Goals and Practices in Maintaining Information Systems Security

Goals and Practices in Maintaining Information Systems Security

Zippy Erlich (The Open University of Israel, Israel) and Moshe Zviran (Tel-Aviv University, Israel)
DOI: 10.4018/978-1-4666-0026-3.ch012


With the rapid growth of information systems and networks, security is a major concern of organizations. The main goals of information systems security are confidentiality, integrity, and availability. The cornerstone of an organization’s security lies in designing, developing and implementing proper information systems’ security policy that balances security goals with the organization’s needs. In this paper, the authors discuss the goals of information systems security and the techniques to achieve them. Specifically, the paper focuses on access control and the various authentication approaches, as well as intrusion detection and prevention systems. As attacks become more frequent and devastating, ongoing research is required to adapt and improve security technologies and policies to reflect new modes of attack to keep information systems secure.
Chapter Preview

Main Goals Of Information Systems Security

There are various definitions of computer security; each views computer security from a different standpoint. Security professionals tend to define three interdependent information security goals: confidentiality, integrity, and availability (CIA) (Solomon & Chapple, 2005).

Confidentiality is the main goal of information security and refers to preventing confidential information from falling into the hands of unauthorized users. Access controls and encryption processes can prevent this.

Integrity refers to preventing unauthorized alteration and modification of data, either by unauthorized users such as hackers, or by authorized users making unauthorized modifications. Access controls prevent such modification of data by unauthorized users. In addition, to ensure integrity, a backup policy should be defined to protect against corruption or loss of data.

Complete Chapter List

Search this Book: