Information Security - which centers on the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
The Different Types of Components of an Information Security.
Computer security rests on confidentiality, integrity, and availability. The interpretations of these three aspects vary, as do the contexts in which they arise. The interpretation of an aspect in a given environment is dictated by the needs of the individuals, customs, and laws of the particular organization.
o Confidentiality - is the concealment of information or resources. The need for keeping information secret arises from the use of computers in sensitive fields such as government and industry.
o Integrity - refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change. Integrity includes data integrity (the content of the information) and origin integrity (the source of the data, often called authentication).
o Availability - refers to the ability to use the information or resource desired. Availability is an important aspect of reliability as well as of system design because an unavailable system is at least as bad as no system at all. The aspect of availability that is relevant to security is that someone may deliberately arrange to deny access to data or to a service by making it unavailable.
o Accuracy – Information has accuracy when it is free from mistakes or errors and it has the value that the end user expects.
o Authenticity – of information is the quality or state of being genuine or original, rather than a reproduction or fabrication.
o Utility – of information is the quality or state of having value for some purpose or end. Information has value when it can serve a purpose.
o Possession – of information is the quality or state of ownership or control. Information is said to be in one’s possession if one obtains it, independent of format or other characteristics.
C.I.A. triangle
· The C.I.A. triangle has been considered the industry standard for security since the development of the mainframe. It was solely based on three characteristics that described the utility of information: confidentiality, integrity, and availability. The interpretations of these three aspects vary, as do the contexts in which they arise.
· The CIA security triangle is an important security concept because all security controls, mechanisms, and safeguards are implemented to provide one or more of these protection types. All risks, threats, and vulnerabilities are measured for their potential capability to compromise one or all of the CIA triad principles. This triad is the basis for creating a holistic security plan to protect all of your organization’s critical and sensitive assets.
o Utility – of information is the quality or state of having value for some purpose or end. Information has value when it can serve a purpose.
o Possession – of information is the quality or state of ownership or control. Information is said to be in one’s possession if one obtains it, independent of format or other characteristics.
C.I.A. triangle
· The C.I.A. triangle has been considered the industry standard for security since the development of the mainframe. It was solely based on three characteristics that described the utility of information: confidentiality, integrity, and availability. The interpretations of these three aspects vary, as do the contexts in which they arise.
· The CIA security triangle is an important security concept because all security controls, mechanisms, and safeguards are implemented to provide one or more of these protection types. All risks, threats, and vulnerabilities are measured for their potential capability to compromise one or all of the CIA triad principles. This triad is the basis for creating a holistic security plan to protect all of your organization’s critical and sensitive assets.
The evolution of information security over the years
· These days, information flows throughout computer systems like fish flow through the sea. This presents a wealth of opportunities for people to steal data; that is why information security is a necessity.
· 1960s: Organizations start to protect their computers
The largest security concerns at this interval were at the points of access. Anyone with enough knowledge about how to work a computer could break into a facility and start accessing sensitive data. In order to secure terminals, passwords and multiple layers of security protection were added to devices.
· 1970s: The first hacker attacks begin
At this point in the history of information security, network computing was in its infancy (the internet as we know it today wouldn't exist until the end of the 1980s). However, while there was no massive global network connecting every device that wanted to be connected, large organizations, especially governments, were starting to link computers via telephone lines. Recognizing this, people started to seek ways to infiltrate phone lines connected to computers, so that they could steal data. These people became the first groups of hackers.
· 1980s: Governments become proactive in the fight against cybercrime
By the 1980s, hacking had already burgeoned into an international crime issue. Limited information security systems could not keep up with the constant barrage of clever approaches hackers used to break into computer systems. This fact became extremely prominent when a small group of teenagers from Milwaukee, known as "the 414s," broke into over 60 military and corporate computer systems and stole over $70 million from U.S. banks. In response to this information security crisis, governments started to actively pursue hackers, including the 414s. At this point in time, the sentences were exceedingly light, ranging from stern warnings to probation.
· These days, information flows throughout computer systems like fish flow through the sea. This presents a wealth of opportunities for people to steal data; that is why information security is a necessity.
· 1960s: Organizations start to protect their computers
The largest security concerns at this interval were at the points of access. Anyone with enough knowledge about how to work a computer could break into a facility and start accessing sensitive data. In order to secure terminals, passwords and multiple layers of security protection were added to devices.
· 1970s: The first hacker attacks begin
At this point in the history of information security, network computing was in its infancy (the internet as we know it today wouldn't exist until the end of the 1980s). However, while there was no massive global network connecting every device that wanted to be connected, large organizations, especially governments, were starting to link computers via telephone lines. Recognizing this, people started to seek ways to infiltrate phone lines connected to computers, so that they could steal data. These people became the first groups of hackers.
· 1980s: Governments become proactive in the fight against cybercrime
By the 1980s, hacking had already burgeoned into an international crime issue. Limited information security systems could not keep up with the constant barrage of clever approaches hackers used to break into computer systems. This fact became extremely prominent when a small group of teenagers from Milwaukee, known as "the 414s," broke into over 60 military and corporate computer systems and stole over $70 million from U.S. banks. In response to this information security crisis, governments started to actively pursue hackers, including the 414s. At this point in time, the sentences were exceedingly light, ranging from stern warnings to probation.
· 1990s: Organized crime gets involved in hacking
After the worldwide web was made available in 1989, people started putting their personal information online; organized crime entities saw this as a potential revenue source, and started to steal data from people and governments via the web. Firewalls and antivirus programs helped protect against this, but the web was a mostly unsecured and rapidly burgeoning network.
· 2000s: Cybercrime becomes treated like a crime
While governments had been pursuing cyber criminals for decades, most punishments were light, often being limited to a confiscation of computer equipment and a ban from computer use for a certain period of time. This changed in the 2000s as governments started to recognize the dangers of hacking. Hackers were jailed for years as punishment for cybercriminal activity. Jeanson James Ancheta, for example, who used hacking to steal less than a millionth of a percent of the amount that "the 414s" stole, was sentenced to five years of jail time. By 2010, high-profile hackers were getting decades in prison for cybercrimes.
After the worldwide web was made available in 1989, people started putting their personal information online; organized crime entities saw this as a potential revenue source, and started to steal data from people and governments via the web. Firewalls and antivirus programs helped protect against this, but the web was a mostly unsecured and rapidly burgeoning network.
· 2000s: Cybercrime becomes treated like a crime
While governments had been pursuing cyber criminals for decades, most punishments were light, often being limited to a confiscation of computer equipment and a ban from computer use for a certain period of time. This changed in the 2000s as governments started to recognize the dangers of hacking. Hackers were jailed for years as punishment for cybercriminal activity. Jeanson James Ancheta, for example, who used hacking to steal less than a millionth of a percent of the amount that "the 414s" stole, was sentenced to five years of jail time. By 2010, high-profile hackers were getting decades in prison for cybercrimes.
· 2010s: Information security becomes serious
Although criminal prosecutions, firewalls and antivirus software had served as deterrents to cybercriminals, they did not stop hackers who were skilled and bold enough to break into computer networks. At this point in the history of information security, security experts started to realize that the best way to protect data was to make it truly inaccessible to hackers. To this end, data encryption, which scrambles data to render it unreadable to unauthorized users, became more widespread. In many cases, encryption occurs at multiple levels, including on digital files, networks and during data transmissions. Organizations now also implement comprehensive information security policies that prevent their employees from making any mistakes that make data accessible to intruders.
Information – is news or knowledge received or given.
Computer Security - also known as cybersecurity or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
Information security - is extremely important to society in order to protect people and businesses property. It has come a long way from when computer systems were first invented. Information security is all the processes and policies designed to protect organizations information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
