Why Is Information Security Important

Why is information security
important?
Thehomeoffreelearning
fromTheOpenUniversityThehomeoffreelearningfromTheOpenUniversity
Thisunitintroducesyoutoinformationsecurityanditsmanagement.
Asuccinctdefinitionof
informationsecurity
mightrunasfollows:
Informationsecurityisthecollectionoftechnologies,standards,policiesandmanagementpractices
thatareappliedtoinformationtokeepitsecure.
Butwhyisitimportanttosecureinformation?Andhowshoulditssecuritybemanaged?Tostartthinking
aboutthesequestions,considerthefollowingstatementsabout
information
:
Intoday'shightechnologyenvironment,organisationsarebecomingmoreandmoredependenton
theirinformationsystems.Thepublicisincreasinglyconcernedabouttheproperuseofinformation,
particularlypersonaldata.Thethreatstoinformationsystemsfromcriminalsandterroristsare
increasing.Manyorganisationswillidentifyinformationasanareaoftheiroperationthatneedstobe
protectedaspartoftheirsystemofinternalcontrol.
(NigelTurnbull,2003,p.xi)
Competitiveadvantageisdependentonsuperioraccesstoinformation.
(RobertMGrant,2000,p.186)
Informationistheoxygenofthemodernage.Itseepsthroughthewallstoppedbybarbedwire,it
waftsacrosstheelectrifiedborders.
(RonaldReagan,1989)
Itisvitaltobeworriedaboutinformationsecuritybecausemuchofthevalueofabusinessisconcentratedin
thevalueofitsinformation.Informationis,asGrantsays,thebasisofcompetitiveadvantage.Andinthe
notforprofitsector,withincreasedpublicawarenessofidentitytheftandthepowerofinformation,itisalso,
asTurnbullclaims,theareaofanorganisation'soperationsthatmostneedscontrol.Withoutinformation,
neitherbusinessesnorthenotforprofitsectorcouldfunction.Valuingandprotectinginformationarecrucial
tasksforthemodernorganisation.
Ifinformationwereeasytovalueandprotect,however,youwouldbeabletobuyofftheshelfinformation
securitymanagementsolutions.Therearethreecharacteristicsofinformationsecuritythatmakethis
impossible.
1.
Thecollectionofinfluencestowhicheachorganisationisexposedvarieswiththe
organisation:theinformationtechnologythatituses,itspersonnel,theareainwhichitdoes
business,itsphysicallocationallthesehaveaneffectoninformationsecurity.
2.
Informationsecurityaffectseverystructuralandbehaviouralaspectofanorganisation:a
gapinasecurityfencecanpermitinformationtobestolenavirallyinfectedcomputer
connectedtoanorganisation'snetworkcandestroyinformationacupofcoffeespiltona
computerkeyboardcanpreventaccesstoinformation.
3.
Eachindividualthatinteractswithanorganisationinanywayfromthepotentialcustomer
browsingthewebsite,tothemanagingdirectorfromthemalicioushacker,tothe
informationsecuritymanagerwillmakehisorherownpositiveornegativecontributionto
theinformationsecurityoftheorganisation.
Thusinformationsecurityanditsmanagementneedtobeexaminedwithinanorganisationalcontext.Tothis
end,amajoraimofthisunitistogiveyoutheopportunityto:
investigateyourorganisationanddeterminetheprecisemixofinformationsecurityissuesthat
affectit
explainthelinksbetweenareasofanorganisationandnavigateyourorganisation'sinformation
securityweb
identifythesecuritycontributionsofeachindividual,andsosuggeststrategiestomakethesumof
thepositivecontributionsgreaterthanthesumofthenegativeones.
Beforeyoucaninvestigateinformationsecurityanditsmanagementwithinyourorganisation,weneedto
introduceyouinmoredetailtothecomplexitiesofthetopic.Thisisthepurposeofthisunit.Section2
discussesthemeaningofthetermsinformation,informationsecurityandinformationsecuritymanagement.
Section3looksatinformationsecurityanditsimperativesandincentives.Section4discussesinformation
assets.Section5examinestheplanningofaninformationsecuritymanagementsystem.Section6
addresseshowriskstoinformationsecuritycanbeassessedandhowinformationassetscanbeidentified.
Section7describeshowasystemforinformationsecuritymanagementcanbeimplementedandcontinually
improved.Whyisinformationsecurityimportant?Thisunitintroducesyoutoinformationsecurityandits
management.Asuccinctdefinitionofinformationsecuritymightrunasfollows:Informationsecurityisthe
collectionoftechnologies,standards,policiesandmanagementpracticesthatareappliedtoinformationto
keepitsecure.Butwhyisitimportanttosecureinformation?Andhowshoulditssecuritybemanaged?To
startthinkingaboutthesequestions,considerthefollowingstatementsaboutinformation:Intoday'shigh
technologyenvironment,organisationsarebecomingmoreandmoredependentontheirinformation
systems.Thepublicisincreasinglyconcernedabouttheproperuseofinformation,particularlypersonal
data.Thethreatstoinformationsystemsfromcriminalsandterroristsareincreasing.Manyorganisationswill
identifyinformationasanareaoftheiroperationthatneedstobeprotectedaspartoftheirsystemofinternal
control.(NigelTurnbull,2003,p.xi)Competitiveadvantageisdependentonsuperioraccessto
information.(RobertMGrant,2000,p.186)Informationistheoxygenofthemodernage.Itseepsthrough
thewallstoppedbybarbedwire,itwaftsacrosstheelectrifiedborders.(RonaldReagan,1989)Itisvitalto
beworriedaboutinformationsecuritybecausemuchofthevalueofabusinessisconcentratedinthevalue
ofitsinformation.Informationis,asGrantsays,thebasisofcompetitiveadvantage.Andinthenotforprofit
sector,withincreasedpublicawarenessofidentitytheftandthepowerofinformation,itisalso,asTurnbull
claims,theareaofanorganisation'soperationsthatmostneedscontrol.Withoutinformation,neither
businessesnorthenotforprofitsectorcouldfunction.Valuingandprotectinginformationarecrucialtasks
forthemodernorganisation.Ifinformationwereeasytovalueandprotect,however,youwouldbeableto
buyofftheshelfinformationsecuritymanagementsolutions.Therearethreecharacteristicsofinformation
securitythatmakethisimpossible.Thecollectionofinfluencestowhicheachorganisationisexposedvaries
withtheorganisation:theinformationtechnologythatituses,itspersonnel,theareainwhichitdoes
business,itsphysicallocationallthesehaveaneffectoninformationsecurity.Informationsecurityaffects
everystructuralandbehaviouralaspectofanorganisation:agapinasecurityfencecanpermitinformation
tobestolenavirallyinfectedcomputerconnectedtoanorganisation'snetworkcandestroyinformationa
cupofcoffeespiltonacomputerkeyboardcanpreventaccesstoinformation.Eachindividualthatinteracts
withanorganisationinanywayfromthepotentialcustomerbrowsingthewebsite,tothemanaging
directorfromthemalicioushacker,totheinformationsecuritymanagerwillmakehisorherownpositive
ornegativecontributiontotheinformationsecurityoftheorganisation.Thusinformationsecurityandits
managementneedtobeexaminedwithinanorganisationalcontext.Tothisend,amajoraimofthisunitisto
giveyoutheopportunityto:investigateyourorganisationanddeterminetheprecisemixofinformation
securityissuesthataffectitexplainthelinksbetweenareasofanorganisationandnavigateyour
organisation'sinformationsecuritywebidentifythesecuritycontributionsofeachindividual,andsosuggest
strategiestomakethesumofthepositivecontributionsgreaterthanthesumofthenegativeones.Before
youcaninvestigateinformationsecurityanditsmanagementwithinyourorganisation,weneedtointroduce
youinmoredetailtothecomplexitiesofthetopic.Thisisthepurposeofthisunit.Section2discussesthe
meaningofthetermsinformation,informationsecurityandinformationsecuritymanagement.Section3
looksatinformationsecurityanditsimperativesandincentives.Section4discussesinformationassets.
Section5examinestheplanningofaninformationsecuritymanagementsystem.Section6addresseshow
riskstoinformationsecuritycanbeassessedandhowinformationassetscanbeidentified.Section7
describeshowasystemforinformationsecuritymanagementcanbeimplementedandcontinually
improved.

Why Is Information Security Important

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Why Is Information Security Important

Transféré par

Droits d'auteur :

Formats disponibles

Why is information security

Vous aimerez peut-être aussi