A comprehensive and integrated view on the security of an Information System considering all its parts (hardware, software, human factor, data, and the impact of real world) is presented in the chapter. The security of information systems cannot be solved only by management of Information Technologies, because Information Technologies constitute only a part of Information System. The design of a well-implemented information security management system is the reliable way towards the safety of information in a company or in an institution. Integrated approach to the security of an Information System is introduced, and recommendations for managing the security of the Information System are given.
TopIntroduction
Information is an asset to the company having substantial value. Therefore it must be suitably protected. With the increasing interconnection among companies and their environs the need to protect this information is more important. With the increasing digitization, information is exposed to an increasing number of different threats and vulnerabilities.
Information exists in various forms. Information can be printed or written on a paper, stored electronically, sent by mail, electronically captured on film or can be mentioned in conversation.
Information security management is focused on a wide range of threats and ensures business continuity, minimizes business losses, and maximizes return on investment and of business opportunities. Defining, promoting and improving the quality of information security can be essential to maintaining competitiveness, cash flow, profitability, legal compliance, and reputation of the company.
Information systems of companies suffer by increasing number of security threats from various sources, including computer fraud, espionage, sabotage, vandalism, fires and floods. Sources of damage, such as computer viruses and hackers are becoming more common, growing in sophistication and danger. Despite all of these external threats, the greatest danger is the human factor, i.e. the employees of the company.
Many information systems were not designed to be safe. Safety of information system, which can be achieved through technical means, it is insufficient and should be accompanied by appropriate management and procedures. Therefore, safety management information system requires a comprehensive approach to the solution. It need participation the employees of the company and also owners, suppliers, third parties, customers, and other external entities. Last but not least help of specialist is needed.
Security of information system is an important part of the design and development of information system. It is important for the protection of critical infrastructure both in the private and the public sector. It would be wrong to narrow this problem only on the issue of treatment of information technology security, since information technology is only one part of information system. It is necessary to have a complex look on the safety of information system and to ensure the information system in all its parts and all its interfaces.
Information is an asset to the company having substantial value. It must therefore be suitably protected. With the increasing interconnection of environmental companies is the need to protect this information is still timely. Because of the increasing digitization of information is exposed to an increasing number of different threats and vulnerabilities.
Information exists in various forms (forms). They can be printed or written on paper, stored electronically, sent by mail or electronically captured on film or spoken in conversation.
Information security management is focused on a wide range of threats and ensures business continuity, minimize business losses and maximize return on investment and business opportunities. Defining, promoting and improving the quality of information security may be essential to maintaining competitiveness, cash flow, profitability, legal compliance and reputation of the company.
Still, companies are increasingly and their information systems to withstand security threats from various sources, including computer fraud, espionage, sabotage, vandalism, fires and floods. Sources of damage, such as computer viruses, hackers and denial of service type attacks are becoming more common, growing in sophistication and danger. Despite all of these external threats are the greatest danger is the human factor, i.e. the employees of the company.
Many information systems were not designed to be safe. Safety information system, which can be achieved through technical means, it is inadequate and should be accompanied by appropriate management and procedures. Safety management information system therefore requires a comprehensive approach to the solution, the company co-workers, co-owners, suppliers, third parties, customers and other external entities. Last but not least is the need specialist help.
Information system security is an important part of its design and development, it is important for the protection of critical infrastructure in both private and public sectors. It would be wrong to narrow this problem only on the issue of treatment of information technology security, since information technology is only one part of information systems. It is necessary to look at the safety complex and strive to ensure the organization's information system in all its parts and all its interfaces.