in to the victim’s account. If you want excellent Internet security, it’s important to remain aware of social engineering.
E–business Risk Management Issues
- Development Risk
Can the original product or service idea actually be created?
- Manufacturing Risk
If the product can be developed, can it actually be produced in appropriate volume?
- Marketing Risk
If the product can be made, can it be sold effectively?
- Financial Risk
If the product can be sold effectively, will the resulting company be profitable and can the profits actually be realized in a form that allows investors to receive cash
- Growth Risk
levels of risk can be distinguished:
• Technical risk – includes viruses, worms,trojans, backdoors, and other malware as well as hacker attacks plus risks due to hard-ware attacks.• Individual risk – besides security, indi-viduals greatly value their privacy, which is jeopardized by attacks such as phishing. Other individual risks result from fraud in e-commerce, missing or wrong information, or data manipulation.
• Business risk – for businesses, sales and reputation losses are major risks. Companies may never regain their full financial capacity after a computer downtime of several days, and even a company’s existence can be threatened as a result of technical incidents.
• Societal risks – loss of privacy (“transpar-ent user”), cyber-terrorism, and information warfare are key terms that outline the dangers on the societal level.They are interrelated and their occurrence is recursive.