Question

Information Security and Standard Organizations

-Find two movies or tv shows and describe three different information security aspects that appear in them.

-What are the main organizations of information systems and what are the codes of ethics of these organizations?

-What criteria can be used to evaluate the quality of an information security system?

Answer 1

Let's understand what information security is all about, it's attributes, aspects, why it forms an inevitable norm of the organisations and country.Information security as its name suggests is the protection and defence of computer systems, network lines, crucial information from theft , peeping or through viruses that can damage hardware, software , electronic data or by disruption , modification, recording, access, destruction and misdirection of the services provided. Information distorted could be anything: physical or electrical viz a viz personal details, profile, social accounts, financial accounts, passwords etc.

It is built around 3 main objectives: CIA

( Confidentiality, Integrity, Availability )

Confidentiality simply means that the information should not be compromised on any terms and not to be disclosed to unauthorised individual or an entity.
Integrity defines the accuracy and completeness of the data of an organisation. Data should not be edited and distorted in any unauthorised way.

Availability means that the information should be available to those who have proper access and authorisation for it. It ensures matching network and computing resources to the volume of data access and maintaining a mind blowing back up policy in case of recovery issues.

Lets acknowledge the aspects of Information Security through examples of movies:

1)- Lately a movie was released "HACKED" which was purely on cyber crime and that information security was compromised.

In the movie a friend of a girl got access to her phone through id and password because of which he was able to access all the crucial information.

Because of this, he was able to edit the data or the information ( say for eg messages or official mails ) in an unauthorised way. There was an important project and deal going on, where the boy edited all the data on laptop and sent to outside world and the girl was fired due to data leak. Whole of the data that was meant only for her authorisation, was now accessed by an external mate.

2)- There is another movie named "PLAYERS" where a group of thieves allign and plan a theft via information technology. To know about the whereabouts of the gold, the data is obtained through an employee who got the access of information in an unauthorised way mayb because the confidentiality was not up to mark. Then to change the direction of the train through which gold theft was to be done, the data was distorted and edited through control. The data could be made available and that the network and computer system was accessible through which the technicalities of the train and security system was known and planned.

Listed below are the information security organisations along with their code of ethics:

AITP: Association of Information Technology Professionals

International information security system certificate consortium

Information systems audit and control association

Information Technology and Infrastructure Library

The SANS Institute

Centre for Internet Security

Society of IT professionals worldwide which features webinars, conferences, and a plenty of network security means.

Code of ethics:

They have an obligation to management and shall promote understanding of information processing methods and procedures to management using every resource

They should Have an obligation to society and that participate to the best of their ability in diffusion and spreading of knowledge pertaining to the general development and acknowledge of information processing.

Associations shouldn't  avail knowledge of confidential nature to their private and intimate  interests, nor shall breach the privacy, integrity, credibility and confidentiality of authorised information endowed to or to vital information they have gained access.

Have an obligation to college or organisation and shall uphold its ethical and moral principals

Should Promote generally accepted information security current best practices and standards

Maintain apt confidentiality of proprietary and crucial information encountered in the course of professional activities

Maintain professional responsibilities with due diligence, credibility, trust and honesty

Abstain from any sort of activities which might include a conflict of interest, harm the reputation of or is inimical to employers, the professionals of information security, or the Association in whole

Not intentionally injure the professional reputation or practice of colleagues, clients, or employers.

To evaluate the security of information systems, following assessment could be taken to avoid the threats:

•Assess the vulnerability of all the networks, systems, computer, hardware or softwares, whole of the infrastructure to analyse the potential and weakness issues.

•Accompany and manage all the portals through which the internet facility is provided be it: ports, vendors, hubs, wire works to identify the open windows and unlocked doors. All the malicious activities happen through these ports and vectors only

• Analyse how the network of your organisation communicates with outside systems, how does it respond to the queries of third party information and how easily it is satisfied

• Scrutinise and probe your internal network as well because whole of the threats does not only come from outside.
• Review and analyse the wireless network systems viz a viz : Wifi, Bluetooth, RFID, rogue devices and the portable devices as well. Vital information can also be transferred through pen drives.

• Educate employers and employees regarding the security process including social engineering attacks. Make adequate policies and norms around behaviour such as using social media on official computer systems, using external pe drives, picking up flash drives lying around and so on.