How to secure information systemsSolutionAnswer Information

How to secure information systems?

Solution

Answer:

Information security:

Information security, sometimes shortened to InfoSec, is the practice of halting unauthorized access, use, revelation, disordering, modification, investigation, recording or destruction of information. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical).
   Since the advent of the internet and increased expansion of computer based technology in today\'s corporations, information security breaches have increased at an alarming rate. While businesses take a more cautious approach to how they handle IT security threats, these are becoming increasingly complex and sophisticated. Denial-of-service attacks, software tampering (e.g. Trojan horses and computer viruses) and social engineering techniques (e.g. phishing) are some examples becoming prevalent. While we often times hear of the more widely publicized embezzlement, money laundering, burglary and bribery statistics, data has shown that companies have seen greater losses from losses attributed to information security breaches.
   One of the most effective ways to prevent criminals from accessing and compromising confidential company information is to implement an effective information security plan and properly train firm employees accessing the system. Additionally, companies should implement a dynamic and independent third party auditor to frequently test the adequacy of their security system. Lastly, key responsibilities within the information security chain should be segregated and rotated frequently. If companies follow these three basic tenets, they will be one step closer to the effective security of their information.

Threats to Information Systems:
Information security threats come in many different forms. Some of the most common threats today are software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information infiltration Some of the most prevalent types of data infiltration include input manipulation, program manipulation, data input manipulation, data stealing, and outright sabotage. The most frequent type associated with this form of fraud is manipulation of the data. The reason for this most common is because the criminal requires the less amount of skill.
   Most people have experienced software attacks of some sort. Viruses, worms, phishing attacks, and Trojan horses are a few common examples of software attacks. Governments, military, corporations, financial institutions, hospitals and private businesses amass a great deal of confidential information about their employees, customers, products, research and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers.

Implementing a Information Security System:
With so many different ways and so much potential for breaches to information security systems, companies must establish a control system to strengthen the security of its information. There are seven basic tenets that help strengthen the security of company information systems. The following seven procedures are imperative to establishing an effective information security system:
1. Educating employees
2. Establishing quality internal controls
3. Establishing a board of directors and its appointees
4. Establishing a compliant system
5. Establishing an independent audit of the system
6. Developing a structure of accountability
7. Establishing a budget for the information security system;

The Future of Information Security:
The days of “basic firewalls” and basic detection systems to secure information are over. Viruses, manipulation of data, phishing scams, and even Trojan Horses are just some of the threats facing information security systems today. In spite of the financial restrictions facing companies in the present economic environment, information security is not the place that leaves room to cut corners. Information is one of a company\'s most precise assets. Security threats of information systems can have adverse effects on the reputation, status, and overall viability of a business. Therefore, companies must ensure that they implement an information security system that is accountable, verifiable, and as dynamic as the business environment in which they seek a competitive advantage. Those companies abandon the security of their information will inevitably find themselves at a decided disadvantage to their competitors.