Page 36 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 36
Information Security and Privacy
Notes supposedly trusted employees defrauding a system, from outside hackers, or from careless data
entry clerks.
Precision in estimating information security-related losses is not possible because many losses
are never discovered, and others are “swept under the carpet” to avoid unfavorable publicity.
The effects of various threats vary considerably: some affect the confidentiality or integrity of
data while others affect the availability of a system.
This unit will help you to understand some of the security pillars and principles. In many ways,
information security is almost a statistical game. You can reduce but not eliminate the chance
that you may be penetrated by an intruder or virus.
3.1 Information Security
Information security can be very complex and may be very confusing to many people. It can
even be a controversial subject. Network administrators like to believe that their network is
secure and those who break into networks may like to believe that they can break into any
network.
Information security is the prevention and protection of computer assets from unauthorized
access, use, alteration, degradation, destruction, and other threats. There are two main
sub-types: physical and logical.
Physical information security involves tangible protection devices.
Example: Locks, cables, fences, safes or vaults.
Logical information security involves non-physical protection.
Example: Protection provided by authentication or encryption schemes.
Make a point of noting that the physical versus non-physical (logical) distinction runs through
a number of areas in computer science, despite minor differences in definition.
Task What are the two sub-types of information technology? Illustrate.
3.1.1 Need for Information Security
Information security is as much a business process as it is a technical one. No longer can security
be viewed as a backroom operation, separate from the essential activity of an organization.
Information security means protecting information and information systems from unauthorized
access, use, disclosure, disruption, modification or destruction. Governments, military, financial
institutions, hospitals, and private businesses amass a great deal of confidential information
about their employees, customers, products, research and financial status.
Information assets are critical to any business and vital to the survival of any organization in
today’s globalize digital economy. Information leak is therefore intolerable. Confidential
information about a businesses customers or finances or new product line fall into the hands of
a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy
of the business.
30 LOVELY PROFESSIONAL UNIVERSITY
