report on information security
TRANSCRIPT
i | P a g e
Abstract
The main goal of this report is to introduce the key concept and analyzing the economic and
environmental issues related to the Information Security. This report will mainly helpful for the
entire Computing student and all other who are interested in the field of Information Security.
This report starts with the Introduction section which describes what really Information Security
is, along with its advantages, its principles and briefly explains about how it is carried out.
Similarly in the next background chapter the history related to the Information Security is
describes along with its economic and environmental factors. In the next chapter a detail analysis
of the issues addressed in the chapter one and two are discussed with the appropriate examples
and evidences found from the surveys. Finally the report is concluded on the basic of analysis
with the future of Information Security.
ii | P a g e
Table of Contents Chapter 1: Introduction ................................................................................................................... 1
1.1 What is Information? ........................................................................................................ 1
1.2 What is Information Security? ......................................................................................... 1
1.3 Basic Information Security Principles.............................................................................. 2
1.4 Key benefits of information Security ............................................................................... 2
1.5 Key business issues on Information security ................................................................... 3
Chapter 2: Background ................................................................................................................... 4
2.1 History of Information Security ............................................................................................ 4
2.1.1 Information security is born ........................................................................................... 4
2.1.2 In 1960s .......................................................................................................................... 4
2.1.3 in 1970s and 80s............................................................................................................. 5
2.1.4 The 1990s ....................................................................................................................... 6
2.1.5 The present ..................................................................................................................... 6
2.2 Economic effects in Information Security ............................................................................ 7
2.3 Environmental effects in Information Security..................................................................... 7
Chapter 3: Analysis ......................................................................................................................... 8
3.1 Analysis of benefits of Information security ........................................................................ 8
3.2 Analysis of economic effects ........................................................................................... 9
3.3 Analysis of environmental effects ...................................................................................... 10
Chapter 4: Conclusion................................................................................................................... 11
4.1 Future of Information Security ........................................................................................... 11
References ..................................................................................................................................... 12
iii | P a g e
List of figures
Figure 1: Development of ARPANET program Plan. .................................................................... 5
Figure 2: showing the amount of money spends for the Security purpose. (pwc, 2012) ................ 9
(infosecisland.com, 2012)
1 | P a g e
Chapter 1: Introduction
Objective of this chapter: The main objective of this chapter is to demonstrate and introduce
the key concepts related to the Information security. This is very much important for the
computing student understanding what Information security is and what its importance in any
organizations is.
1.1 What is Information?
Information is a kind of data or we can say it assets which has certain value to an organization
and consequently needs to be suitably protected. Information can be off many forms such as it
may be printed or written, electronically, displayed and so on. Every information used in the
organization needs to be protected i.e. needs to be secured. To secure that information we need to
apply some Information security measurement. In which we are going to detail dealt with it
(FFIEC, 2006).
1.2 What is Information Security?
The processes that the organizations applies to protect and secure its facilities, systems and
media that process as well as maintain information which are very important to its operations is
known as information security (FFIEC, 2006). The security of the industry’s system and also its
information is very much essential for its safety and soundness as well as to maintain the privacy
of the customer’s financial information. Institute as well as financial organization must have to
maintain the effective security programs which are adequate to their operational complexity.
Senior management level support, integration of the security activities and controls throughout
all the organization’s business processes must be included in any security programs of any
organization (FFIEC, 2006).
2 | P a g e
1.3 Basic Information Security Principles
Basically CIA (Confidentially, Integrity and availability) triad is considered as the basic
principle of the information security. The basic principles of the information security are given
below:
a. Confidentiality means assigning the permission for only those peoples who have right to
access the information. Using strong password on the computer, locking filing cabinets
and shredding valuable documents are some of its example (www.oregon.gov, 2012).
b. Integrity means ensuring that information remains intact and unaltered. This means
watching out for alterations through malicious action, natural disaster, or even a simple
innocent mistake (www.oregon.gov, 2012).
c. Availability means that the information is available to us at any time it is needed. This
ensures that no other person is able to block legitimate or timely access to that
information (www.oregon.gov, 2012).
1.4 Key benefits of information Security
Among the various benefits of the Information securities the authentication of unauthorized
personal that are vulnerable to the organization data can be considered as its main benefits.
Another main advantage of it is Information security protects users valuable information both
while in use and while it is being stored (ACapria, 2009). Information security enables financial
institution to meets its business objectives by implementing business system by considering the
risks of IT to the organization, trading partners, service providers and customers. Complete
benefits of information Security is discussed later in analysis section 3.1 of this very document.
3 | P a g e
1.5 Key business issues on Information security
Due to the changing technologies the way we live in and do business are changing day by day.
With the numerous amounts of benefits there are always a certain challenges that come during
implementing it (Reed, 2012). Some of the issues related to the Information Security are:
1. Awareness
2. Complacent Business
3. Risk management
4. Recognizing problems
4 | P a g e
Chapter 2: Background
Objective of this chapter: The main objective of this chapter is to provide full historical
background, economic and environmental issues related to the Information Security.
2.1 History of Information Security
2.1.1 Information security is born
The history of the information starts parallel with the computer security. The need to
secure the physical locations, hardware’s and software from outside threats during the
world war II when the first mainframes which was to developed to aid the
communication was realized from that day the need of computer security arose. Multiple
levels of security were implemented to protect those mainframes as well as to secure the
data integrity. Access to those locations was used to control via badges, keys and facial
recognition of authorized personals by the security guards (arapaho.nsuok.edu, 2011).
During those early days information security was only known as physical security and
with the simple document classification schemes. But the first documented security
problems that was not physical in nature. In the year of 1960s, The system administrator
of MOTD (message of the day) was working on the certain file, during which another
administrator was wditing the password file. But a software glitch mixed those two files
and then entire password file was printed on every output file (arapaho.nsuok.edu, 2011).
From that day on the needs of information security is increased.
2.1.2 In 1960s
During the cold war, lots of numbers of such mainframes were bought online in order to
accomplish the more complex and sophisticated tasks. It became necessary to find such a
way that these mainframes were able to communicate with each other by the mean of less
cumbersome process rather than by mailing magnetics tapes between the computer
centers. With response to this problem the Department of Defenses of Advanced
Research project Agency (ARPA) begins the examining of the feasibility of a redundant
networked communication system to support the military exchange of information. Larry
Roberts, also known as the founder of the Internet, developed the project known as
ARPANET from its inception (arapaho.nsuok.edu, 2011).
5 | P a g e
Figure 1: Development of ARPANET program Plan.
2.1.3 in 1970s and 80s
During the next following decade ARPANET became very much popular and being
widely used the risks for its misuse increases. In December 1973, Robert M. “Bob”
Metcalfe identified fundamental problems with ARPANET security. Remote site
Individual does not have enough safeguards and controls to protect their data from the
unauthorized remote users. Due to widely distribution of the phone numbers and openly
placed on the wall of the phone booths provides hackers easy access to the ARPANET.
And because of frequent violation of security and explosion in the numbers of hosts on
the ARPANET, network security was referred as network insecurity. In the year of 1978,
a famous book named “Protection Analysis: Final Report” was published which focuses
on project undertaken by ARPA to discover the vulnerabilities of operating system
security. (arapaho.nsuok.edu, 2011)
In June 1967, the advanced research projects Agency formed a task force in order to
study the processes of securing the classified information system. This task force was
6 | P a g e
assembled in the year of 1967 and met regularly to formulate the recommendations,
which later became the contents of the Rand Report R-609, which attempted to define the
multiple controls and mechanism which were necessary for the protection of multilevel
computer system (arapaho.nsuok.edu, 2011).
2.1.4 The 1990s
1990s is also known as the birth of the Internet, the first global network of networks. This
internet brings connectivity to virtually all computers which are connected to the phone
lines as well as internet based local Area network (LAN). After the commercialization of
the internet technology then became pervasive. During the early days computing
approaches were relied on security that was built in physical environment of the data
center which also housed the computers but in 1990s as network computer became the
dominant style of computing the ability to physically secure a networked computer was
lost and then the stored information becomes more exposed to the security threats.
(arapaho.nsuok.edu, 2011)
2.1.5 The present
In the present days Internet connects our computer to the millions of other unsecured
computer network into endless communication with each other. The security of each
computer’s stored information is now depending on the level of security of every other
computer to which it is connected (arapaho.nsuok.edu, 2011).
7 | P a g e
2.2 Economic effects in Information Security
While implementing the Information security in any organization economic issues must be
considered. Recent research shows that only 8% of the IT budgets are used on security same as
in the year of 2010. Medium sized companies spend average slightly more than small or large
one use about 10% of the IT budget for the security purpose (pwc, 2012).
It does not matter how big or the small the organizations are but certain security measures must
be adopted in order to protect their valuable information and data. The organization must not
neglect the spending of money for enabling the security.
About 1 in 8 organizations now spend less than 1% of the IT budget on security. Most of the
large business organization expects this trend to continue but other small organization are more
likely to keep their expenditure constant in the next year (pwc, 2012). This kind of economic
seen in local area of Nepal is furthermore analyzed briefly in the analysis section 3.2 of this
report.
2.3 Environmental effects in Information Security
Information security does not have only economic factors but also have environmental factors to
effects it too. Information’s stored on certain physical location and physical devices may
damages or lost due to certain environmental factors such as earthquakes, landslides, floods etc.
Certain bio-metrics devices used for the security purpose may not works under certain
environmental condition. Such factors must also be considered during the implementation of the
information security in any organizations. This kind of economic seen in local area of Nepal is
furthermore analyzed briefly in the analysis section 3.3 of this very report.
8 | P a g e
Chapter 3: Analysis
Objective of this chapter: This chapter include the brief analysis of benefits, issues on
economic as well as environmental which are enlisted in the previous chapter 1 and 2. By
reading this chapter computing student can get full knowledge on the importance of using the
Information Security approaches as well as the results that the company may face in the absence
of it.
3.1 Analysis of benefits of Information security
Now a days Information security has been so much popular because most of the organizations
now a days use computer based and all their data and information are stored electronically. As
mentioned in the section 1.3 of chapter 1 the principles of information security explains itself the
importance of Information security. In the absence of proper Information security i.e. if we use
only a guard to secure the information then it might sometime get dangerous because sometime
the guard himself involves in the theft of information for others for certain price.
However with the proper implementation of information security those kinds of attacks will be
worthless because no other personal get chance to access the information without the proper
authentication provided by the organization. As technology changes always so nothing will ever
be completely secure. Due to the changing technology the currently used security procedures
may not always satisfy the needs, so it must be updated according to the changing technology. So
the applied procedures may sometime get extremely complicated that the users sometime might
not understand what they are dealing with (ACapria, 2009).
If a security personal that is responsible in maintaining the Information security misses one
single area that needs to be protected the whole system could be compromised. Whatever may be
the drawback on implementing the Information security its popularity is increasing day by day
and almost every organizations are adopting it to make their information secure.
9 | P a g e
3.2 Analysis of economic effects
Due to the adaptation of computers by almost every organization, whose information are
stored electronically, the needs for the use of Information security has been increasing now a
days. In the survey conducted in the year 2012 states that only some of the large
organizations are spending most of the money for the security purpose only (pwc, 2012).
Following table states the result of survey.
Figure 2: showing the amount of money spends for the Security purpose. (pwc, 2012)
To gather the ideas related to this effect there require a field visit programme so I visit and
participated on Islington College which is affiliated to the London Metropolitan University and
situated in the Kamalpokhari, Kathmandu. There has been the implementation of Information
security to secure the various information related to their students along with the college own
financial information. In the interview with the IT manager and one of the lecturer of the college
Mr. Prakash Shrestha tell as that each and every information of the college are so valuable and
also contain college own financial information so to secure those information was first
challenging and costly but after realizing its importance college has adopted some of the
principles of Information security in order to make our information secure. He also mentions that
even if implementing those needs cost high but we have finally adopted it only because of its
importance. College now a day uses certain biometric devices for the authentication of the users
as well as a particular team has also been assigned for implementing the security. He stated that
10 | P a g e
all of our information is stored in the server database where only the responsible personal has
access and is under the complete observation by using the both CCTV cameras as well as certain
personal are also assigned. He further added although it costs more during assigning that extra
manpower for security purpose and during buying the server also during updating the security
processes, but due to its importance the college has accepted it.
Islington college’s whole information are stored in the server database so no any college staffs
can get direct access to it. The server runs in the college own LAN and the access to this network
is forbidden from outside also to get access to this network we need certain passwords. And by
adopting those practice of Information security the college is running successfully without the
fear of losing its data.
3.3 Analysis of environmental effects
Environment is also one of the main factors affecting the Information security. It is very
important to secure the physical devices from the environmental factors where the information is
stored. Environmental factors such as earthquakes, floods etc. can destroy the physical devices in
which information is stored. During the interview with the Mr. Prakash Shrestha who is one of
the lecturer and IT manager of Islington College he tell us that the server where all the
information are stored are placed in the secure place where there is no effects of any
environmental disaster. Despite this if something unexpected happens and if our server gets lost
or damaged then there is also a backup of those data which are updated in certain time. And
those backups are stored in the safe places under the hand of Security department.
11 | P a g e
Chapter 4: Conclusion
Information security has become one of the fundamental needs for those organizations whose
information are stored electronically. It has played very important role from its introduction
period till now. This has helped many organization to keep their information safe from outsider
and as well as from the attackers. The conclusion of this report can be figured out from Chapter
1, 2 and 3 by summarizing what benefits we actually get from it. By analyzing the economic and
environmental as well as with its benefits I came into the conclusion that this processes of
Information Security are very useful as well as demanding all among the organizations and also
have very much bright future with far more improvements in its strategies and access control
mechanism.
This report helps me a lot understanding what really Information Security is. This report also
helps me to understand the importance of Information Security and how the plans need to be
developed during the deployment of it in any organizations and companies. It also helps me to do
something useful and new in the field of Information Security.
4.1 Future of Information Security
With the changing technologies the new threats for the Information also emerges. As technology
changes always so nothing will ever be completely secure. But the experts are always searching
the new ways to improve the security services in order to protect the information. Various new
technologies are developing for the access control mechanism and servers and personal
computers are also updating day by day with the new security features. Despite with the
changing technologies and new kinds of attacks experts are always trying to improve their
security plans and provide their customer a new set of Information security. So we can conclude
that whatever may be the technology and whoever may be the attackers the changing and
updating Information Security services has a very great and bright future.
12 | P a g e
References
ACapria, 2009. Information Security: Advantages and Disadvantages. [Online] Available at:
http://anton-capria.blogspot.com/2009/02/information-security-advantages-and.html [Accessed
25 December 2012].
arapaho.nsuok.edu, 2011. Information security. [Online] Available at:
http://arapaho.nsuok.edu/~hutchisd/IS_4853/C6572_01.pdf [Accessed 20 December 2012].
FFIEC, 2006. Information Security. [Online] Federal Financial Institutions Examination Council
Available at: http://www.isaca.org/Groups/Professional-English/it-audit-tools-and-
techniques/GroupDocuments/information_security.pdf [Accessed 20 December 2012].
infosecisland.com, 2012. Security-Issues-for-2012. [Online] Available at:
http://www.infosecisland.com/blogview/19644-IT-Security-Issues-for-2012.html [Accessed
2013 0102 2013].
pwc, 2012. Information Security Breaches Survey. Technical report. [Online] Available at:
http://www.pwc.co.uk/en_UK/uk/assets/pdf/olpapp/uk-information-security-breaches-survey-
technical-report.pdf [Accessed 25 December 2012].
Reed, P.J., 2012. Five Information Security Issues We All Face Today. [Online] Available at:
http://www.shortinfosec.net/2011/09/five-information-security-issues-we-all.html [Accessed 26
December 2012].
www.oregon.gov, 2012. Basic Information Security Principles. [Online] Available at:
http://www.oregon.gov/DAS/CIO/ISRC/pages/intro_basics.aspx [Accessed 24 December 2012].