In: Operations Management
Information Security and Standard Organizations
-Find two movies or tv shows and describe three different information security aspects that appear in them.
-What are the main organizations of information systems and what are the codes of ethics of these organizations?
-What criteria can be used to evaluate the quality of an information security system?
Let's understand what information security is all about, it's attributes, aspects, why it forms an inevitable norm of the organisations and country.Information security as its name suggests is the protection and defence of computer systems, network lines, crucial information from theft , peeping or through viruses that can damage hardware, software , electronic data or by disruption , modification, recording, access, destruction and misdirection of the services provided. Information distorted could be anything: physical or electrical viz a viz personal details, profile, social accounts, financial accounts, passwords etc.
It is built around 3 main objectives: CIA
( Confidentiality, Integrity, Availability )
Confidentiality simply means that the information should not be
compromised on any terms and not to be disclosed to unauthorised
individual or an entity.
Integrity defines the accuracy and completeness of the data of an
organisation. Data should not be edited and distorted in any
unauthorised way.
Availability means that the information should be available to those who have proper access and authorisation for it. It ensures matching network and computing resources to the volume of data access and maintaining a mind blowing back up policy in case of recovery issues.
Lets acknowledge the aspects of Information Security through examples of movies:
1)- Lately a movie was released "HACKED" which was purely on cyber crime and that information security was compromised.
In the movie a friend of a girl got access to her phone through id and password because of which he was able to access all the crucial information.
Because of this, he was able to edit the data or the information ( say for eg messages or official mails ) in an unauthorised way. There was an important project and deal going on, where the boy edited all the data on laptop and sent to outside world and the girl was fired due to data leak. Whole of the data that was meant only for her authorisation, was now accessed by an external mate.
2)- There is another movie named "PLAYERS" where a group of
thieves allign and plan a theft via information technology. To know
about the whereabouts of the gold, the data is obtained through an
employee who got the access of information in an unauthorised way
mayb because the confidentiality was not up to mark. Then to change
the direction of the train through which gold theft was to be done,
the data was distorted and edited through control. The data could
be made available and that the network and computer system was
accessible through which the technicalities of the train and
security system was known and planned.
Listed below are the information security organisations along with their code of ethics:
AITP: Association of Information Technology Professionals
International information security system certificate consortium
Information systems audit and control association
Information Technology and Infrastructure Library
The SANS Institute
Centre for Internet Security
Society of IT professionals worldwide which features webinars, conferences, and a plenty of network security means.
Code of ethics:
They have an obligation to management and shall promote understanding of information processing methods and procedures to management using every resource
They should Have an obligation to society and that participate
to the best of their ability in diffusion and spreading of
knowledge pertaining to the general development and acknowledge of
information processing.
Associations shouldn't avail knowledge of confidential
nature to their private and intimate interests, nor
shall breach the privacy, integrity, credibility and
confidentiality of authorised information endowed to or to vital
information they have gained access.
Have an obligation to college or organisation and shall uphold its ethical and moral principals
Should Promote generally accepted information security current best practices and standards
Maintain apt confidentiality of proprietary and crucial information encountered in the course of professional activities
Maintain professional responsibilities with due diligence, credibility, trust and honesty
Abstain from any sort of activities which might include a conflict of interest, harm the reputation of or is inimical to employers, the professionals of information security, or the Association in whole
Not intentionally injure the professional reputation or practice of colleagues, clients, or employers.
To evaluate the security of information systems, following assessment could be taken to avoid the threats:
•Assess the vulnerability of all the networks, systems, computer, hardware or softwares, whole of the infrastructure to analyse the potential and weakness issues.
•Accompany and manage all the portals through which the internet facility is provided be it: ports, vendors, hubs, wire works to identify the open windows and unlocked doors. All the malicious activities happen through these ports and vectors only
• Analyse how the network of your organisation communicates with outside systems, how does it respond to the queries of third party information and how easily it is satisfied
• Scrutinise and probe your internal network as well because
whole of the threats does not only come from outside.
• Review and analyse the wireless network systems viz a viz : Wifi,
Bluetooth, RFID, rogue devices and the portable devices as well.
Vital information can also be transferred through pen drives.
• Educate employers and employees regarding the security process including social engineering attacks. Make adequate policies and norms around behaviour such as using social media on official computer systems, using external pe drives, picking up flash drives lying around and so on.