B-Cognizance IIITA's E-Magazine |
Indian Institute of Information Technology - Allahabad |
technova - Article 2 |
By Rehan Khan MSCLIS Indian Institute of Information Technology, Allahabad
This term has been known to people for long but the need of providing it and the rapid development took place in this field only after the 9/11 terrorist attacks in America. Since then this term ’information security’ is being used in every organization, which has clients as end customers. This has led to a massive development in this field and has also produced tremendous demand for information security professionals and also has led the government of various countries to pass laws and regulations related to this field such as the Sarbanes Oxley Act (SOX) and Health Insurance Portability and Accountability Act (HIPAA) in America, the Information Technology Act 2000 in India etc.
Now let us understand what information is before understanding about information security. There are two definitions to information in this perspective which are:
Important or useful facts obtained as output from a computer by means of processing input data with a programme. Data at any stage of processing (input, output, storage, transmission, etc) or in other words, it can be said that data with correct context is known as information.
Example: A person by the name of Mark, if you just know his name then it is just data but if you know that Mark is a FBI agent then it is information, as it is in the right context as what is Mark’s profession.
Now let us move to the definition of information security, which is the maintenance of confidentiality, integrity and availability of information. Confidentiality, meaning its contents must only be known to the authorised personnel, then comes integrity, which means that the contents of the information should remain intact and are not modified during the course of its transit or process. Availability means it is accessible when it is to be and does not suffer from denial of service attacks.
The major threats to information security are as follows:
Internal employees Error and omission Dishonest employees Physical facilities Disgruntled employees Hackers and crackers
Out of these the major problem posed is by internal employees, which constitute the highest 80 per cent of threats. Hence, information security not only involves good security mechanism for the information but also the selection of people based on their credibility, competence and trustworthiness.
Scope of information security:
Information security also includes the following aspects:
Physical security Operational security Personnel security
Personnel security is related to the security of the employees, which is very important and must be dealt with due care because the main asset of any organisation is its employees. It involves proper training and guideline to be issued in case of an emergency, how to respond in such a case , and how to evacuate the buildings ,under whom the whole evacuation or emergency response is going to be made and who all will be responsible for guiding the rest of the employees.
PS: The author has also published the above article on his blog on www.merinews.com as a citizen journalist.
|
The Relevance of Information Security |