What is information security?

Information Security is a branch of computer science concerned with managing and controlling the risks related to computer use. Steps are taken to implement the protection of information and information systems from unauthorized access, use, or destruction.

Most large organizations, including government agencies, military offices, financial institutions, hospitals and private companies, collect a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is collected, processed and stored on computers and transmitted across networks to other computers. This growing reliance on computers to aid in efficient business operations has made security an integral part of business operations.

Sponsored Research from Leading Information Security Companies and Others

Implementing a security policy within an organization is a crucial step in safeguarding an organization’s information within its technology. The goal is to attempt to design a secure computing platform that enables users to perform actions that have been allowed and denies access to actions that are prohibited.

A major challenge with ensuring security within an organization is the many levels and types of security needed. For example, individual workstations need to be safe and secure. The internal network the connects an organization’s computers to one another needs to be secure. And the internet also, and possibly most importantly, needs to be secure. Each level of security requires different tools, techniques and expertise and all should work together to efficiently safeguard the information of the organization.

Network Security

If your business is small or home based, a few simple tools can go a long way to secure your internal network. Each user should have a password to access the network. All passwords should be robust, especially the password for access to any wireless connections. The network should also have a basic firewall system and anti-virus software. An anti-spyware program would be a good ideas as well.

The larger your business and the more users on the network, the more security solutions you should consider for the protection of your information. While a firewall, anti-virus software and robust passwords will help large businesses remain secure, they are also at a higher threat of hackers, thieves and hardware failure. The more people and equipment involved, the more there is to go wrong. Larger businesses should consider requiring frequent password changes, utilizing a network monitor, and implementing physical security measures such as security cameras and/or guards and fire fighting equipment such as an extinguisher.

Email Security

Most people are surprised to hear that email is inherently insecure. Some of the common issues that arise with regards to email security are eavesdropping, identity theft, message modification, unprotected backups and repudiation.

Eavesdropping is just what it “sounds” like, only with email it’s spying with your eyes and not your ears. This is relatively easy to do for someone who has access to a computer or a network that is not properly secured.

Eavesdropping can lead to an invasion of privacy and identity theft. Certain types of connections and mail transport systems can allow an eavesdropper to find out sensitive information about your company, even going so far as to find out the address. Learning about the best way to protect your email is crucial to the safety of your organization.

Once an email is able to be seen, most often it is also able to be modified without the original sender knowing it happened until after the fact. If someone, for example, is able to access the system as a system administrator, he would be able to modify an email coming from anywhere the administrator can access. Similarly, email messages can be forged. There is no way prove that someone sent a particular message and it’s fairly easy to successfully deny sending any given email. This has implications with regards to using email for contracts, business communications, electronic commerce, etc.

Businesses should spend time and resources researching and implementing a system to specifically protect their email. One solution is to use a service provider that supports Secure Socket Layer (SSL) for their Webmail, POP, IMAP, and SMTP servers. Another is to use an Anonymous SMTP service and a third is to use asymmetric key encryption. A combination of solutions is likely to work best for most organizations that are trying to increase email security.

IT Security Training

Companies value on-the-job training, but many times this is not enough to satisfy the enterprise’s needs in the area of IT security. Increasingly, companies are sending IT personnel to IT Security Training programs to enable employees hone their skills and become more effective in planning for, preventing, and remedying information technology security issues.