INFORMATION SECURITY and ATTACK TYPES
A) Using various online resources try to find and document, with suitable sources, other IS security definitions.
The definitions of InfoSec suggested in different sources referenced in
the wiki are summarised below:
·
"Preservation of confidentiality, integrity
and availability of information. Note: In addition, other properties, such as
authenticity, accountability, non-repudiation and reliability can also be
involved." (ISO/IEC 27000:2009)
·
"The protection of information and
information systems from unauthorized access, use, disclosure, disruption,
modification, or destruction in order to provide confidentiality, integrity,
and availability." (CNSS, 2010)
·
"Ensures that only authorized users (confidentiality)
have access to accurate and complete information (integrity) when required
(availability)." (ISACA, 2008)
·
"Information Security is the process of
protecting the intellectual property of an organisation." (Pipkin, 2000)
·
"...information security is a risk
management discipline, whose job is to manage the cost of information risk to
the business." (McDermott and Geer, 2001)
·
"A well-informed sense of assurance that
information risks and controls are in balance." (Anderson, J., 2003)
·
"Information security is the protection of
information and minimises the risk of exposing information to unauthorised
parties." (Venter and Eloff, 2003)
·
"Information Security is a
multidisciplinary area of study and professional activity which is concerned
with the development and implementation of security mechanisms of all available
types (technical, organisational, human-oriented and legal) in order to keep
information in all its locations (within and outside the organisation's
perimeter) and, consequently, information systems, where information is
created, processed, stored, transmitted and destroyed, free from threats.
·
Threats to information and information systems
may be categorised and a corresponding security goal may be defined for each
category of threats. A set of security goals, identified as a result of a
threat analysis, should be revised periodically to ensure its adequacy and
conformance with the evolving environment. The currently relevant set of
security goals may include: confidentiality, integrity, availability, privacy,
authenticity & trustworthiness, non-repudiation, accountability and
auditability." (Cherdantseva and Hilton, 2013),(wiki, 2015)
·
The protection of information and information
systems against unauthorized access or modification of information, whether in
storage, processing, or transit, and against denial of service to authorized
users. Information security includes those measures necessary to detect,
document, and counter such threats. Information security is composed of
computer security and communications security. (freedict.com,2015)
·
Information Security refers to the processes and
methodologies which are designed and implemented to protect print, electronic,
or any other form of confidential, private and sensitive information or data
from unauthorized access, use, misuse, disclosure, destruction, modification,
or disruption. (sans.org,2015)
·
"Information security means protecting
information and information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction. The terms information security,
computer security and information assurance are frequently used
interchangeably. These fields are interrelated and share the common goals of
protecting the confidentiality, integrity and availability of information;
however, there are some subtle differences between them. These differences lie
primarily in the approach to the subject, the methodologies used, and the areas
of concentration. Information security is concerned with the confidentiality,
integrity and availability of data regardless of the form the data may take:
electronic, print, or other forms." (Wikipedia, 2015)
B) Comment on the traditional definition of IS security and the definition of Cyber security
The traditional
definition of IS security was the protection and prevention of exploitation of
information online, today information scalability has increased to such a level
that availability, authenticity and privacy have become the main ideals of IS
security.
Cybersecurity strives to ensure the attainment and maintenance of the
security properties of the organization and user’s assets against relevant
security risks in the cyber environment.
Today a large set of tools, policies, security concepts and
safeguards, guidelines, risk management approaches, actions, training, best
practices, assurance and technologies that can be used to protect the cyber
environment and organization and user’s assets can be described as cyber
security. Organization and user’s assets include connected computing devices,
personnel, infrastructure, applications, services, telecommunications systems,
and the totality of transmitted and/or stored information in the cyber
environment.
The
general security objectives comprise of the following:
·
Availability
·
Integrity, which may
include authenticity and non-repudiation
·
Confidentiality, the
assurance of privacy and personal information protection(itu.int,2015)
References
·
(itu.int,2015). Retrieved from: http://www.itu.int/en/ITU-T/studygroups/com17/Pages/cybersecurity.aspx
·
No comments:
Post a Comment