Information security is a vast subject and covers a multitude of imperfections. Simply put, it provides the necessary mechanism so that curious people cannot access the information that is not addressed to them.
The ability to communicate globally and conduct an electronic exchange of information is a time that every scientist aspires to.
Nature of computer-attacked information:
- Complexes: secrets or competitive information;
The opportunity brought by communications through computer networks must be counterbalanced with a very good understanding of the risks to the security of the respective systems.
- Simple: computer address, employee address, email address, etc.
As the transactions increase and diversify, the exchange of information between different compartments of an institution or with external partners increases the need for security.
Information about partners, customers, suppliers or other categories, whether financial, productive, military or employee, etc., may be in transit on a network or stored on a server.
It is easy to understand why this environment is concerned about the large benefits gained from the relatively low costs of electronic communications worldwide. We can say that by simply pressing a key or a mouse click the information is sent where it is needed. It is important that this information does not reach into the hands of malicious people or adversaries of any kind: economic, political, military.
The strength of an institution's security policy is the implementation of a strategic access control plan. This plan should include solutions for establishing multiple barriers between unauthorized access, premeditated entry, and protected
information of the institution.
The main reason for developing the security policy is the use of computer science as a tool for communications, data transfer. The security policy involves the route from figure 2.1. , thus: based on the risk analysis, the possible threats to the analyzed system are identified. Each risk or threat exploits a gap in the respective security system. The risk analysis must take into account not only the possible damages produced but also the probability of their occurrence. The result of the analysis aims to counter the gaps or deficiencies in the security of the system. Once this analysis is complete, the security policy can be created.
Figure 1. Developing the security policy
The result of this process is embodied in
the security policy, on the next page.
Viimati muudetud: Wednesday, 5. May 2021, 15.57 PM