Technical aspects of information security essay

Technical aspects of information security

In today’s global markets, business operations are mostly enabled by the use of technology. All across the board businesses make deals, track client accounts and inventory company assets all by using information technology (IT). Information technology is said to be the vehicle that stores and transports information, it’s an organisations most valuable resource from one department to another. In any case whereby the vehicle breaks down even if it’s just for a little while? Business deals tend to fall through, data’s are lost and company assets become even more vulnerable to threats from inside the organisation and even outside of the organisation.

In the last 20years technology has permeated every part of the business environment. Businesses now move when employees move, from city to city. Since businesses have become more fluid, the initial concept of computer security has now been changed to the concept of Information security. This is simply because Information security covers a wide range of issues, from the protection of data to the protection of human resources. Information security is no longer the task of small and dedicated group of individuals in the organisation rather it is the responsibility of employees and mostly management authorities.

As businesses increasingly recognise the importance of Information security, they are beginning to create new positions to solve the new perceived problems. Organisations must realise that information security funding and planning decisions involves three distinct groups of decision makers and not just technical managers. The three group of decision makers include:

Information security managers and professionals
Information technology managers
Non-technical business managers and professionals
These three groups work hand in hand on an overall plan to protect the organisations information assets.

The information security community protects the company’s information assets from the various threats that the company faces from time to time.

The information technology community gives support to the business objectives of the company by supplying and assisting all information technology that the company needs to succeed.

The non-technical general business community manages and communicates company policy, mission statement and objectives. They also allocate resources to the other groups.

In working together these three groups make collective decisions on how best the secure the organisation from various security threats which may well be from outside or inside the organisation.

What is security? In understanding the technical aspects of information security, it is required the definitions of some information technology terms and concepts are understood. Michael and Herbert (2004) defined security as the quality or state of being secure to be free from danger. To be secure is to be protected from adversaries or other hazards. Security is most times achieved by the means of several strategies usually undertaken simultaneously or used in combination with another. These strategies have different have different goals they focus on but in the long run they share many common elements in achieving a common goal which is mainly to secure. From a management view all these strategies must be well planned, staffed, organised, directed and controlled so that they can all achieve the common goal of protection.

Examples of the specialised areas of security include:

Physical security: This mainly deals with the strategies to protect individuals, physical assets and the work place from different kinds of threats which may be in the example of fire, natural disaster, and unauthorised access.

Personal security: This is in relation with the physical security it simply has to do with the protection of individuals within the organisation.

Operations security: This secures the organisations day to day activities without interruption or compromise.

Communications security: Encompasses the protection of the company’s communications media, technology and content, and its ability to use these tools to achieve the organisations objective.

Network security: Protection of the organisations data network is very important. It is the area that is vulnerable to threats mainly. The protection of the various networking devices, connections and contents is very vital to the organisations data communication function.

All these areas contribute to the Information security program of the organisation as a whole.

Security is Inconvenient
Security, by its nature, is inconvenient especially in SMEs ant the more elaborate and technical the security mechanism, the more inconvenient the whole security process become. Employees have so much work to do, they want to get their jobs done right away. Most security mechanisms, from passwords to various kinds of authentication are seen by the employees as obstacles to their productivity. One of the common trends of information security is to add whole disk encryption to laptops or desktops. This is highly recommended in information security process because it adds a second login step before any computer user can actually have access in order to perform various tasks using the computer. John (2009) went on to explain that security implementations are based on a sliding scale, one end of the scale is total security and total inconvenience, while the other is total insecurity and complete ease of use. If an organisation wants to implement any security mechanism it is advised that the security implementation scale be put to use to determine where the level of security and ease of use match the acceptable level of risk for the organisation.

Why security?
In the ever changing world of global data communications, inexpensive internet connections, and the fast paced software development, information security is becoming more important. Security is said to be a basic requirement in the world we live in today as long as you want to keep your information safe because the global computing is inherently insecure, as explained earlier it can be inconvenient but necessary. As data is being transmitted from one point to another, it passes through several points along the way whereby giving other people the opportunity to eaves drop or intercept the information being transmitted and even alter it. Nikos (2007)

Information Security:
By definition, information security exists to protect an organization’s valuable information resources. An effective information security program preserves the organisations information assets and helps to meet business objectives. Thomas (2002), made it clear that Information Security Policies, Procedures, and Standards, guidelines effective Information Security Management and provides tools which the organisation need to select, develop, and apply a security program that will be seen not as a nuisance but as a means to meeting your organization’s goals.

Key concepts of Information Security
In understanding the management of information security better, it is necessary to be familiar with the key characteristics of information that makes it valuable to SMEs. The first three characteristics are mentioned in the C.I.A triangle model (confidentiality, integrity, and availability).

Confidentiality of information ensures that only individuals that have been authorised may have access to certain information. When unauthorised persons or system can access information, confidentiality is breached. In order to protect the confidentiality of information, a number of measures are used which include:

Information classification
Secure document storage
Application of general security policies
Training of information custo……………………………….

---

we can write the assignment for you. Just click the “ORDER NOW” button to place Your Order