Information System and Security
Introduction
The organized system used for collection, storing, organizing and communication of the information are called an information system. It is a network of software and hardware that is used for collecting, processing, filtering, creating and distributing data by the people and various organizations. Information system security means protecting data assets of any organization or company from cyber-terrorists and hackers. InfoSec provides safety from unauthenticated and unauthorized access, modification or destruction of data, unauthorized inspection and recording of data. Information system security also deals with information assurance i.e. ensuring data is not lost when there are critical issues like physical theft, malfunctioning of computer or server, and natural disaster etc. Since most of the information is stored in the computer these days, information system security is a must to ensure that data is not lost by any means.
Figure 1 Functions of an Information System
Vulnerabilities to Information System Security
Unauthorized access to data: In any organization, sensitive data and sensitive files are stored on the computer. Any unauthorized person can get access to this data and can obtain information that can be used against the interest of the organization. Even more dangerous can be the fact that the unauthorized access has gone unnoticed; it then becomes impossible to take remedial actions. Therefore, information system security is needed to prevent from any unauthorized access to any kind of data.
Secretive alteration of data: By altering the data secretively, an adversary could destroy the confidence plan of the organization or disrupt the plan execution. For example, alteration in logistics information of the organization could mislead with the requirements of any project and hence create problems when the project is to be delivered finally. An authorized person, therefore, should only have access to the information system.
Denial of service attack: It is an attempt where machine and network resources are made unavailable to the authenticated user by temporarily or permanently suspending or interrupting the services of the host connected to the internet. These attacks are relatively simpler to do and often require less sophistication technically. Forging of IP addresses is one common DOS attack where the location of attacking machine is not easily identified. Therefore, information security is needed so that legitimate user can use that service.
Importance of Information System Security
Information Security is needed to maintain integrity, availability, and confidentiality of the information system. All security controls are needed and implemented to provide these principles only. Following are the needs of the information system security:
Data Confidentiality: Confidentiality ensures that all the required levels of security are enforced at each section of data processing and prevents access to any unauthorized method. To ensure confidentiality, data should be encrypted when it is stored and transmitted. Network padding should be implemented at all nodes of the information network. Data classification and strict access control mechanisms should be implemented, and people working on the IT system should be trained about proper security procedures.
Data Integrity: Integrity ensures the accuracy and validity of the data. When the data is not valid or not accurate it is of no use. Corruption of data and sabotage are serious threats to any organization as the information can have great value. The data should be encrypted using Hashing techniques, any kind of intrusion should be detected and strict access control should be implemented to maintain the integrity of the data.
Data Availability: data availability means that reliable data and resources are available on time to authorized individuals only. There can be various threats like hardware or software failure, denial of service attack and other environmental issues like electricity, heat, humidity etc. to the availability of the data. So, to maintain the availability of data certain routers and firewall configurations should be used. Backups should be maintained, IDS should be implemented to monitor the host system and network traffic.
System configuration is also one aspect that should be implemented in order to ensure that the configuration of the system and network can be changed only under security guidelines and by authorized users only. So, from above requirements, it is clear that security is needed not just to protect information from disclosure but also to ensure the effective operation of the information system.
Conclusion
Sending data from one computer to other computers through a network means that special steps should be taken to prevent confidentiality, integrity and availability of the data and to prevent the data from any unauthorized access. Cryptography and encryption are the best methods to hide the data and keeping it away from any unauthorized users. Since most of the information is stored in the computer these days, information system security is a must to ensure that data is not lost anyway.
Reference(s)
Godbole, N. (2009). Information Systems Security. New Delhi: Wiley India Pvt. ltd. .
Kim, D., & Solomon, M. G. (2012). Fundamentals of Information Systems Security. Ontario: Jones and Bartlett Learning.
