The term information security refers to the way of protecting information systems and the information stored in it from the unauthorized access, use, modification, disclosure, or disruption.
Information security is the process of ensuring and maintaining confidentiality, availability and integrity of data. Confidentiality refers to protection of information from unauthorized access. The information is disclosed only to those who are authorized to access it.
Integrity refers to the assurance that information is trustworthy, accurate and genuine. It protects the information from unauthorized modification. Availability means only authorized users should be able to access the information whenever needed. It ensures the timely access to data whenever it is needed by the authorized users.
Information is a valuable asset because we are living in an information society and all the activities either personal or professional are dependent on information. So, protection of information against unauthorized access is a major part of information security.
Sources of Threats to Information Security
Sources of threats to information security can be grouped into two basic categories:
- Internal Sources
- External Sources
Information security threats can emerge from the internal sources of an organisation. These sources may commit computer fraud by making unauthorized access to the information for their own benefits, thereby causing a threat to the security of the information.
Following are the internal sources of threat to the information security:
- Computer Information
- Stored Data
Input frauds can be committed at the level of input. It is the simplest and most common way of committing a fraud. By changing the input, a perpetrator can commit different types of computer frauds such as disbursement of frauds in fake names, alteration of bank account balances, etc.
Computer frauds can be committed through and unauthorized system use, including the theft of computer time and services. The employees may use computer time for their own benefits for which they have not been authorized.
Computer frauds can be committed by tempering software that processes data. It may involve modifying the software, making its illegal copies, or using it in unauthorized manner.
Computer frauds can be committed by altering stored data in an unauthorized way or retrieving sensitive data and passing this data to others at a price.
Computer frauds can be committed by stealing or misusing computer system output. An output can be either displayed on monitors or printed on paper.
Information security threats can also emerge from the sources external to an organization. These sources can damage the information by having unauthorized access to the stand – alone computer systems or the systems that are linked through computer network, particularly Internet.
External sources may commit computer frauds through removal of information, destruction of system confidentiality, integrity and availability, interferences with web pages, interception of electronic mails, interception of electronic data transfer, interception of electronic payments and transmission of malicious software such as viruses, worms etc.
Various types of external threats are:
- Computer Viruses
- Internet Frauds
A computer virus is a software code that replicates itself and corrupts information simultaneously. Most viruses work silently so that the user is unaware of the infection.
It is a malicious software program loaded onto a user’s computer without the user’s knowledge and performs malicious actions. After entering a computer, a virus attaches of the host program triggers the action of the virus simultaneously.
It can self-replicate, inserting itself onto other programs or files, infecting them in the process. When this replication succeeds, the affected areas are ten said to be “infected” with a computer virus.
Hacking refers to gaining access to confidential web sites and data through the intension may not be malicious.
Cracking is used to have access to confidential web sites with malicious intensions.
Sending e-mail, which is fake and appears to be sent by someone else.
Sending threatening e-mail forcing the recipient to do something beneficial to the sender.
Sending misleading information on the subject of wider importance.