Descripción: The Office of the Government Chief Information Officer IT SECURITY GUIDELINES
Deskripsi lengkap
Descripción: It Security Management Checklist
Books for Dummies - IT SecurityFull description
Simplifying It Security for DummiesFull description
The purpose of this Handbook is to develop a model and recommend to IT Director(s) a set of important IT Security tools. These tools not only used by most security professionals but also by …Full description
defisit perawatan diri
A.12.1 Security Procedures for IT Department Integrated Preview EnFull description
Full description
PEDOMAN IPSRSFull description
herramienta para el modelado de amenazasFull description
Descripción: Tograf Security version
Full description
Web Security
herramienta para el modelado de amenazasDescripción completa
/eneficial or 'ositive I!pact of IT security in our Society …………………….. 3ar!ful or Negative I!pact of Co!puter in 2ur Society ……………………… ffects on Technology Technology 2rgani"ations …………………………… …………………………………………… ……………… The I!pact of the IT on our daily life …………………………… …………………………………………… ……………… Conclusion ……………………………… …………………………………………………………………… ………………………………………………. ………….
Security is a basic hu!an concept that has beco!e !ore difficult to define and enforce in the Infor!ation Age. In pri!itive societies& security *as li!ited to ensuring the safety of the group)s !e!bers and protecting physical resources& li+e food and *ater. As society has gro*n !ore co!ple9& the significance of sharing and securing the i!portant resource of infor!ation has increased. /efore the proliferation of !odern co!!unications& infor!ation security *as li!ited to controlling physical access to oral or *ritten co!!unications. The i!portance of infor!ation security led societies to develop innovative *ays of protecting their infor!ation. %or e9a!ple& the :o!an !pire)s !ilitary *rote sensitive !essages on parch!ents that could be dissolved in *ater after they had been read. ;ilitary history provides another !ore recent e9a!ple of the i!portance of infor!ation security. #ecades after apanese encryption codes early in the conflict. :ecent innovations in infor!ation technology& li+e the Internet& have !ade it possible to send vast ?uantities of data across the globe *ith ease. 3o*ever& the challenge of controlling and protecting that infor!ation has gro*n e9ponentially no* that data can be easily trans!itted& stored& copied& !anipulated& and destroyed.
Infor!ation technology security is controlling access to sensitive electronic infor!ation so only those *ith a legiti!ate need to access it are allo*ed to do so. This see!ingly si!ple tas+ has beco!e a very co!ple9 process *ith syste!s that need to be continually updated and processes that need to constantly be revie*ed. There are three !ain obBectives for infor!ation technology security confidentiality& integrity& and availability of data. Confidentiality is protecting access to sensitive data fro! those *ho don)t have a legiti!ate need to use it. Integrity is ensuring that infor!ation is accurate and reliable and cannot be !odified in une9pected *ays. The availability of data ensures that is readily available to those *ho need to use it D%ein!an et. al.& 0E.
2
Infor!ation technology security is often the challenge of balancing the de!ands of users versus the need for data confidentiality and integrity. %or e9a!ple& allo*ing e!ployees to access a net*or+ fro! a re!ote location& li+e their ho!e or a proBect site& can increase the value of the net*or+ and efficiency of the e!ployee. @nfortunately& re!ote access to a net*or+ also opens a nu!ber of vulnerabilities and creates difficult security challenges for a net*or+ ad!inistrator. It is *orth*hile to note that a co!puter does not necessarily !ean a ho!e des+top. A co!puter is any device *ith a processor and so!e !e!ory. Such devices can range fro! non-net*or+ed standalone devices as si!ple as calculators& to net*or+ed !obile co!puting devices such as s!artphones and tablet co!puters. IT security specialists are al!ost al*ays found in any !aBor enterpriseFestablish!ent due to the nature and value of the data *ithin larger businesses. They are responsible for +eeping all of the technology *ithin the co!pany secure fro! !alicious cyber attac+s that often atte!pt to breach into critical private infor!ation or gain control of the internal syste!s.
What is Information Technology 'ecurity(
IT security So!eti!es referred to as co!puter security. Infor!ation Technology security is infor!ation security applied to technology D!ost often so!e for! of co!puter syste!E. In broadly& IT Security is the process of i!ple!enting !easures and syste!s designed to securely protect and safeguard infor!ation Dbusiness and personal data& voice conversations& still i!ages& !otion pictures& !ulti!edia presentations& including those not yet conceivedE utili"ing various for!s of technology developed to create& store& use and e9change such infor!ation against any unauthori"ed access& !isuse& !alfunction& !odification& destruction& or i!proper disclosure& thereby preserving the value& confidentiality& integrity& availability& intended use and its ability to perfor! their per!itted critical functions. Infor!ation Security is co!posed of co!puter security and co!!unication security. The @.S. National Infor!ation Syste!s Security =lossary defines Infor!ation Syste!s Security as the protection of infor!ation syste!s against unauthori"ed access to or !odification of infor!ation& *hether in storage& processing or transit& and against the denial of service to authori"ed users or the provision of service to unauthori"ed users& including those !easures necessary to detect& docu!ent& and counter such threats. Infor!ation security& so!eti!es shortened to InfoSec& is the practice of defending infor!ation fro! unauthori"ed access& use& disclosure& disruption& !odification& perusal& inspection& recording or destruction. It is the preservation of confidentiality& integrity and availability of infor!ation.In addition& other properties& such as authenticity& accountability& non-repudiation and reliability can also be involved.
3
The protection of infor!ation and infor!ation syste!s fro! unauthori"ed access& use&
disclosure& disruption& !odification& or destruction in order to provide confidentiality& integrity& and availability. nsures that only authori"ed users DconfidentialityE have access to accurate and co!plete infor!ation DintegrityE *hen re?uired DavailabilityE. IT Security is the process of protecting the intellectual property of an organisation. IT security is a ris+ !anage!ent discipline& *hose Bob is to !anage the cost of infor!ation ris+ to the business. A *ell-infor!ed sense of assurance that infor!ation ris+s and controls are in balance. IT security is the protection of infor!ation and !ini!ises the ris+ of e9posing infor!ation to unauthorised parties. IT Security is a !ultidisciplinary area of study and professional activity *hich is concerned *ith the develop!ent and i!ple!entation of security !echanis!s of all available types Dtechnical& organisational& hu!an-oriented and legalE in order to +eep infor!ation in all its locations D*ithin and outside the organisation)s peri!eterE and& conse?uently& infor!ation syste!s& *here infor!ation is created& processed& stored& trans!itted and destroyed& free fro! threats. Infor!ation security DinfosecE is the set of business processes that protects infor!ation assets regardless of ho* the infor!ation is for!atted or *hether it is being processed& is in transit or is being stored. Infor!ation security DISE is designed to protect the confidentiality& integrity and availability of co!puter syste! data fro! those *ith !alicious intentions. Confidentiality& integrity and availability are so!eti!es referred to as the CIA Triad of infor!ation security. This triad has evolved into *hat is co!!only ter!ed the 'ar+erian he9ad& *hich includes confidentiality& possession Dor controlE& integrity& authenticity& availability and utility. IT security is Safe-guarding an organi"ation)s data fro! unauthori"ed access or !odification to ensure its availability& confidentiality& and integrity. IT security also +no*n as cybersecurity or coputer security& is the protection of infor!ation syste!s fro! theft or da!age to the hard*are& the soft*are& and to the infor!ation on the!& as *ell as fro! disruption or !isdirection of the services they provide. This is the processing of It includes controlling physical access to the hard*are& as *ell as protecting against har! that !ay co!e via net*or+ access& data and code inBection&G4H and due to !alpractice by operators& *hether intentional& accidental& or due to the! being tric+ed into deviating fro! secure procedures. It also refers to protection of data& net*or+s and co!puting po*er. The protection of data Dinfor!ation securityE is the !ost i!portant. The protection of net*or+s is i!portant to prevent loss of server resources as *ell as to protect the net*or+ fro! being used for illegal purposes. The protection of co!puting po*er is relevant only to e9pensive !achines such as large superco!puters. 4
Co!puter security is the process of preventing and detecting unauthori"ed use of your co!puter. 'revention !easures help you to stop unauthori"ed users Dalso +no*n as intrudersE fro! accessing any part of your co!puter syste!. To prevent theft of or da!age to the hard*are To prevent theft of or da!age to the infor!ation To prevent disruption of service To prevent crac+ers fro! accessing a co!puter syste!& co!puter security individuals need to bloc+ noncritical inco!ing ports on the fire*alls. ;oreover& the ports re!aining open need to be protected by patching the services utili"ing those portse!ail&
Goals of IT security
Infor!ation syste!s are generally defined by all of a co!pany)s data and the !aterial and soft*are resources that allo* a co!pany to store and circulate this data. Infor!ation syste!s are essential to co!panies and !ust be protected. IT security generally consists in ensuring that an organi"ation)s !aterial and soft*are resources are used only for their intended purposes. IT security generally is co!prised of five !ain goals •
Integrity guaranteeing that the data are those that they are believed to be
•
Confidentiality ensuring that only authori"ed individuals have access to the resources
being e9changed •
)*aila+ility guaranteeing the infor!ation syste!)s proper operation
•
,on-re#udiation guaranteeing that an operation cannot be denied
•
)uthentication ensuring that only authori"ed individuals have access to the resources
Issues/Considerations Technical Issues of IT 'ecurity
5
IT syste!s no longer serve the sole purpose of stabili"ing a *or+ing environ!ent. Instead& they have beco!e the very bac+bone of society. ulnerable syste!s therefore pose a ris+ to individuals& co!panies& and all +inds of !odern infrastructure. The first section ai!s to identify current ris+ patterns to IT syste!s& especially fro! a technical point of vie*.
6
Indi*idual ictimiation and amages
The i!pact of cybercri!e re!ains one of the unsolved ?uestions of IT security. 2ften& individuals are not even a*are that they are victi!s of co!puter cri!e. ven if the victi!i"ation is perceived& !any businesses do not !a+e reports to outside organi"ations& either because they fear setbac+s vis-J-vis their co!petitors or because they do not +no* to *ho! to report. In other cases& the possible gain does not see! to be *orth the effort. The ai! of the second section is to highlight ?uestions regarding the e9tent of victi!i"ation. •
0uture e*elo#ments
7
•
Cultural1 'ociological1 and "olitical Im#lications and Control Issues
The pheno!ena of cybercri!e highlight various aspects of the !ediu! KInternet& so!e of *hich can be described as dualis!s& for e9a!ple& Kuse vs. abuse&L Kcontrol vs. freedo!&L Kco-evolution of security !easures and !al*are.L The uni?ue possibilities of the Internet and the ubi?uity of digital !edia open !any different Dlegal& illegal& and KgreyLE possibilities. Society has to cope *ith those challenges. %urther!ore& a successful fight against co!puter cri!e and its repercussions can only be fought if the underlying aspects De.g.& pheno!ena& e9tent& and possible future threatsE are +no*n& and a successful fight can only ta+e place on an international scale since individual actions underta+en at the national level are doo!ed to failure fro! the very beginning. The fourth section *ill cover current and developing !easures against co!puter cri!e. •
Insider threat isnt going aay
Co!panies should +no* *ho they are giving their data to and ho* it is being protected& said Ti! :yan& !anaging director and cyber investigations practice leader at @S-based ris+ !itigation and response fir! Mroll. This re?uires technical& procedural and legal revie*s. There are !any threats for the IT. That are increasing day by day. %or those& IT security is !ore i!portant. •
Cy+er attac4s1 including go*ernment-s#onsored1 continue education and standards #rioritied
As states co!pete to beco!e credible *orld players *e can e9pect to see further announce!ents by various states regarding their offensive and defensive strategies. Cyber is the ne* battlefield& and the fifth ele!ent of *arfare. As such& it)s li+ely that future conflicts *ill involve cyber battles and because of this& states *ill be - and already are - pouring a huge range of resources into developing defence and offence capabilities for cyber *ar. %or protecting cyber *ar *e have to ensure IT security.
8
nter#rises de#loy faster res#onse and reco*ery solutions
Cyber cri!inals *ill increasingly attac+ social platfor!s in 4108. K
co!!on that consu!ers *ill face Kdata breach fatigueL& !eaning they)ll be less li+ely to protect the!selves. •
o' attac4s get e*en +igger +ut 7otnets stic4 around
#istributed denial of service D##oSE attac+s *ere a big deal in 4107 and could be even !ore pro!inent in 4108 NAS#A te!porarily *ent do*n as a result of an attac+ in August& *hile #utch *eb hosting co!pany Cyber/un+er caused a global disruption of the
•
nsuring that your infor!ation re!ains confidential and only those *ho should access that infor!ation& can. ;a+ing sure that your infor!ation is available *hen you need it Dby !a+ing bac+-up copies and& if appropriate& storing the bac+-up copies off-siteE. mail is the #rimary mode of communication
!ail serves the sa!e purpose at !ost organi"ations that phone calls and corporate !e!os did in the 01s. /ecause there is proprietary infor!ation being passed bac+ and forth& each organi"ation assu!es the responsibility of ensuring every e!ail account is secure. Secu rity specialists !ay be as+ed to help onboard the syste!& and then protect the organi"ation fro! potential ris+s as they arise. In the event that an e!ployees e!ail is breached& its up to the specialist to identify and eradicate the proble!. 2nce thats done& the ne9t priority beco!es ensuring that all the other in-house accounts re!ain secure fro! that threat as *ell.
%is4 8anagement
10
9nline searches are essential
!ployees at !any organi"ations are re?uired to do so!e online searches. The proble! is that the !ore searches that are done& the higher the ris+ that an individual !ight clic+ on a conta!inated lin+.
The occasional +reach is una*oida+le
The larger the organi"ation& the !ore co!!on it is for a si!ple virus to infect the syste!. Net*or+ specialists are there to put out the fire *hen it does occur& and theyre essential to the organi"ation in that !anner. #epending on the specialists role& this !ay !ean accepting the occasional independent contract& or it !ay !ean *or+ing for an e!ployer full-ti!e. The !ost i!portant duty for a full-ti!e specialist is to +eep an e ye out for e!erging threats before they arise. Oost or breached infor!ation can represent a !aBor e9pense& and the !ore vigilant a net*or+ing specialist& the less e9posed any organi"ation *ill be. P
ulnera+ility is a point *here a syste! is susceptible to attac+.
P
A threat is a possible danger to the syste!. The danger !ight be a person Da syste! crac+er or a spyE& a thing Da faulty piece of e?uip!entE& or an event Da fire or a floodE that !ight e9ploit a vulnerability of the syste!.
P
Countermeasures are techni?ues for protecting your syste!
11
•
"re*ent Com#uter :ac4ing on an 9rganiation
P
Interconnected Costs ; According to an article published by the //C& co!puter hac+ing
cost co!panies in the @nited Mingdo! billions of pounds in 4118. In their paper The cono!ics of Co!puter 3ac+ing& econo!ists 'eter Oeeson and Christopher Coyne *rite that co!puter viruses created by hac+ers cost businesses Q55 billion in 4117. In 4100& a single instance of hac+ing on the 'lay Station cost Sony !ore than Q0$1 !illion& *hile =oogle lost Q511&111 due to hac+ing in 4115. According to :ichard 'o*er& editorial director of the Co!puter Security Institute& single instances of hac+ing !a y cost as !uch as Q611&111 to Q$! a day for online businesses in 4100& depending upon the revenue of the operation. In addition the !onetary cost arisen fro! co!puter hac+ing& instances of hac+ing costs organi"ations considerable a!ounts of e!ployee ti!e& resulting in the loss of yet !ore !oney.
12
P
P
I nformation Co!puter hac+ing often revolves around infor!ation. 2rgani"ations steal infor!ation such as research& business strategies& financial reports and !ore fro! one another through hac+ing operations. #igiti"ed client databases also fall victi! to hac+ing& *ith hac+ers stealing na!es& addresses& e!ails and even financial infor!ation fro! organi"ations. Such a loss of infor!ation to a s!all business !ay cost a co!petitive edge or the co!plete loss of a client base& effectively ruining the organi"ation. 2n the opposite end of the spectru!& a business participating in co!puter hac+ing !ay gain a *ealth of infor!ation providing a co!petitive edge and access to ne* client bases through the act. 'ersonal or political infor!ation gained through co!puter hac+ing can serve as leverage in business or political dealings. 9rganiational 'tructure The structure of organi"ations previously hac+ed& at ris+ for hac+ing or *ith e9tensive digital net*or+s re?uiring protection fro! hac+ ing often reflects the threat of hac+ing. /usinesses in such a position e!ploy e9tensive infor!ation technology DITE tea!s& *hich *or+ constantly on creating& updating& developing and i!proving co!puter net*or+s and safety to prevent or deter hac+ers fro! accessing infor!ation. S!all businesses *ith li!ited budgets !ay face radical reorgani"ation to cope *ith such efforts& *hile ne* businesses anticipating such preventative !easures !ust *or+ the! into the initial business plan.
'ocial media < a hac4ers= fa*orite target
P
>i4e-?ac4ing occurs *hen cri!inals post fa+e %aceboo+ Kli+eL buttons to
*ebpages. @sers *ho clic+ the button dont Kli+eL the page& but instead do*nload !al*are. P
>in4-?ac4ing this is a practice used to redirect one *ebsites lin+s to another
*hich hac+ers use to redirect users fro! trusted *ebsites to !al*are infected *ebsites that hide drive-by do*nloads or other types of infections. 13
P
"hishing the atte!pt to ac?uire sensitive infor!ation such as userna!es&
pass*ords& and credit card details Dand so!eti!es& indirectly& !oneyE by disguising itself as a trust*orthy entity in a %aceboo+ !essage or T*eet. P
'ocial s#am is un*anted spa! content appearing on social net*or+s and any
*ebsite *ith user-generated content Dco!!ents& chat& etc.E. It can appe ar in !any for!s& including bul+ !essages& profanity& insults& hate speech& !alicious lin+s& fraudulent revie*s& fa+e friends& and personally identifiable infor!ation.
Potential I!act 7eneficial or "ositi*e Im#act of IT security in our 'ociety
Any professional individual li+e doctors& engineers& business!en etc. undergo a change in their style or *or+ing pattern after they get the +no*ledge of co!puter. An individual beco!es !ore co!petent to ta+e a decisions due to the co!puter because all the infor!ation re?uired to ta+e the decision is provided by the co!puter on ti!e. As a result& any individuals or institutions get success very fast. The person *or+ing at the !anagerial level beco!es less dependent on lo* level staff li+e cler+s and accountants. Their accessibility to the infor!ation increases tre!endously. This i!proves their *or+ing patters and efficiency& *hich benefit the organi"ation and ulti!ately affects the society positively. In co!!on life also& an individual gets benefited *ith co!puter technology.
:armful or ,egati*e Im#act of Com#uter in 9ur 'ociety
#ue to any reasons& if the data stored in the co!puter is lost& the person responsible for handling the co!puter *ill have to tolerate a lot. 14
'eople do not use their !ind for co!!on arith!etic& *hich gradually results in loss of their nu!erical ability. Today& any person *ho does not have the +no*ledge of co!puter is considered the second class citi"ens. 'eople have fear that gro*ing children !ay lose their co!!on sense abilities li+e nu!erical ability due to total dependence on co!puters. #ue to the co!puteri"ation *or+load for the e!ployees reduces !any ti!es. As a result& !any organi"ation !ay re?uire to re!ove so!e of its e!ployees. It produces the dissatisfaction and lac+ of security a!ong the e!ployees. #ue to this& e!ployees do not corporate the organi"ation. As a result& the output can be disastrous. As a result of introduction of ne* technology in an organi"ation& the organi"ation !ay need to spend a tre!endous a!ount on the training of its e!ployees.
ffects on Technology 9rganiations
2rgani"ations in the co!puter and technology industry !ay benefit or lose drastically fro! instances of co!puter hac+ing. Independent fir!s speciali"ing in hac+ing prevention soft*are or net*or+ develop!ent stand to benefit tre!endously as the i!pact of hac+ing spreads throughout the *orld. S!all businesses in particular !ay e9pand operations e9ponentially if successful in obtaining and retaining a client base. 3o*ever& a co!pany in this field *hose product or efforts fail in the face of hac+ing face a ruined reputation and thereby the potential loss of a client base and an inability to attract additional clients. The Im#act of the IT on our daily life
There is a big influence of techni?ue on our daily life. lectronic devices& !ulti!edia and co!puters are things *e have to deal *ith everyday. specially the Internet is beco!ing !ore and !ore i!portant for nearly everybody as it is one of the ne*est and !ost for*ard-loo+ing !edia and surely KtheL !ediu! of the future. Therefore *e thought that it *ould be necessary to thin+ about so!e good and bad aspects of ho* this !ediu! influences us& *hat i!pacts it has on our social behaviour and *hat the future *ill loo+ li+e. P P P
Secure *eb bro*sing Secure #ata Secure personal infor!ation 15
Conclusion As Internet use is developing& !ore and !ore co!panies are opening their infor!ation syste! to their partners and suppliers. Therefore& it is essential to +no* *hich of the co !pany)s resources need protecting and to control syste! access and the user rights of the infor!ation syste!. The sa!e is true *hen opening co!pany access on the Internet. ;oreover& because of today)s increasingly no!adic lifestyle& *hich allo*s e!ployees to connect to infor!ation syste!s fro! virtually any*here& e!ployees are re?uired to carry a part of the infor!ation syste! outside of the co!pany)s secure infrastructure. The security policy is all of the security rules that an organi"ation Din the general sense of the *ordE follo*s. Therefore& it !ust be defined by the !anage!ent of the organi"ation in ?uestion because it affects all the syste!)s users.
In this respect& it is not the Bob of the IT ad!instrators to define user access rights but rather that of their superiors. An IT ad!inistrator)s role is to ensure that IT resources and the access rights to these resources are in line *ith the security policy defined by the organi"ation.;oreover& given that he or she is the only person *ho !asters the syste!& he or she !ust give security infor!ation to the !anage!ent& advise the decision !a+ers on the strategies to be i!ple!ented& and be the entry point for co!!unications intended for users about proble!s and security reco!!endations. IT security specialists are al!ost al*ays found in any !aBor enterpriseFestablish!ent due to the nature and value of the data *ithin larger businesses. They are responsible for +eeping all of the technology *ithin the co!pany secure fro! !alicious cyber attac+s that often atte!pt to breach into critical private infor!ation or gain control of the internal syste!s.
that need to constantly be revie*ed. There are three !ain obBectives for infor!ation technology security confidentiality& integrity& and availability of data. Confidentiality is protecting access to sensitive data fro! those *ho don)t have a legiti!ate need to use it. Integrity is ensuring that infor!ation is accurate and reliable and cannot be !odified in une9pected *ays. The availability of data ensures that is readily available to those *ho need to use it D%ein!an et. al.& 0E. Infor!ation technology security is often the challenge of balancing the de!ands of users versus the need for data confidentiality and integrity. %or e9a!ple& allo*ing e!ployees to access a net*or+ fro! a re!ote location& li+e their ho!e or a proBect site& can increase the value of the net*or+ and efficiency of the e!ployee. @nfortunately& re!ote access to a net*or+ also opens a nu!ber of vulnerabilities and creates difficult security challenges for a net*or+ ad!inistrator.
"eferences
17
Infor!ation security&
%ein!an& Todd& =old!an& #avid&
,.
'rice*aterhouseCoopers OO'& :esource 'rotection Services& Security /asics A une 0& 0.
Top 01 IT security issue 411.Available fro! RhttpFFsearchsecurity.techtarget.co!FdefinitionFinfor!ation-security-infosec. G5 >uly 411H.
/usiness #ictionary 4101.Available fro! RhttpFF***.businessdictionary.co!FdefinitionFinfor!ation-security.ht!l. G5 August 4101H.
Top 7 infor!ation. Available fro! R httpFFer.educause.eduFarticlesF4105F0Fthe-top-7strategic-infor!ation-security-issues. G47 %ebruary 411$H.
Top 01 security issue&forbes& 4111. Available fro! RhttpFF***.forbes.co!FsitesF+enrapo"aF4104F04F15Ftop-01-security-issues-that-*illdestroy-your-co!puter-in-4107F. G4( Nove!ber 4111H.
Introduction to IT security& 411.Available fro! R httpFFcc!.netFcontentsF675introduction-to-it-security. G07 >uly 411H.
ffects on co!puter hac+ing& 411(.Available fro! RhttpFFs!allbusiness.chron.co!Feffects-co!puter-hac+ing-organi"ation-0$$5.ht!l. G07 Nove!ber 411(H.