Elements of Information Security
The fast growing of internet technologies and information technologies forces individuals, educational institutes or enterprises to use the internet that also introduces numerous illegal users which destroy or attack network security with the help of various fake websites, Trojan horse or other viruses, fake mails and many more (Yim et al, 2014). Computer systems are mostly affected by this network attacks and even can bring computer networks in state of paralysation. Intruders or illegal users use huge information from computer networks for their personal benefits. Further, some invaders use that information to cause huge disastrous activities by targeting military or government departments that can cause threat to national as well as social security.
Information security elements:
The security of information needs to be based on business objectives and ensures enterprise security. The protection of networks needs to be handled by top management of enterprises. The system for security needs to be cost effective. The policies related to information security needs to be published in detailed manner by describing role of each employee in enterprises. The system needs to be monitored on continuous basis that will avoid unauthorised access to information systems and enhance privacy of network as well (Lesjak et al, 2015). During development of information systems, analysis of risks, analysis of business impact and classification of information documents needs to be considered. Reassessment of information system needs to be done on continuous basis for its modifications and improvement of networks. Organization’s culture also needs to be considered while developing secured information system.
Security characteristics:
Data needs to be integrated in effective manner and its modification needs to be done by authorised persons only. Data encryption needs to be considered for avoiding any unauthorised access form external users (Xie et al, 2014). Data should be available to authorised users on their demands only. The flow of data needs to be controlled in effective manner by following appropriate information patterns like data access, contents or communication for secured IT systems.
Security awareness:
The certain awareness programs needs to be introduced at different organizational levels for the IT security purposes. Education related to security needs to be done in such manner that should be cost effective and strategies need to be developed for security purposes (Ahmad et al, 2014). The awareness gap is created due to lack of inappropriate knowledge related to security of information technology systems.
Network security threats:
The human errors like improper usage by operators, vulnerabilities related to security configuration, lack of security awareness among users, or usage of simple passwords are some threats that can affect IT security systems. Security attacks in terms of active or passive attacks may possess threat to information or data stored in the systems and at the same time, privacy or confidentiality of security systems may also be suffered due to these attacks (Cardenas et al, 2013). Lack of secure networking software may also make IT systems more vulnerable to hackers and unauthorised users. Illegal users which can access personal information by unauthorised manner are also one of network security threat that is affecting IT systems.
Security solutions:
Firewalls are networking devices which are used for restricting passage of traffic in between the different networks. This consists of both software as well as hardware components and helps in implementing policies of security in effective manner (Zhao and Ge, 2013). Detection system for intrusion monitors IT systems on real time basis by using various sensors, analysers or components of user interface. This system works by gathering information from different sources or networks and accordingly analyses invasion signs by interpreting patterns of unauthorised activities on the system.
References
Ahmad, A., Maynard, S. and Park, S. (2014) Information security strategies: towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), pp.357-370.
Cardenas, A., Manadhata, P. and Rajan, S. (2013) Big data analytics for security. IEEE Security & Privacy, 11(6), pp.74-76.
Lesjak, C., Hein, D. and Winter, J. (2015) Hardware-security technologies for industrial IoT: TrustZone and security controller. In Industrial Electronics Society, IECON 2015-41st Annual Conference of the IEEE (pp. 002589-002595). IEEE.
Xie, F., Peng, Y., Zhao, W., Gao, Y. and Han, X. (2014) Evaluating Industrial Control Devices Security: Standards, Technologies and Challenges. In IFIP International Conference on Computer Information Systems and Industrial Management (pp. 624-635). Springer Berlin Heidelberg.
Yim, K., Castiglione, A. and You, I. (2014) Prosperity of IT security technologies in homeland defense. J. Ambient Intelligence and Humanized Computing, 5(2), pp.169-171.
Zhao, K. and Ge, L. (2013) A survey on the internet of things security. In Computational Intelligence and Security (CIS), 2013 9th International Conference on (pp. 663-667). IEEE.