Information security is one of the most important aspects of integrated security, The basic components of information security. The importance and complexity of the problem of information security, When considering the security of information systems is usually two. The importance and complexity of the problem of security requires. Encryption is a cornerstone of all information services, System Basics understanding of information security. The importance and complexity of the problem of information security. The concept of information security. The basic components of information security. The importance and complexity of the problem. The importance of the issues of information security on the Internet. security, information and computing systems including, This is one of the most important and challenging to build software and hardware.
The destruction of important information, theft of sensitive data, owing to the refusal of recess-all this translates into large financial losses, damages the reputation of the organization. Problems with control systems or medical systems threaten the health and lives of people.
Modern information systems are complex and dangerous in themselves, even without taking into account the activity of hackers. Constantly detects new vulnerabilities in software. Have to take into account the extremely wide range of hardware and software, numerous communication between components.
Changing principles of construction of corporate IP. Used numerous external information services; available outside of their own; There is a widespread phenomenon, word "outsourcing", where part of the functions of corporate IP is passed to external organizations. Develops programming with active agents.
Proof complexity perspective IB is parallel (and pretty fast) increased cost of protective measures and the number of violations of information security combined with increased average damage of each violation. (The latter is another argument in favour of the importance of information security.
Let us discuss some of the critical points in detail. First of all, consider the creation of an it security policy and control over it. It should be noted that the security policy must be constantly updated. No it infrastructure is not standing still, it continuously something changes: new technologies, new devices are connected and so a typical example is the commissioning of wireless technologies requiring detailed examination from the standpoint of security. But, of course, there are new vulnerabilities that should be immediately responsive. Moreover, the policy should apply to the use of new technologies before they are introduced, and the experts who will be affected by the new security policy, should be involved in its development or at least evaluated.
By continuing to question policy updates, you must determine who will be her update, develop solutions in accordance with it and ensure its execution. Accordingly, this group of professionals need to confer appropriate powers and rights.
The next important step, requiring separate consideration is distribution and compliance with it security policies. When a person comes to seek employment and sign some documents in the personnel department, it must be primarily familiar with security policy. The employee must understand the importance of it security, and also be aware that the security of confidential data and critical it systems really reflected on his own "purse". For example, if fixed by this leaked employee, the employee will be punished with a fine. Moreover, the security policy is not simply a "piece of paper" to "scare" staff. Everything should be in a civilized way, in particular all employees must be familiar with the it security policy under the painting.
Issue updates and policy changes had already been raised above. However, there is another aspect: as the policy evolves, it should be easily accessible. This can be done through an internal web site, security portal, using e-mail, etc., in any case, the employee must always be able to view the rules, familiarize yourself with some subtleties, and just to refresh the memory of politics. Also note that if you change the rules need to be guaranteed to alert the whole staff. The need for swift action and rapid notification might come in handy, if suddenly be discovered a dangerous flaw. In this case, you can temporarily prevent employees use vulnerable resource.
Note that a key factor in the effective implementation of the truly it security policy is its support of superiors and all senior management. Imagine a large company where one of the directors do not want to have on your computer means of authentication (wants to work all the time as an administrator) or antivirus modules. For example, because it adversely affects the performance of a desktop system. As a result, the Executive person has access to all critical points of the IT infrastructure, with access without restrictions. It is worth to visit this Director in business trip and bring into the company of malicious code, as all it system will have to pump more than one week.
In this context, relevant another problem-the problem of "authorship". In fact, the procedure must be implemented that clearly always track down who and what did. Selects one of the servants stranger password? You should immediately see why he needs it. This is of course a theoretical example, but unscrupulous employees or employees who have a propensity to breach confidentiality, frequently suspicious transactions.
Thus, we can summarize that employees must understand their own role in it security system support. While each employee of the organization is not aware that security and his salary is one and the same, secure it infrastructure will be very difficult.