i | P a g e

Abstract

The main goal of this report is to introduce the key concept and analyzing the economic and

environmental issues related to the Information Security. This report will mainly helpful for the

entire Computing student and all other who are interested in the field of Information Security.

This report starts with the Introduction section which describes what really Information Security

is, along with its advantages, its principles and briefly explains about how it is carried out.

Similarly in the next background chapter the history related to the Information Security is

describes along with its economic and environmental factors. In the next chapter a detail analysis

of the issues addressed in the chapter one and two are discussed with the appropriate examples

and evidences found from the surveys. Finally the report is concluded on the basic of analysis

with the future of Information Security.

ii | P a g e

Table of Contents Chapter 1: Introduction ................................................................................................................... 1

1.1 What is Information? ........................................................................................................ 1

1.2 What is Information Security? ......................................................................................... 1

1.3 Basic Information Security Principles.............................................................................. 2

1.4 Key benefits of information Security ............................................................................... 2

1.5 Key business issues on Information security ................................................................... 3

Chapter 2: Background ................................................................................................................... 4

2.1 History of Information Security ............................................................................................ 4

2.1.1 Information security is born ........................................................................................... 4

2.1.2 In 1960s .......................................................................................................................... 4

2.1.3 in 1970s and 80s............................................................................................................. 5

2.1.4 The 1990s ....................................................................................................................... 6

2.1.5 The present ..................................................................................................................... 6

2.2 Economic effects in Information Security ............................................................................ 7

2.3 Environmental effects in Information Security..................................................................... 7

Chapter 3: Analysis ......................................................................................................................... 8

3.1 Analysis of benefits of Information security ........................................................................ 8

3.2 Analysis of economic effects ........................................................................................... 9

3.3 Analysis of environmental effects ...................................................................................... 10

Chapter 4: Conclusion................................................................................................................... 11

4.1 Future of Information Security ........................................................................................... 11

References ..................................................................................................................................... 12

iii | P a g e

List of figures

Figure 1: Development of ARPANET program Plan. .................................................................... 5

Figure 2: showing the amount of money spends for the Security purpose. (pwc, 2012) ................ 9

(infosecisland.com, 2012)

iv | P a g e

1 | P a g e

Chapter 1: Introduction

Objective of this chapter: The main objective of this chapter is to demonstrate and introduce

the key concepts related to the Information security. This is very much important for the

computing student understanding what Information security is and what its importance in any

organizations is.

1.1 What is Information?

Information is a kind of data or we can say it assets which has certain value to an organization

and consequently needs to be suitably protected. Information can be off many forms such as it

may be printed or written, electronically, displayed and so on. Every information used in the

organization needs to be protected i.e. needs to be secured. To secure that information we need to

apply some Information security measurement. In which we are going to detail dealt with it

(FFIEC, 2006).

1.2 What is Information Security?

The processes that the organizations applies to protect and secure its facilities, systems and

media that process as well as maintain information which are very important to its operations is

known as information security (FFIEC, 2006). The security of the industry’s system and also its

information is very much essential for its safety and soundness as well as to maintain the privacy

of the customer’s financial information. Institute as well as financial organization must have to

maintain the effective security programs which are adequate to their operational complexity.

Senior management level support, integration of the security activities and controls throughout

all the organization’s business processes must be included in any security programs of any

organization (FFIEC, 2006).

2 | P a g e

1.3 Basic Information Security Principles

Basically CIA (Confidentially, Integrity and availability) triad is considered as the basic

principle of the information security. The basic principles of the information security are given

below:

a. Confidentiality means assigning the permission for only those peoples who have right to

access the information. Using strong password on the computer, locking filing cabinets

and shredding valuable documents are some of its example (www.oregon.gov, 2012).

b. Integrity means ensuring that information remains intact and unaltered. This means

watching out for alterations through malicious action, natural disaster, or even a simple

innocent mistake (www.oregon.gov, 2012).

c. Availability means that the information is available to us at any time it is needed. This

ensures that no other person is able to block legitimate or timely access to that

information (www.oregon.gov, 2012).

1.4 Key benefits of information Security

Among the various benefits of the Information securities the authentication of unauthorized

personal that are vulnerable to the organization data can be considered as its main benefits.

Another main advantage of it is Information security protects users valuable information both

while in use and while it is being stored (ACapria, 2009). Information security enables financial

institution to meets its business objectives by implementing business system by considering the

risks of IT to the organization, trading partners, service providers and customers. Complete

benefits of information Security is discussed later in analysis section 3.1 of this very document.

3 | P a g e

1.5 Key business issues on Information security

Due to the changing technologies the way we live in and do business are changing day by day.

With the numerous amounts of benefits there are always a certain challenges that come during

implementing it (Reed, 2012). Some of the issues related to the Information Security are:

1. Awareness

2. Complacent Business

3. Risk management

4. Recognizing problems

4 | P a g e

Chapter 2: Background

Objective of this chapter: The main objective of this chapter is to provide full historical

background, economic and environmental issues related to the Information Security.

2.1 History of Information Security

2.1.1 Information security is born

The history of the information starts parallel with the computer security. The need to

secure the physical locations, hardware’s and software from outside threats during the

world war II when the first mainframes which was to developed to aid the

communication was realized from that day the need of computer security arose. Multiple

levels of security were implemented to protect those mainframes as well as to secure the

data integrity. Access to those locations was used to control via badges, keys and facial

recognition of authorized personals by the security guards (arapaho.nsuok.edu, 2011).

During those early days information security was only known as physical security and

with the simple document classification schemes. But the first documented security

problems that was not physical in nature. In the year of 1960s, The system administrator

of MOTD (message of the day) was working on the certain file, during which another

administrator was wditing the password file. But a software glitch mixed those two files

and then entire password file was printed on every output file (arapaho.nsuok.edu, 2011).

From that day on the needs of information security is increased.

2.1.2 In 1960s

During the cold war, lots of numbers of such mainframes were bought online in order to

accomplish the more complex and sophisticated tasks. It became necessary to find such a

way that these mainframes were able to communicate with each other by the mean of less

cumbersome process rather than by mailing magnetics tapes between the computer

centers. With response to this problem the Department of Defenses of Advanced

Research project Agency (ARPA) begins the examining of the feasibility of a redundant

networked communication system to support the military exchange of information. Larry

Roberts, also known as the founder of the Internet, developed the project known as

ARPANET from its inception (arapaho.nsuok.edu, 2011).

5 | P a g e

Figure 1: Development of ARPANET program Plan.

2.1.3 in 1970s and 80s

During the next following decade ARPANET became very much popular and being

widely used the risks for its misuse increases. In December 1973, Robert M. “Bob”

Metcalfe identified fundamental problems with ARPANET security. Remote site

Individual does not have enough safeguards and controls to protect their data from the

unauthorized remote users. Due to widely distribution of the phone numbers and openly

placed on the wall of the phone booths provides hackers easy access to the ARPANET.

And because of frequent violation of security and explosion in the numbers of hosts on

the ARPANET, network security was referred as network insecurity. In the year of 1978,

a famous book named “Protection Analysis: Final Report” was published which focuses

on project undertaken by ARPA to discover the vulnerabilities of operating system

security. (arapaho.nsuok.edu, 2011)

In June 1967, the advanced research projects Agency formed a task force in order to

study the processes of securing the classified information system. This task force was

6 | P a g e

assembled in the year of 1967 and met regularly to formulate the recommendations,

which later became the contents of the Rand Report R-609, which attempted to define the

multiple controls and mechanism which were necessary for the protection of multilevel

computer system (arapaho.nsuok.edu, 2011).

2.1.4 The 1990s

1990s is also known as the birth of the Internet, the first global network of networks. This

internet brings connectivity to virtually all computers which are connected to the phone

lines as well as internet based local Area network (LAN). After the commercialization of

the internet technology then became pervasive. During the early days computing

approaches were relied on security that was built in physical environment of the data

center which also housed the computers but in 1990s as network computer became the

dominant style of computing the ability to physically secure a networked computer was

lost and then the stored information becomes more exposed to the security threats.

(arapaho.nsuok.edu, 2011)

2.1.5 The present

In the present days Internet connects our computer to the millions of other unsecured

computer network into endless communication with each other. The security of each

computer’s stored information is now depending on the level of security of every other

computer to which it is connected (arapaho.nsuok.edu, 2011).

7 | P a g e

2.2 Economic effects in Information Security

While implementing the Information security in any organization economic issues must be

considered. Recent research shows that only 8% of the IT budgets are used on security same as

in the year of 2010. Medium sized companies spend average slightly more than small or large

one use about 10% of the IT budget for the security purpose (pwc, 2012).

It does not matter how big or the small the organizations are but certain security measures must

be adopted in order to protect their valuable information and data. The organization must not

neglect the spending of money for enabling the security.

About 1 in 8 organizations now spend less than 1% of the IT budget on security. Most of the

large business organization expects this trend to continue but other small organization are more

likely to keep their expenditure constant in the next year (pwc, 2012). This kind of economic

seen in local area of Nepal is furthermore analyzed briefly in the analysis section 3.2 of this

report.

2.3 Environmental effects in Information Security

Information security does not have only economic factors but also have environmental factors to

effects it too. Information’s stored on certain physical location and physical devices may

damages or lost due to certain environmental factors such as earthquakes, landslides, floods etc.

Certain bio-metrics devices used for the security purpose may not works under certain

environmental condition. Such factors must also be considered during the implementation of the

information security in any organizations. This kind of economic seen in local area of Nepal is

furthermore analyzed briefly in the analysis section 3.3 of this very report.

8 | P a g e

Chapter 3: Analysis

Objective of this chapter: This chapter include the brief analysis of benefits, issues on

economic as well as environmental which are enlisted in the previous chapter 1 and 2. By

reading this chapter computing student can get full knowledge on the importance of using the

Information Security approaches as well as the results that the company may face in the absence

of it.

3.1 Analysis of benefits of Information security

Now a days Information security has been so much popular because most of the organizations

now a days use computer based and all their data and information are stored electronically. As

mentioned in the section 1.3 of chapter 1 the principles of information security explains itself the

importance of Information security. In the absence of proper Information security i.e. if we use

only a guard to secure the information then it might sometime get dangerous because sometime

the guard himself involves in the theft of information for others for certain price.

However with the proper implementation of information security those kinds of attacks will be

worthless because no other personal get chance to access the information without the proper

authentication provided by the organization. As technology changes always so nothing will ever

be completely secure. Due to the changing technology the currently used security procedures

may not always satisfy the needs, so it must be updated according to the changing technology. So

the applied procedures may sometime get extremely complicated that the users sometime might

not understand what they are dealing with (ACapria, 2009).

If a security personal that is responsible in maintaining the Information security misses one

single area that needs to be protected the whole system could be compromised. Whatever may be

the drawback on implementing the Information security its popularity is increasing day by day

and almost every organizations are adopting it to make their information secure.

9 | P a g e

3.2 Analysis of economic effects

Due to the adaptation of computers by almost every organization, whose information are

stored electronically, the needs for the use of Information security has been increasing now a

days. In the survey conducted in the year 2012 states that only some of the large

organizations are spending most of the money for the security purpose only (pwc, 2012).

Following table states the result of survey.

Figure 2: showing the amount of money spends for the Security purpose. (pwc, 2012)

To gather the ideas related to this effect there require a field visit programme so I visit and

participated on Islington College which is affiliated to the London Metropolitan University and

situated in the Kamalpokhari, Kathmandu. There has been the implementation of Information

security to secure the various information related to their students along with the college own

financial information. In the interview with the IT manager and one of the lecturer of the college

Mr. Prakash Shrestha tell as that each and every information of the college are so valuable and

also contain college own financial information so to secure those information was first

challenging and costly but after realizing its importance college has adopted some of the

principles of Information security in order to make our information secure. He also mentions that

even if implementing those needs cost high but we have finally adopted it only because of its

importance. College now a day uses certain biometric devices for the authentication of the users

as well as a particular team has also been assigned for implementing the security. He stated that

10 | P a g e

all of our information is stored in the server database where only the responsible personal has

access and is under the complete observation by using the both CCTV cameras as well as certain

personal are also assigned. He further added although it costs more during assigning that extra

manpower for security purpose and during buying the server also during updating the security

processes, but due to its importance the college has accepted it.

Islington college’s whole information are stored in the server database so no any college staffs

can get direct access to it. The server runs in the college own LAN and the access to this network

is forbidden from outside also to get access to this network we need certain passwords. And by

adopting those practice of Information security the college is running successfully without the

fear of losing its data.

3.3 Analysis of environmental effects

Environment is also one of the main factors affecting the Information security. It is very

important to secure the physical devices from the environmental factors where the information is

stored. Environmental factors such as earthquakes, floods etc. can destroy the physical devices in

which information is stored. During the interview with the Mr. Prakash Shrestha who is one of

the lecturer and IT manager of Islington College he tell us that the server where all the

information are stored are placed in the secure place where there is no effects of any

environmental disaster. Despite this if something unexpected happens and if our server gets lost

or damaged then there is also a backup of those data which are updated in certain time. And

those backups are stored in the safe places under the hand of Security department.

11 | P a g e

Chapter 4: Conclusion

Information security has become one of the fundamental needs for those organizations whose

information are stored electronically. It has played very important role from its introduction

period till now. This has helped many organization to keep their information safe from outsider

and as well as from the attackers. The conclusion of this report can be figured out from Chapter

1, 2 and 3 by summarizing what benefits we actually get from it. By analyzing the economic and

environmental as well as with its benefits I came into the conclusion that this processes of

Information Security are very useful as well as demanding all among the organizations and also

have very much bright future with far more improvements in its strategies and access control

mechanism.

This report helps me a lot understanding what really Information Security is. This report also

helps me to understand the importance of Information Security and how the plans need to be

developed during the deployment of it in any organizations and companies. It also helps me to do

something useful and new in the field of Information Security.

4.1 Future of Information Security

With the changing technologies the new threats for the Information also emerges. As technology

changes always so nothing will ever be completely secure. But the experts are always searching

the new ways to improve the security services in order to protect the information. Various new

technologies are developing for the access control mechanism and servers and personal

computers are also updating day by day with the new security features. Despite with the

changing technologies and new kinds of attacks experts are always trying to improve their

security plans and provide their customer a new set of Information security. So we can conclude

that whatever may be the technology and whoever may be the attackers the changing and

updating Information Security services has a very great and bright future.

12 | P a g e

References

ACapria, 2009. Information Security: Advantages and Disadvantages. [Online] Available at:

http://anton-capria.blogspot.com/2009/02/information-security-advantages-and.html [Accessed

25 December 2012].

arapaho.nsuok.edu, 2011. Information security. [Online] Available at:

http://arapaho.nsuok.edu/~hutchisd/IS_4853/C6572_01.pdf [Accessed 20 December 2012].

FFIEC, 2006. Information Security. [Online] Federal Financial Institutions Examination Council

Available at: http://www.isaca.org/Groups/Professional-English/it-audit-tools-and-

techniques/GroupDocuments/information_security.pdf [Accessed 20 December 2012].

infosecisland.com, 2012. Security-Issues-for-2012. [Online] Available at:

http://www.infosecisland.com/blogview/19644-IT-Security-Issues-for-2012.html [Accessed

2013 0102 2013].

pwc, 2012. Information Security Breaches Survey. Technical report. [Online] Available at:

http://www.pwc.co.uk/en_UK/uk/assets/pdf/olpapp/uk-information-security-breaches-survey-

technical-report.pdf [Accessed 25 December 2012].

Reed, P.J., 2012. Five Information Security Issues We All Face Today. [Online] Available at:

http://www.shortinfosec.net/2011/09/five-information-security-issues-we-all.html [Accessed 26

December 2012].

www.oregon.gov, 2012. Basic Information Security Principles. [Online] Available at:

http://www.oregon.gov/DAS/CIO/ISRC/pages/intro_basics.aspx [Accessed 24 December 2012].