Page 21 - DCAP516_COMPUTER_SECURITY
P. 21

Unit 2: Information Security Policies




          but the policy is intended to protect the organizational network from abuses from within and  Notes
          without. It should be noted that the policy cannot guarantee that abuses cannot occur.
          It is worth making policy abuse statements at ‘log on’ screens to indicate that anyone logging on
          to a particular machine or domain who is not authorized may be prosecuted. This wording
          should be done in a legal manner and those who create the policies should consider consulting
          with their attorneys about the proper wording of these statements.

          Self Assessment

          Fill in the blanks:
          1.   ………………………… may define procedures to be used or limitations to what can and
               cannot be done in the organization.
          2.   Every organization should have a ……………….. security policy.
          3.   Security Policy should be carefully written and checked by an ……………….. to be sure it
               does not create unnecessary liability.
          4.   The policy must be ……………………… from the network and system controls.

          2.3 Information Security

          Information security means protecting information and information systems from unauthorized
          access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
          The terms information security, computer security and information assurance are frequently
          incorrectly used interchangeably. These fields are interrelated often and share the common
          goals of protecting the confidentiality, integrity and availability of information; however, there
          are some subtle differences between them.
          These differences lie primarily in the approach to the subject, the methodologies used, and the
          areas of concentration. Information security is concerned with the confidentiality, integrity and
          availability of data regardless of the form the data may take: electronic, print, or other forms.
          Computer security can focus on ensuring the availability and correct operation of a computer
          system without concern for the information stored or processed by the computer.
          Governments, military, corporations, financial institutions, hospitals, and private businesses
          amass a great deal of confidential information about their employees, customers, products,
          research, and financial status. Most of this information is now collected, processed and stored on
          electronic computers and transmitted across networks to other computers.

          Should confidential information about a business’ customers or finances or new product line fall
          into the hands of a competitor, such a breach of security could lead to lost business, law suits or
          even bankruptcy of the business. Protecting confidential information is a business requirement,
          and in many cases also an ethical and legal requirement.
          For the individual, information security has a significant effect on privacy, which is viewed very
          differently in different cultures.
          The field of information security has grown and evolved significantly in recent years. There are
          many ways of gaining entry into the field as a career. It offers many areas for specialization
          including: securing network(s) and allied infrastructure, securing applications and databases,
          security testing, information systems auditing, business continuity planning and digital forensics
          science, etc.





                                           LOVELY PROFESSIONAL UNIVERSITY                                   15
   16   17   18   19   20   21   22   23   24   25   26