What is Information Security?
Information security (InfoSec),as defined by the standards published by the Committee on National Security Systems (CNSS),formerly the National Security Telecommunications and Information Systems Security Committee (NSTISSC) is the protection of information and its critical elements, including the systems and hardware that use, store and transmit that information.
Information Security is a buzzword that is used not only to alert everyone, but also to see what level of awareness we have related to the technology we use today.
Security awareness is the knowledge and attitude members of an organization possess, regarding theprotection of the physical, and especially informational, assets of that organization.
No, it is not to scare anyone, but to think and be proactive, before the hackers actually strikes you. Yes,they will strike you. In today’s world, every human being is using technology in their day to day use. And if they are using technology, then they will be vulnerable to threats and attacks. It is not ‘If’ you will be attacked, it is ‘when’. The level of awareness and proactive measures you take, the longer will you protect your assets. Today, the Internet has brought millions of unsecured computer networks into communication with each other. Our ability to secure each computer’s stored information is now influenced by the security on each computer to which it is connected.
Let us discuss the basics of Information Security:
There are three principles of information Security – Confidentiality, Integrity and Availability.
Confidentiality –The information assets must be protected from unauthorized users and should be confined only to the people authorized to use them
Integrity – Determines the accuracy and reliability of the data
Availability – Determines the availability of the data to be accessed by authorized users when needed.
The C.I.A. triangle has been considered the industry standard for computer security since the development of the mainframe.
A successful organization should have the following multiple layers of security in place for the protection of its operations:
Physical security: protect the physical items, objects, or areas of an organization from unauthorized access and misuse.
Personal security: protect the individual or group of individuals who are authorized to access the
organization and its operations.
Operations security: protect the details of a particular operation or series of activities.
Communications security: protect an organization’s communications media, technology, and content.
Network security: protect networking components, connections, and contents.
So, how do we achieve this?
Every organization should adopt a Security Awareness Program, to reduce the threats caused
(unknowingly) by employees. This program develops awareness and educates the employees related to various threats to the organization. They help the employees understand that information security is not just a responsibility by an individual, but everyone working in that organization. The awareness ofhandling information in a standard way can minimize the risk of being attacked.
Organizations make security and privacy policies very complicated, that the employees fail to understand these regulations. To help and engage the employees in this area, organizations can create interactive sessions for all employees to attend every week to speak about security and threats. Interactive sessions may include awareness about newer threats, best practices and questions & answers.
Information security authorities may perform a gap analysis to find out any deficiencies in the program.
Conclusion
Information security awareness, if implemented properly, can payoff in a big way for the organization. Of course, these awareness training is not the only way to protect from any attacks, but it sure is a significant way to add on to the existing security measures of any organization.
Best Blog