Information Security Principles
A general definition of security is to being in the state of security – to be free from any kind of danger. In other words, security is protection against adversaries – from those who would harm, intentionally or otherwise. Today, we can observe the concept of security in almost every place. The most common forms of security is a unilayered or unifaceted system. But in case of organizations or the nation as such, resort to a multilayered system.
Some of the most common forms of securities that can be found in many organizations include
- Physical security
- Personnel security
- Operations security
- Communications security
- Network security
- Information security
Of the above forms of securities, information security is one of the major concerns today. Information security as defined by the Committee on National Security Systems, defines information security as the protection of information and its critical elements, including the systems and hardware that use, store and transmit that information.
Here the importance of information must be acknowledged. Information is one of the most valued assets today. It is because of the characteristics it possesses. Some of the characteristics that information possesses include availability, accuracy, authenticity, confidentiality, integrity, utility, possession, etc.
Information needs to be protected from unauthorized access. Information leakage can be dangerous for many organizations. Sometimes, information relating to the internal affairs of an organization are leaked. Such information may include the decision to implement a new type of cost cutting system, the financial information of the organization, the list of customers and their financial information, research and development information, information regarding a new product line, etc. Loosing such information can prove to be very costly for an organization. In case of government, key and strategic information is of utmost importance. Sometimes, information about national security can be at stake. Such information can include the list of weapons, testing of new weapons, key and strategic places where weapons are stored, etc.
All these kinds of information must be protected. This calls for information security approaches which can be implemented. This will include
Bottom-Up Approach: A Bottom-Up approach is the best suited approach for implementing a very good security system. One of the biggest advantages of this system is that the system or the network administrators who are using this system will implement a security system at the grassroot level. This can enhance the information security of the concern. The administrators who possess in-depth knowledge of the system will implement a right security system which would be apt for the organization in terms of their level of operations. In a way, they can help in customizing the security system.
Top-Down Approach: In this approach, the higher management of the organization will issue policy, procedures and processes to implement the type of security in the organization. This type of information security will have its own advantages. The top level management will consult experts before implementing any such system. Experts in the field can forecast future contingencies and will help in preparing for enhanced security procedures which will stop infiltrators from not only entering into the systems now, but also in the future. This will also mean that the information security will be constantly monitored and improvements in the same will be undertaken on a regular basis.
For further details on IT Security, visit our websites athttp://www.helpwithassignment.com/IT_Security_Assignment_Help and http://www.helpwiththesis.com