Page 22 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 22
Information Security and Privacy
Notes The invalid access to the host can be prevented to a certain extent in case of conventional host to
terminal as there is number of terminals connected is limited. The situation is entirely different
in case of Internet where Internet allows access from any terminal connecting on a network.
Therefore this requires proper security measures. In this unit, we will discuss some of the
threats happening frequently in the network.
2.1 New Technologies Open Door Threats
For modern period companies, particularly those occupied in electronic business, it is increasingly
imperative to be conscious of the online threats since more and more people are using the
internet to obtain information concerning their business partners, customers, and other business
associated links. Nowadays, almost all business organizations have IS that use incorporated
technologies like the networks of computers, company intranets or internet access to converse
and broadcast information for quick business decisions, thus opening the organization to the
outside world like never before. Under the situations, threats from outside the organization
must be addressed, since the damages from non-secured information system can effect in
disastrous consequences for the organization.
!
Caution Organizations must examine and estimate the aspect that could be a threat to the
reliability of the information system.
Self Assessment
Fill in the blanks:
1. Any kind of policy, procedure, or action that recognizes, minimizes, or eliminates a threat
or risk is called a ............................. .
2. Any kind of asset that is not working optimally and is mission-critical or essential to the
organization, such as data that are not backed-up, is called a ............................. .
3. Nowadays almost all business organizations have IS that use incorporated technologies
like the networks of computers, company intranets or internet access to converse and
broadcast information, thus opening the organization to the ............................. world like
never before.
2.2 Level of Threats Information Level and Network Level Threats
It is significant to differentiate ‘information-level threats’ from ‘network-level threats’. By
network-based threats we signify that to be effective, latent attackers need network access to
corporate computer systems or to networks accessed by corporate computer systems.
Example: For network dependent threats are hacking of computer systems and initiating
of DoS attacks in addition to spreading malicious code, like viruses.
Other security concerns included when data are broadcasted over networks are confidentiality,
authentication, integrity, and non-repudiation.
Information-level threats also make important utilization of network but at the key level is the
content of a message and not its form. Transferring false inquiries to service accounts to eat up
resources would qualify as an information-based attack. It is the content of the messages that
would offer a foundation for the attack.
16 LOVELY PROFESSIONAL UNIVERSITY
