An Overview on Information Security
Information security means keeping information from unauthorised access, providing the information to keep its integrity and accuracy and assuring to make it accessible on the intended time. As there are so many sides of Informatics Security, three fundamental principles can be noticed: Privacy, Data Integrity and Continuity.
Privacy; inhibiting the access to information by unauthorized parties. Privacy is valid for hidden data on permanent settings (disc, tape etc.) as well as data transfer from one to another on the web. Attackers/hackers can access to data they’re not allowed to reach, in many ways: stealing password documents, social engineering, capturing a personal information of a computer user without them being noticed. (Peeping while they’re entering the password etc.)
Integrity; transmitting the data as the way it was released, to the receiver. At this point data, reaches to the receiver, unaffected on the way of communication, no new data were added, not completely nor partially repeated and in order.
Continuity Service; aims on keeping the informatics systems safe from success reducer threats from both in and out of the establishment. Under the favor of continuity service, users can access to the data they are authorized to use, without the data losing its freshness, safe and on time.
Threats; Threat can be defined as the hidden reason behind the undesired incident that causes damage to a system or establishment. Every threat has a source and a “security gap” in the system that the threat benefit from.
The answer given to the question; “What should I protect the system from?” will be helpful determining the threats against the system.
Threats can be examined in two groups considering the source of the threat:
- Man-made Threats: these kind of threats can be separated into two subgroups too: a.)Ones occurred after behavior of no bad intentions: These are the malfunctions caused by a user, using the system unconsciously, with no knowledge and insufficient education.
b.) Ones occurred after behavior of bad intentions: All of the behaviors on the system with the aim of damaging the system. With these kind of threats, “system gaps” are used in benefit to solve the problem.
- Nature Caused Threats: These kind of threats cannot be determined beforehand and cannot be prevented most of the time. Earthquake, fire, flood, sudden temperature change, landslide and avalanche can be given as examples.
Risk; A threat source’s probability to have an unauthorized access to a system via security gap is defined as the risk of a threat. Decrease of the threat sources or security gaps will decrease the risk of a threat at the same rate.
Improvement of Informatics Security and Security Types
Various types of methods were used to provide information security, throughout the history. From past to present, studies on these topics were made to ensure information security; Physical and Environment Security, Communication Security, Computer Security, Web (Network) Security, Application Security, Database Security.
Physical and Environment Security; When considered in terms of informatics security, it can be perceived as the prevention of unauthorized access to the establishment and conservation of data stocks from theft or danger, in practice.
Communication Security; cryptography and steganography is used in order to ensure communication security.
Cryptography; making the message incomprehensible. The existence of the message is known but the content is not clear.
Steganography; means storing a data in a data. It’s a method that hides a secret script or the existence of the communication. While cryptography makes a message’s content invisible, steganography hides a message invisibly.
Computer Security; first thing that comes to mind when heard computer security is the privacy, integrity and guarding against accessibility threats, of informatics systems.
Web (Network) Security Web (Network) is defined as; more than two computers’ cabled or wireless communication. By the increase in use of web, violation of security increased and the need of precaution for information security scaled up.
Providing Information Security
When the topic of securing the informatics systems addressed with a comprehensive and integrated attitude, most probably you will not succeed. Informatics security can be handled in three fundamental perspectives. These are the three courses:
Executive Precaution, Technology Practices, Education and Raising Awareness. Each and every one of the three courses need the other two to work completely.
Executive precautions can be summed up as; a range of rules related to security administration being presented and implemented. Just like any other, success in informatics security can be achieved with a good planning and well identification of high politics. After that, putting the identified items on paper, in short procedure, forming the documents like instructions should follow.
Some of the technologies used in order to provide Informatics Security;
- Digital Signature
- Web Classification and Security Walls
- Back Up
- Attack Determination and Monitoring
- Access Control
- Security Depth
Education and Raising Awareness
In this course; users that achieve their daily actions by using informatics security are targeted to be educated in security related topics so the possibility of them being a security gap or a risk to the establishment is minimized.
Institutions Related To Information Security
These establishments are seen as an authority on information security. Founding purposes are making positive content about information security and serve to the very special information security aims that they’ve made for themselves.
Here are some of the institutions related to information security:
CERT (Computer Emergency Response Team) – USA based foundation who makes proactive researches on security and take care of emergency response.
CIS (Center for Internet Security) – USA based foundation that publishes adaptation tools about security.
ISC2 (International Information Systems Security Certification Consortium, Inc.) – a foundation that makes certification on information security.
CSRC (Computer Security Resource Center) – a foundation that publisher articles about security.
FIPS200 (Federal Information Processing Standard 200) – determines the security standards on data processing.
CSI (Computer Security Institute) – an institute that gives education on security.
ISSA (Information Systems Security Association) – a nonprofit platform where data about security is shared.
SANS Institute – an establishment where education about security is given, researches been made to inform and certificates are given.
TÜBİTAK (Scientific and Technological Research Council of Turkey) – National gate of information security, informs public opinion via articles and beneficial informations about information security.