Webeks.net - freelance programming
freelance programming - php, Joomla, Zend ...
Home :: Articles :: Inf. systems :: Information system security

Information system security

Written by Miha

Here are some notes I took when reading Managing information system security and privacy.

We have to distinguish between technology security and systems security.

  • Security is a minimization of vulnerabilities of assets and resources.
  • Information technology security - security of systems that are based on computers
  • Information systems security - security of computer based systems that includes human factor.

 

Information systems (IS) security importance and legislation

Security importance has been growing with the wider application and penetration of computer communications during last decades. Until recently the emphasis in the field of security and privacy has been on technology. Today the importance of the human factor became a major concern as human resources usually present the weakest link in the security. Security and privacy should become integral part of corporate culture.

Legislation always lags behind technological advances. Legislation is important not only to prevent unacceptable practices but also to support and stimulate further development.

 

Important concepts related to information security

  • Threat - any potential cause of an incident
  • Risk - potential of a given threat to exploit vulnerabilities of an asset and cause damage
  • Vulnerability - weakness that may be exploit by a threat
  • Risk management - process of identifying, controlling and minimizing events that may endanger resources
  • Risk analysis - identifying security risks, their magnitude and required safeguards
  • Safeguards - comprise practices, procedures or mechanisms that reduce risks
  • Residual risk - risk remaining after the implementation of safeguards (should be sufficiently low to be acceptable)
  • Baseline control - the determined minimal set of safeguards

 

  • Security policy - rules and practices that govern information systems assets protection
  • Configuration management - process dealing with keeping track of system changes in order to prevent the degradation of implemented safeguards as the result of change

 

blog comments powered by Disqus
back to top
< Prev   Next >