Information security II What is information security?

In this article, we will discuss information security, information security threats, what is information security and different areas related with the information security. 

Information security 

Information security, is a set of practices intended to keep data secure  from unauthorized access or alterations , both when it's being stored and when it's being transmitted from one machine or physical location to another. It is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Information can be anything like our details or we can say our profile on social media, data in mobile  phone, biometrics etc. Thus information security spans so many research areas like Cryptography , Mobile Computing, Cyber Forensics, Online Social Media, etc.

Threats of Information System Security

The following are the most important information security threats

Unauthorized Access (Hacker and Cracker)

One of the most common security risks in relation to computerized information systems is the danger of unauthorized access to confidential data. The main concern comes from unwanted intruders , or hackers, who use the latest technology and  their skills to break into supposedly secure computers or to disable them. A person who gains access to information system for malicious reason is often termed of cracker rather than a hacker.

Computer Viruses

Computer virus is a kind of nasty software written deliberately to enter a computer without the user's permission or knowledge, with an ability to duplicate itself , thus continuing to spread. Some viruses do little but duplicate others can cause severe harm or adversely affect program and performance of the system. Virus program may still cause crashes and data loss. In many cases, the damages caused by computer virus might be accidental, arising merely as the result of poor programming. Type of viruses, for example, worms and Trojan horses.

Theft

The loss of important hardware , software or data can have  significant effects on an organization's effectiveness . Theft can be divided into three basic categories: physical theft, data theft, and identity theft.

Sabotage

With  regard to information systems, damage may be on purpose or accidental and carried out an individual basis or as an act of industrial sabotage. Insiders have knowledge that provide them with capability to cause maximum interruption to an agency  by sabotaging information systems. Example include destroying hardware and infrastructure, changing data, entering incorrect data, deleting software, planting logic bombs , deleting data, planting a virus.

Vandalism

Deliberate damage cause to hardware, software and data is considered a serious threat to information system security . The threat from vandalism lies in the fact that the organization is temporarily denied access to someone of its resources. Even relatively minor damage to parts of a system can have a significant effect on the organization as a whole.

Accidents

Major of damage caused to information systems or corporate data arises as a result of human error. Accidental misuse or damage will be affected over time by the attitude and disposition of the staff in addition to the environment . Human errors have a greater impact on information system security than do manmade threats caused by purposeful attacks. Bust most accidents that are serious threats to the security of information systems can be mitigated.

Malicious code

Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system.  Malicious code is an application security threat that cannot be efficiently controlled by conventional antivirus software alone. Malicious code describes a broad category of system security terms that includes attack script, viruses, worms, Trojan horses, backdoors and malicious active content.

Malicious code can take the form of :

• Java Applets
• Active X Controls
• Scripting languages
• Browser  plug-ins
• Pushed content

Malicious Code threaten

Malicious  code can give a user remote access to a computer. This is known as an application backdoor. Backdoors  may be created with malicious intent, to gain access to confidential company or customer information. But they can also be created by a programmer who wants quick access to an application for troubleshooting purposes. They can even be created inadvertently through programming errors. Regardless of their origin, all backdoors and malicious code can become  a security threat if they are found and exploited by hackers or unauthorized users. As applications today to be built more and more often with reusable components from a variety of sources with varying levels of security, malicious code can pose a significant operational risk to the enterprise. That's why so many enterprises today are turning to Vera code to secure their applications.