Information Security
What is information security? What are different parts of information security? Let’s find out here…
The most important aspect of Information Security is the security policy. If Information Security were a person, the security policy would be the central nervous system. Policies become the core of Information Security that provides a structure and purpose for all other aspects of Information Security.
Another aspect of Information Security is organizational security. Organizational security takes the written security policy and develops the framework for implementing the policy throughout the organization. This would include tasks such as getting support from senior management, crating an Information Security awareness program, reporting to an information steering committee, and advising the business units of their role in the overall security process. The role of Information Security is still so large that there are many other aspects beyond just the organizational security and security policy.
Yet another aspect of Information Security is asset classification. Asset classification takes all the resources of an organization and breaks them into groups. This allows for an organization to apply differing levels of security to each of the groups, as opposed to security settings for each individual resource. This process can make security administration easier after it has been implemented, but the implementation can be rather difficult. However, there is still more to Information Security.
Another phase of Information Security is personnel security. This can be both fun and taxing at the same time. Personnel security can often be a duty of another person and not the sole duty of the Information Security manager.
However, there is still more to Information Security. Another area of Information Security is communication and operations management. This area can often be overlooked in smaller organizations because it is often mistakenly considered overhead. Communication and operations management encompass such tasks as ensuring that no one person in an organization has the ability to commit and cover up a crime, making sure that systems that are being disposed of are being disposed in a secure manner. While it is easy to overlook some of these tasks, doing so can create large security holes in an organization.
Access control is another core component of Information Security. Following the analogy used previously, if Information Security is the central nervous system of Information Security, access control would be the skin. Access control is responsible for following only authorized users to have access to your organization’s system and also for limiting what access an authorized user does have. Access control can be implemented in many different parts of information systems. Some common places of access control include:
In addition to keeping our systems secure from attackers, we also need to keep our systems running in the event of a disaster – natural or otherwise. This becomes another facet of Information Security, and is often called business continuity planning. Every Information Security professional should have some idea of business continuity planning.
The last aspect of Information Security discussed here is compliance. Now you may be thinking that compliance is someone else’s job. And you might be telling the truth; but if we go back to our analogy that if Information Security were a person with security policy being the backbone and access control being the skin, then compliance would be the immune system.
So may be now you see why Information Security is so difficult to define – it is just huge. With all the phases from policy to telecommunications, there is a lot to it. All the phases are equally important, because when it comes to threats to an organization, a breakdown in any of the phases of Information Security can present a gaping hole to the attacker. This is why the Information Security professional must have an understanding of all the aspects of Information Security.
Another aspect of Information Security is organizational security. Organizational security takes the written security policy and develops the framework for implementing the policy throughout the organization. This would include tasks such as getting support from senior management, crating an Information Security awareness program, reporting to an information steering committee, and advising the business units of their role in the overall security process. The role of Information Security is still so large that there are many other aspects beyond just the organizational security and security policy.
Yet another aspect of Information Security is asset classification. Asset classification takes all the resources of an organization and breaks them into groups. This allows for an organization to apply differing levels of security to each of the groups, as opposed to security settings for each individual resource. This process can make security administration easier after it has been implemented, but the implementation can be rather difficult. However, there is still more to Information Security.
Another phase of Information Security is personnel security. This can be both fun and taxing at the same time. Personnel security can often be a duty of another person and not the sole duty of the Information Security manager.
However, there is still more to Information Security. Another area of Information Security is communication and operations management. This area can often be overlooked in smaller organizations because it is often mistakenly considered overhead. Communication and operations management encompass such tasks as ensuring that no one person in an organization has the ability to commit and cover up a crime, making sure that systems that are being disposed of are being disposed in a secure manner. While it is easy to overlook some of these tasks, doing so can create large security holes in an organization.
Access control is another core component of Information Security. Following the analogy used previously, if Information Security is the central nervous system of Information Security, access control would be the skin. Access control is responsible for following only authorized users to have access to your organization’s system and also for limiting what access an authorized user does have. Access control can be implemented in many different parts of information systems. Some common places of access control include:
- Routers
- Firewalls
- Desktop operating system
- Fire server
- Applications
In addition to keeping our systems secure from attackers, we also need to keep our systems running in the event of a disaster – natural or otherwise. This becomes another facet of Information Security, and is often called business continuity planning. Every Information Security professional should have some idea of business continuity planning.
The last aspect of Information Security discussed here is compliance. Now you may be thinking that compliance is someone else’s job. And you might be telling the truth; but if we go back to our analogy that if Information Security were a person with security policy being the backbone and access control being the skin, then compliance would be the immune system.
So may be now you see why Information Security is so difficult to define – it is just huge. With all the phases from policy to telecommunications, there is a lot to it. All the phases are equally important, because when it comes to threats to an organization, a breakdown in any of the phases of Information Security can present a gaping hole to the attacker. This is why the Information Security professional must have an understanding of all the aspects of Information Security.
|
Use the feedback form below to submit your comments.
Use the form below to email this article to your friends.
- California Data Security Breach Act Helps Protect Private Information
- Internet Security
- What Is an Internet Filter?
- Home Computers are Becoming a Prime Target for Computer Thieves
- Privacy And Security Features Of Internet Explorer
- Do You Want Someone To Know Your Secrets? Protect Yourself with a Firewall
- Security Hole Mail Header Injection at PHP
- Protecting your website from Stealing Dogs: Use Javascript Coding for avoiding content theft
- How to Secure a Cable Internet Connection
- Wireless Security Cameras for the Internet - Why Do You Need One?
- Web Application Vulnerability Assessment Essentials: Your First Step to a Highly Secure Web Site
- The Main Online Threats
- Checklist for Internet Security Software and Firewall
- Everything you need to know about a computer virus
- VoIP Security – How Secure Are Your Calls?
- Keep Your Data Safe Behind a Firewall
- The Next Big IT Crash is Coming Soon
- DOS Attacks - Denial of Service Attacks
- Security Professionals Found Operating Unsecured Networks
- Network Security