Information Security White Paper
Information Security White paper
Information security helps to provide security from unauthorized access, modification or malicious attacks on data. Its importance is to ensure the availability confidentiality and integrity of data in your business. This is vital for the growth of any business or would be dangerous if a businesses data was accessed by a competing business in the same field. This shows that a business needs information security for it to guarantee the protection of its reputation, protect against loss of sensitive and confidential information and so on. Information security helps with allowing for workplace flexibility. Information security will also allow for prevention of data loss ensuring privacy and protection of intellectual data.
Information security threats start at the basic level. The vulnerabilities include confidentiality, which prevents access to sensitive information to which one’s business may have access. Authentication this is whereby the users of your business access your system with passwords. Integrity in any business, data used must be correct with no errors if you do not have security there might be modification of information that may lead to losses, for instance, in profit. Availability is where the system should be easily accessed by those authorized to do so when needed. If there is no security, the information or resources may be withheld and thus bring the business to a standstill. Authorization is another vulnerability that may affect the security of the business. This process allows only users with the necessary credentials to access the information. This may be a select few among the employees to allow for the security of the data. Non-repudiation is where there is a digital signature of everything that is performed by the system. Thus, if something has been done, whoever did it and when it was done thus can easily be realized, and any manipulated data will be caught to prevent any damages. Risk is whereby every system is at risk. Therefore, one has to be able to employ the necessary technologies to try to prevent these risks or threats from affecting your business (Citrix, 2013).
Threats to information security include natural disasters, for instance, earthquakes and floods that may destroy the information. Moreover, accidents that may be caused by humans can still be regarded as disasters, for instance, electrical faults and fire. Human threats, for instance, malicious attacks with viruses that harm or disrupt the normal operations of the business are also regarded as threats to security. Unhappy employees can also cause information security threats. They may give out passwords to outsiders or harm the system personally. Human threats are the most popular as they encourage cracking of passwords over the network by hackers who wire themselves into your system and install worms and viruses. There can also be threats from unsuspecting victims. This can be employees who have the authorization to access the system but perform omissions or deletions that can ultimately lead to damage of the integrity of data. Denial of service attacks are a threat especially where they flood the servers with unnecessary information making it crash and crippling all company activities. Email headers and content have no encryption and the information can be read in transit, therefore, eavesdropping is also regarded as a threat. Packet modification hackers may access data on its way to your system and modify or destroy it while in transit.
There are various technologies to prevent threats on information, for instance, when there is deliberate corruption of electronic files or viruses and worms. The steps to take for hackers include the use of strong passwords or improved technologies like biometrics, which use fingerprint information or eye retina information to provide authorization to the system. This can also be done by improving network security by use of encryption schemes such that even if the hacker accesses information in transit, it is of no use to them as it is encrypted. Viruses are computer programs that replicate themselves. They can be harmless and as such used to relay messages or harmful and used to deny service by overloading and crashing the server. Viruses can also destroy data by giving different information once a file is accessed leading to loss of integrity of data. Worms, on the other hand, are activated once a certain activity is performed. For instance, accessing a specific file and replicating it without the use of another program. Viruses and worms can be handled using antivirus software that scans the system for the codes usually associated with viruses or worms and removes them from the system. Once the antivirus encounters a virus it saves the unique code to find if there are other similar strains in the system (The George Washington University, 2012).
Information Security on denial of service attacks is prevented by checking all incoming emails for viruses using an Antivirus. These types of attacks affect the availability of information. The business can have backups to prevent any loss in case a hacker is able to crash the servers with this attack. The backups can be on site in the form of external hard drives or off site in a different location where users can be able to continue with their activities temporarily before the systems resumes from the crash. Encryption algorithms deny access to the attack and thus keep information safe (GFI, 2013).
Results of using and improving information security include allowing the activities of the system to undergo smooth flow. One can expect that the system of the businesses to allow for integrity availability and confidentiality of their data. Storage and access of data is also improved. Maintenance with global standards of compliance allows for development of information security strategies. The value of the investment of the business will increase since the trust of clients in the system will be improved and increase profits. Safeguarding of information and operations during a natural disaster is paramount as there would be use of backups thus prevent total loss of data.
Citrix. (2013). Top 10 reasons to strengthen information security with desktop virtualization. Retrieved from www.citrix.com
The George Washington University. (2012). Information Security Policy.
GFI. (2013). Security threats: a guide for small and medium businesses. Retrieved from www.gfi.com