Page 37 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 37

Unit 3: Building Blocks of Information Security




          An information leak often indicates that security  measures were not properly implemented.  Notes
          Improper information security hurts both customer and merchant.  A security breach isn’t good
          for anyone.
          Information security is the only thing that keeps electronic commerce running. Security breach
          can break the confidence of the customer. It may take long time to rebuild that trust. Information
          security is required for the goodwill of the business. Therefore companies are thinking about
          prioritize information security on the basis of a possible breach. There just always seems like
          there’s too much to do in the here-and-now to worry about possibilities.
          For that reason the major credit card companies came together and developed the PCI DSS (or
          Payment Card Industry Data Security Standard). Any company that  transmits, processes, or
          stores sensitive credit card information is required to be PCI compliant.
          Information security is absolutely essential as we move deeper and deeper into the digital age,
          and a merchant has a couple of choices.
          Information security is required because most organizations can be damaged by hostile software
          or intruders. There may be several forms of damage which are obviously interrelated. These
          include:
          1.   Damage or destruction of computer systems.

          2.   Damage or destruction of internal data.
          3.   Loss of sensitive information to hostile parties.
          4.   Use of sensitive information to steal items of monetary value.
          5.   Use of sensitive information against the organization’s customers which may result in
               legal action by customers against the organization and loss of customers.
          6.   Damage to the reputation of an organization.
          7.   Monetary damage due to loss of sensitive information, destruction of data, hostile use of
               sensitive data, or damage to the organization’s reputation.

               !

             Caution The methods used to accomplish these unscrupulous objectives are many  and
             varied depending on the circumstances.



             Did u know? Security is a key to the success of all operations.

          Self Assessment

          Fill in the blanks:
          1.   ....................... is the prevention and protection of computer assets from unauthorized access,
               use, alteration, degradation, destruction, and other threats.
          2.   .......................  information security involves tangible  protection devices, such as  locks,
               cables, fences, safes or vaults.
          3.   ....................... information security involves non-physical protection, such as that provided
               by authentication or encryption schemes.







                                           LOVELY PROFESSIONAL UNIVERSITY                                   31
   32   33   34   35   36   37   38   39   40   41   42