School of Information Systems

INFORMATION SECURITY

Information security is a process and tool designed to protect important and confidential business information from modification and damage. Information Security is not only about securing information from unauthorized access. Information Security is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction of data. Information can be physical or electronic.

There are five main factors contribute to the increasing vulnerability of an organization’s information resources, making them much more difficult to secure:

  1. The first factor is the evolution of IT resources from just mainframes to today’s highly complex, interconnected, interdependent, wireless network business environment.
  2. The second factor reflects the fact that modern computers and storage devices for example, thumb drives or flash drives—continue to become smaller, faster, cheaper, and more portable, with greater storage capacity. These characteristics make it easier to steal or lose computers or storage devices that contain large amounts of sensitive information.
  3. The third factor is that the computational skills required to become a hacker are decreasing. The reason is that the Internet contains information and computer programs called scripts that can be downloaded and used by users with limited skills to attack any information system connected to the Internet.
  4. The fourth factor is that international organized crime is taking over cybercrime. Cybercrime refers to illegal activities carried out over computer networks, particularly the Internet.
  5. The fifth factor is lack of management support. Managers are in close contact with employees daily and are thus in a better position to determine whether employees are following safety procedures.

There are three principles of information security, as follows:

  • Confidentiality means information is not disclosed to unauthorized individuals, entities, and processes.
  • Integrity means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorized way.
  • Availability means information must be available when needed.

Information systems are vulnerable to many potential hazards and threats. They are two major categories of threats unintentional threats and deliberate threats. There are several types of threats in information security:

  • Espionage or offense
  • Information blackmail
  • Sabotage or vandalism
  • Theft of equipment or information
  • Identity theft
  • Compromise on intellectual property
  • Software attack
  • Foreign software
  • Surveillance control and data acquisition (SCADA) attacks
  • Cyber terrorism and cyber-warfare

Information security is critical to small businesses. Large organizations that experience an information security problem have more significant resources to resolve and survive the crisis. In contrast, small businesses have fewer resources and can be more easily crippled by a data breach.

A risk is a probability that a threat will impact an information resource. Risk management aims to identify, control, and minimize the impact of hazards.

There are several risk mitigation strategies that organizations can adopt. Risk acceptance, limitation, and transference are the three most common.

  • Risk acceptance: Accept the potential risk, continue operating with no controls and absorb any damages that occur.
  • Risk limitation: Limit the risk by implementing controls that minimize the impact of the threat.
  • Risk transference : Transfer the risk by using other means to compensate for the loss, such as by purchasing insurance.

References :

https://education.wiley.com/ng-course-dashboard/index.html#/course-resources

Information Security: Pengertian, Jenis, hingga Ancamannya

https://www.geeksforgeeks.org/what-is-information-security/#:~:text=Information%20Security%20is%20basically%20the,be%20physical%20or%20electronic%20one

Michael Yohannes Turisno, Marisa Karsen