ipl-logo

Concept Of Information Security

1111 Words5 Pages

Abstract
The basic concepts of Information Systems Security (ISS) have been reviewed & analyzed and the practical implementation of these concepts in real life scenarios have also been considered. Based on the understanding and analysis of the CIA Model, it can been concluded that while it is valid as a foundational concept for Information System Security, it is no longer a viable model with the advent of information technology over the period of years. There are various gaps in the triad that need to be addressed and numerous alternatives and solutions to replace CIA have been proposed and are being debated over. Policies and guidelines of Information Systems Security that need to be considered in real life scenario of IT Infrastructure have …show more content…

We all understand what “Security” means and the need to secure any information that is important to us. But the concept of Information Systems Security in an IT Infrastructure might be difficult to decipher since most of the data access and flow happens through networks, machines and other sophisticated technology and is no longer a tangible entity. So, it is imperative we understand the basic concepts and tenets of ISS and its impact in our day to day life.
1. CIA Model for Information Security
This is one of the fundamental and integral concepts of Information Security and is widely used as a benchmark for evaluating and implementing information security in many organizations. The CIA Model covers 3 key areas of information, namely: Confidentiality – C, Integrity – I and Availability – A; commonly referred to as the CIA Triad and they form the core of information security measures in IT Infrastructure. Many information security standards are designed and implemented to protect one or more facets of the CIA Triad. (Whitman and Mattord, 2012)
CIA Triad Figure 1: CIA Model for Information …show more content…

Though ensuring that the CIA Triad is protected while designing or implementing any information security system is important, it is no longer adequate. Threats to information have evolved to a great extent and include a vast collection of events – intentional or accidental damage, theft, destruction, unauthorized or unintended modification, other misuse from human or nonhuman threats, etc. Technological advancement has created an environment of constantly evolving threats and it has prompted the need for a more robust model that would address the complexities that arise with such advancement. (Parker, 1998)
2. Vulnerability and Hazards in Information Security
In order to protect ourselves from the data security issues that may impact us, it is important that we understand the concept of Threats & Hazards, Vulnerabilities and Risks. Though these terms are related and are often used interchangeably, they are distinct terms with different meanings and implications. Let us review the definition of these terms and how they relate to each other.
• Hazard: An existing condition or possible situation that has the potential to generate a disaster. It is the source of a negative outcome in a harmless state i.e. not yet realized. Ex: the existence of a Malicious Software

More about Concept Of Information Security

Open Document