Wednesday, 10 March 2010
Information Security: - science that works to provide protection of information from the risks that threaten or attack through providing the necessary tools and means available to protect information from internal or external risks. Standards and procedures taken to prevent access to information by unauthorized persons through communication and to ensure the authenticity of such communications.
The security of information is old, but began to be used effectively since the development of technology and:-
1-Operating systems, protection systems.
2-Protection systems programs and applications.
3-Systems, protection of databases.
4- Access protection systems.
The simplest types of protection is the use of a person who used the definition of use and reliability, legitimacy and the means designed to ensure the use of system or network of the person authorized to use and includes community types of passwords, smart cards used for the definition, the definition of biological means of which depends on the specific attributes of a person related to the user built Diversity keys encrypted and can join this community to close the so-called electronic delineate areas of force.
We note from the above that all this technology has reached the world can not live without the security of information For example, the banking system if there is no security information could any person that enters the system and change up and become a millionaire from nothing.
To know the degree of protection should be provided, information is classified according to their importance, it is this information does not require protection at all, and can be obtained from want, and which require a degree of protection and can be obtained a certain amount of people, and of which requires the maximum protection and can not be obtained only by one person.
Means of protection:-
Should be prepared by each institution has its own way to provide information security risk within the limits of potential regulatory and budget allocated for protection, and should not be a weak security measures can not guarantee the required protection and not be exaggerated to some extent affect the performance of services in the nature of the information system.
The adoption of information security and auditing:-
Become information systems, databases and networks backbone of world knowledge and industrial, financial, health and other sectors. It became important to maintain the security of the information of the three main elements: confidentiality, propriety and continuity. At the global level highlights of ISO accreditation, evaluation and standardization 27001 to ensure the security of information. There is also a system of HIPAA in the United States to ensure the security of health information system of the ISACA COBIT for the security of information.
Certification of information security experts:-
CISA is the information systems auditor approved one of the leading certification in the management information systems. It is also CISSP certified information security expert testimony supported a task in information security. There are also specialized certificates in most large companies to customize the security of information, such as Microsoft, Cisco and other companies.
Includes the purpose of the preparation of a strategy to ensure security of information provide the following basic elements provide adequate protection of information and systems:-
1-Confidentiality:- to ensure that the information can not be accessed or obtained by the parties are not allowed to do so.
2-Identified:- to ensure the identity of the user of information systems when he wants to deal with, and verify that it is the same user.
3-Safety content-: Make sure that the information is correct and has not been modified.
4-Continuity:- Ensure the maintenance of the information system all the components of computers and software and communication equipment and others, and provide services to beneficiaries.
5-Non-repudiation: the uncertainty of which has something connected with information and the inability to deny having actually this work.
Such as electronic signature and electronic authentication.