B-Cognizance

IIITA's E-Magazine

Indian Institute of Information Technology - Allahabad

technova - Article 2

 

By

Rehan Khan

MSCLIS

Indian Institute of Information Technology, Allahabad

 

This term has been known to people for long but the need of providing it and the rapid development took place in this field only after the 9/11 terrorist attacks in America. Since then this term ’information security’ is being used in every organization, which has clients as end customers. This has led to a massive development in this field and has also produced tremendous demand for information security professionals and also has led the government of various countries to pass laws and regulations related to this field such as the Sarbanes Oxley Act (SOX) and Health Insurance Portability and Accountability Act (HIPAA) in America, the Information Technology Act 2000 in India etc.

 

Now let us understand what information is before understanding about information security. There are two definitions to information in this perspective which are:

 

Important or useful facts obtained as output from a computer by means of processing input data with a programme. Data at any stage of processing (input, output, storage, transmission, etc) or in other words, it can be said that data with correct context is known as information.

 

Example: A person by the name of Mark, if you just know his name then it is just data but if you know that Mark is a FBI agent then it is information, as it is in the right context as what is Mark’s profession.

 

Now let us move to the definition of information security, which is the maintenance of confidentiality, integrity and availability of information. Confidentiality, meaning its contents must only be known to the authorised personnel, then comes integrity, which means that the contents of the information should remain intact and are not modified during the course of its transit or process. Availability means it is accessible when it is to be and does not suffer from denial of service attacks.

 

 

The major threats to information security are as follows:

 

Internal employees

Error and omission

Dishonest employees

Physical facilities

Disgruntled employees

Hackers and crackers

 

Out of these the major problem posed is by internal employees, which constitute the highest 80 per cent of threats. Hence, information security not only involves good security mechanism for the information but also the selection of people based on their credibility, competence and trustworthiness.

 

Scope of information security:

 

Information security also includes the following aspects:

 

Physical security

Operational security

Personnel security

Physical security includes all the physical assets of the organisation, which needs to be protected from various environmental disturbances such as storms , rain , hurricanes etc. It is the process of protecting hardware so that the software running on it can be protected. Moreover, it include the proper training and guiding of the employees to protect various physical assets .It also includes guidelines and policies related to access of various personnel within the campus limits , proper site selection so as to avert any disaster in case of an emergency

Operational security relates to the protection of various operations that are being conducted in an organisation. In this, the principle of least privilege is being followed according to which only the concerned person related to the job is being informed and knows the details whereas others don’t so as to reduce the matter from spilling.

Personnel security is related to the security of the employees, which is very important and must be dealt with due care because the main asset of any organisation is its employees. It involves proper training and guideline to be issued in case of an emergency, how to respond in such a case , and how to evacuate the buildings ,under whom the whole evacuation or emergency response is going to be made and who all will be responsible for guiding the rest of the employees.

The demand of this stream has sky rocketed as a result of a large number of Information Technology Enabled Services (ITES) companies, which are present and as most of these are outsourced operatives, which need to follow the rules and regulations present in America and United Kingdom for their proper functioning and also due to the fact that we are now moving towards the e-age where most of our business transactions would be done online, which needs to be protected from the dark eyes of cyber criminals who are looking out for vulnerabilities in various systems to be broken and to make easy money. Information security is the top most concern for various banks, financial institutions , intelligence and police agencies , armed forces , research institutes etc. All require their networks to be safe so as to protect the information from being leaked, which can cause them great harm.

 

PS: The author has also published the above article on his blog on www.merinews.com as a citizen journalist.

 

The Relevance of Information Security