First and foremost, it is important to clearly define what information technology security (IT security) is and its general importance to an organization or business. IT Security basically refers to the process or activities undertaken with the intention of controlling access to sensitive electronic data or information so that only those with a legitimate need and requisite permission are allowed to do so in a safe and secured manner. It is the process of implementing systems and measures and systems which have been specifically designed to safeguard and securely protect information. This information may include but is not limited to personal and business data, voice conversations, motion pictures, still images, multimedia presentations and even those that are yet to be conceived.
IT security does use several forms of technology to safeguard information against any instances of misuse, unauthorized access, modification, malfunction, improper disclosure or destruction. In the process, it preserves the information for its intended use. As internet use grows, more and more companies are opening up their IT systems to their suppliers, partners and employees. In addition, employees are now able to connect to company systems remotely and even bring their laptops, tablets and smart phones to the office and work on them. These challenges have seen many organizations now start to pay close attention to their information technology security needs more than ever before.
The Goals of IT Security
Generally, information systems are defined by an organizations data as well as the material and resources that allow the company to store as well as circulate this data or information. As earlier mentioned, due to their importance in any business enterprise, information systems must be protected at all times.
IT security is typically driven by five main goals. These are;
Confidentiality does consist of leaving nothing to chance by ensuring that the information is not only useless but also unintelligible to persons who are not authorized to use this information whilst still making it available to those who are authorized to use it.
Integrity consists of making sure that the information in the system can be relied upon as being the original or initial data. Verifying integrity of the data does involve coming up with measures that assure users that the data has not been changed during transmission, be it intentionally or accidentally.
Availability is geared towards ensuring that the data, service or resource wherever it is stored there is a guarantee that it can be made available or accessed when and if needed. On the other hand, the non-repudiation of information does guarantee that none of the parties involved in changing, transmitting or receiving data can deny an operation at a later date.
The last goal of authentication mainly consists of confirming the identity of a user, this basically means guaranteeing for each party involved that their partners are truly who they think they are. This usually involves the use of encrypted passwords as well as finger prints to grant access to resources to authorized individuals.
Appreciating the need for a global approach
For many businesses, information technology security is comparable to a chain which in this case is the security level of a system. The chain is as strong as the security level of its weakest link. Because of this, it is important to tackle information security issues at a global or holistic level. System security must be considered in its entirety because securing one area and neglecting another will completely negate any other measures which have been implemented. This can be achieved by taking into consideration certain elements. First, all users must be made aware of past, present and expected security problems. Then some logical security must be implemented. This does involve security at the data level and involves securing company data, applications and its operating system.
The next element that must be considered is telecommunications security. This involves securing the network technologies that the business is using, securing company servers as well as access networks. Finally, it is important to also implement physical security. This is basically the securing of material infrastructures such as securing server rooms, spots that are open to the public, employee workstations etc.
However, it is important to note that information technology security always has the major challenge of balancing the demands of authorized users against the need for data integrity and confidentiality. A classical case is allowing employees to access a company network from a remote location, be it at home or out in the field. Even though this can significantly increase the value of the network in question and also enhance the efficiency of an employee, it does open up a number of vulnerabilities to the network and poses very unique challenges to the administrator. To offset this challenge, a company must always come up with a comprehensive security policy.
Implementing a Security Policy
It is an accepted fact that security mechanisms can create difficulties for users. As the network grows, rules and instructions become cumbersome and complicated if left unchecked, even inhibiting company growth in certain instances. In this regard, IT security must always be studied and implemented in such a way that it encourages not discourages its use. These problems can easily be solved by defining and implementing a security policy.
Put simply, such a policy is the sum of all security rules an organization follows and must therefore be defined by the management of the organization. This policy is usually implemented in several stages. The first stage usually involves identifying an organizations security needs as well as the IT risks that it faces as well as outlining possible consequences. It then outlines the procedures and rules that must be implemented for the risks identified in the different departments of the organization.
The policy then comes up with ways of monitoring and detecting the vulnerabilities of the information system and identifies modalities of keeping management informed of the flaws detected in the materials and applications being used. Finally, the document will clearly define the actions to be taken and the individuals to be contacted incase a threat is detected or a breach has occurred.
In conclusion, it is important to note that the field of IT security is one of the most dynamics fields in the IT sector and because of this; documents such as a security policy are usually considered as living documents which require constant changes and updates. It is also worth mentioning that each and every organization is bound to have its own unique challenges and demands and therefore the above information should only serve as a guide on understanding and appreciating IT security.
© 2016 InformationTechnology.com. All rights reserved