During this week I have learnt that information security is defined as the protection of information, it requires "a well-informed sense of assurance that the information risks and controls are in balance" (Jim Anderson 2002). Since the first mainframe was established information security was developed, although back then it was not considered such a big issue, or a high priority. As technology progressed so to did the risks associated with using it, this caused a shift of information security being a relatively low priority to one that has become a huge issue for many people the world over, attracting huge amounts of attention in the media, particulary with social networking becoming so popular and identity theft and fraud on the rise. This week I have also learnt that there are 6 layers of security for a successful organisation, which are: physical security, personal security, operations security, communications security, newtowrk security and information security. It was interesting to leanr that Computers can be the subject of an attack or the object of an attack, so essentially the computer can either be attacked or be the attacker. I didn't know this before and I found it a bit ironic that we spend so much money and time trying to proctect ourselves from security threats and even with all this effort our own computer could be used as the "attacking weapon".
I have learnt about the SDLC in previous courses I have done, it was nice to refresh my memory :). I have however never heard of the SecSDLC, you learn something new everyday :)There is a lot of work, research, and maintenance involved in keeping a security system up to date and running smoothly, there are a lot of risks out there and having a good security system is vital for an organization to succeed. So far there has been a lot of content, and getting my head around all the new terms is a challenge, but im up for it :). I really enjoyed doing the quiz, I found it really helped my learning and understanding of the content for section 1, I found that the quiz was a great way to do more research and expand my knowledge base. I may have guessed a couple of the answers... they are the ones that I didn't get right the first time... in future I think I'll just keep researching until I get the right answer :)
NEWSPAPER ARTCILE
News article link - http://www.securityfocus.com/brief/993
The article I found related to companies monitoring / analyzing e-mail content. The survey was conducted by data-loss prevention firm Proofpoint who surveyed 220 organizations and found that one third of companies surveyed employ staff to monitor / analyse e-mail content. The survey also found that 46% of the companies surveyed regularly audit their out-bound e-mails in an attempt to prevent the leaking of confidential information and the number of staff who focused on analysing / monitoring e-mails have almost doubled since 2008. A third of the companies had had leaks of sensitive information in the past year, and e-mail was the reason for the largest number of data leak investigations at 43%. 18% of the companies surveyed had investigated employees because of a blog post, youtube postings or instances on other sites and one third of companies had fired a worker for violating information sharing policies. Proofpoint argued that the reason for this increase lays with the use of social media and the current difficult economic times.
The ways that this newspaper articles relates to the principles of information security that I have been introduced to so far are: Corporations taking steps to prevent leaks of sensitive information as information security is a huge issue for many businesses. Implementing protection procedures to ensure information is kept secure. This article also shows how much of a problem that the internet can cause for businesses, emails and social network sites such as myspace and facebook have caused many companies to implement better security systems to protect information. Social networking sites, e-mail and youtube to name a few have all been major concerns for businesses, with sensitive information being leaked, whether intentional or unintentional. Having a good security system in place is essential in ensuring sensitive information stay secure and within the organisation, and montitoring emails is one way to ensure no sensitive information is leaked.
No comments:
Post a Comment