the Security of Information Systems and Networks

In the modern world, many organizations are increasingly aware of the importance of keeping all resources, whether they be virtual as well as physical in order to be safe from the threat of either from within or from outside. The first computer system that only has a little security protection, however this changed during the war viaetnam when a number of computer security installation marred protestors. This experience inspired the industry to put care security that aims to eliminate or reduce the possibility of damage or destruction of the dengnan organization as well as providing the ability to continue activities operational after a disruption.
the Security of Information Systems and Networks

Approaches that began among industry emulated and expanded. When this federal prevention are implemented, two important issues have to be addressed namely security versus individual rights and safety versus availability.

INFORMATION SECURITY

While Government and industry began to realize the need to secure their information resources, attention is focused almost exclusively on perlindunga hardware data then the term system security is used. System security term used to describe both computer equipment and perlindungna nonkomputer, facilities, data and information from the misuse of the parties.

The Goal Of Information Security
Information security ditujuakn to achieve three main goals:
a. confidentiality. The company strives to protect your data and information from disclosure of people who weren't authorized.
b. availability. The purpose of the enterprise information infrastructure is to provide data and information for the parties who have authority to use it.
c. integrity. All information systems must provide an accurate representation of the physical system which they represent.

INFORMATION SECURITY MANAGEMENT

At its most basic, information security management consists of four stages:
a. identify the threats that could strike the company's information resources
b. Mendefenisikan of the risks that can be caused by these threats
c. determine the security policy information
d. Implement controls to address those risks.

The term risk management (risk management) was created to describe this approach where the security level of information resources of the company compared with the risks it faces.

Benchmark is the level of performance that suggested. Benchmark information security is the recommended security level under normal circumstances should offer sufficient protection against unauthorized interference. standard or benchmark for this kind of determined by Government and industry associations as well as reflecting the components of a good security program informais according to the authority.

When companies follow this approach, which is called the compliance benchmark it can be assumed that the Government and the authority of the industry has done a good job in considering various threats and risks and a benchmark that offers good protection.

The THREAT of
The threat of information security (Information Security Threat) is a person, organization, mechanism, atauperistiwa that have the potential to jeopardize the company's information resources. In fact, threats can be internal as well as external and accidental and unintentional.

Internal and external threats
Internal threat not only includes the employees of the company, but also temporary workers, consultants, contractors, even business partners of the company. Internal threats are estimated to generate damage are potential is more serious when compared with external threats, due to internal anccaman knowledge more profound will those systems. External threats such as another company that has a product similar to a product company or also known as competitors attempt.

The actions of accidents and intentional not all threats of intentional action is undertaken with the aim of harm. Some is injury caused by people inside or outside the company. is the same as
These Kinds Of Threats:
Malicious software, or malware consist of complete programs or segments of code that can attack a system and perform functions that are not expected by the owner of the system. These functions can remove files, or cause the system to stop. There are some malicious software jensi, namely:

a. Virus. Is a computer program that can replicate itself without can be observed by the user and attaching a copy of itself to the programs and another boot sector

b. worms. The program can not mereplikasikan himself in the system, but it can deploy a copy by e-mail

c. the Trojan Horse. The program cannot replicate or distribute themselves, however, are distributed as a device

d. Adware. The program displays the message the annoying advertising messages

e. Spyware. Programs that collect data from a user machine

RISKS
The risk of information security (Information Security Risk) is defined as the potential output is not expected from breach of information security by information Security Threats. All risk of unauthorized action represents. Risks such as these are divided into four types, namely:

a. disclosure of Informsi which is not terotoritasis and theft. When a data base and software libraries are available to people who should not have access, the result is the loss of information or money.

b. Unauthorized Use. Unauthorized usage occurs when people who are usually not entitled to use the company's resources are capable of doing so.

c. unauthorized Destruction and denial of service. Someone can damage or destroy hardware or software, causing the company's computer operations do not function.

d. modification of the Authorize. Changes can be done on the data, information, and software companies that can take place imperceptibly and lead users to output the system take a wrong decision.

RISK MANAGEMENT (RISK MANAGEMENT) AND INFORMATION SECURITY POLICY
Risk management is one of two strategies to achieve information security. The risk can be managed by means of control or eliminate the risk or reduce its effects. Pendefenisian risk consists of four steps:

1. identify business assets that must be protected from the risk of
2. Be aware of the risks
3. Determine the level of impact on the companies if the risk actually happen
4. Analyze the weaknesses of the company
Next Post Previous Post