The information systems security, computer systems security or computer security,is a cognitive field της in Computerς της Science, and in particular their industry υπολογιστικών συστημάτων, which deals with the protection of computers, of networks interconnecting them and the data in these systems, preventing their unauthorized access or use.
Security policy design
The security policy design in information systems, is directly linked to both techniques, procedures and administrative measures as well as to ethical-social perceptions, principles and assumptions, protecting against any kind of threat accidental or intentional. Security policy-making processes should not interfere with the smooth operation of information systems, and should adhere to the principle of decentralization, replacement and in-depth defense. The basis can be the identification, evaluation and subsequent formulation of a theoretical framework for the design of security planning policies.
Το πιο βασικό σημείο στη διαδικασία σχεδιασμού ασφαλών πολιτικών, είναι ο εντοπισμός και χαρακτηρισμός ως εμπιστευτικών των πληροφοριών που πρόκειται να χρησιμοποιηθούν και να προστατευθούν. Εκτός από τις αρχές της Ακεραιότητας Πληροφοριών, the Confidentiality και τη Διαθεσιμότητα Πληροφοριών οι πολιτικές ασφάλειας θα πρέπει να εμπεριέχουν και τους όρους αυθεντικότητα, εγκυρότητα, μοναδικότητα and μη αποποίηση.
However, security policies presuppose the existence of a set of basic principles, clearly articulated operating systems. Each object of the system should be able to be unambiguously identified and accompanied by an indication of the degree of confidentiality. In addition, the strength of insurance mechanisms should not be based on users' ignorance of the security techniques used but on their effective design.
The goal of a security policy system is to limit risk to an acceptable level. The system includes risk assessment and limitation of the acceptable level of security, development and implementation of a security policy as well as creation of an appropriate organizational framework and securing the necessary resources for the implementation of the security policy. Civil security together with all the protection measures constitute the security plan for the information systems of an organization because we need a complete framework with the guidance of the security measures to function as a means of communication of those involved in security issues.
In addition, the importance of information system security for the members of the organization is established, a security culture is created as it is often a legal obligation and is a factor of trust between the organization and customers. The types of security policies are a) technical (computer oriented) information systems, operating systems and computer networks b) organizational (human oriented) and c) individual (individual security policies). It includes fragmented management of information systems security and great complexity in maintenance while it is effective in standalone applications and computer systems that are not interconnected.
In a cohesive document, which is not easy to use due to volume and with general level information, lists all the computer systems, applications and process of the information system.
The requirements for the security of the information system must be met by the political security coming from all those involved in the use and operation of the information system of an organization that are the users and the administrators of the information system, the administration of the organization, its customers the legal and regulatory provisions governing their operation.
The definition of information system security policy should cover the following categories
- Staffing issues
- Physical security
- Information system access control
- Hardware and software management
- Legal obligations
- Security policy management
- Organizational structure
- Σχέδιο συνέχισης λειτουργίας
When implementing a security policy we seek:
- instructions and protection measures must cover all goods and all functions (completeness)
- to consider current technological developments (news)
- with some modifications or additions the policy may cover minor changes or extensions to the information system (generalizability). In addition, there must be clarity and easy understanding, technological independence and suitability depending on the organization to which it is addressed.
For a security policy system to be successful it must support business objectives, involve management, be environmentally friendly, educate users appropriately, have evaluation and access be easy and direct for all users. of the information system. Finally, content and applications need to be updated regularly.
The information systems security is based on three basic ideas.
The integrity refers to the retention of an information system's data in a known condition without undesired modifications, subtractions or additions by unauthorized persons, as well as preventing unauthorized persons from accessing or using the computers and networks of the system.
The availability of data and computing resources is to ensure that computers, networks and data will be available to users whenever their use is required.
A typical threat faced by modern information systems is DoS attack , which aims to disable the targeted resources either temporarily or permanently. Denial of service is not necessarily caused by a hostile attack. The Slashdot effect, in which a link to a website hosted on a low-capacity server is posted on a popular site, causing hundreds of thousands of readers to overload the link to that website, causing the same effect.
The confidentiality means that sensitive information should not be disclosed to unauthorized persons.
The leakage of sensitive information can be done by more traditional methods than digital interception, e.g. with the theft of laptops from the appropriate department of a company. In 2006 a study of 480 companies showed that 80% of companies had a problem with information leakage due to theft of a laptop.