Over the years, significant advancements have been made in technology. Big organizations and companies now invest heavily on safe storage and protection of sensitive digital information. At any given time, digital information is continuously being exchanged the world over. Similar to any property, information can also be stolen. There is, therefore, the need to establish robust security systems to safeguard data from unlawful acquisition or manipulation by third parties. It is not uncommon to find companies that have comprehensive information technology (IT) and security departments to handle and manage their network systems. It, therefore, goes without saying that a good understanding of the various branches of security is crucial to ensure information safety.
The primary goal of information systems security is to protect sensitive digital information from manipulation or theft. Organizations and companies are particularly vulnerable because they have a lot of information about their employees, for example, names, telephone numbers, addresses, and social security numbers. The personnel responsible for information systems security under any organization conduct various tasks such as improvement of existing security systems and investigation of security breaches.
Information systems security entails a wide variety of tasks. These range from simple activities like hardware maintenance to complex ones such as troubleshooting and fixing security system problems. Three key fundamental principles govern the broad field of information systems security. These are confidentiality, integrity, and availability (Juels, 2013). Confidentiality ensures that access to information is restricted to only those who are permitted to see it. Integrity, on the other hand, ensures that there is no form of alteration or manipulation of information before access by other people. The last principle, availability, makes provision for easy access and modification of data by authorized people within an appropriate timeframe.
There is a wide variety of tools that organizations and companies can choose from to ensure availability, confidentiality, and integrity of information. Firstly, authentication is used to ensure that only legitimate persons access that information. The most common form of authentication is the use of user IDs and passwords. There are however other superior forms of authentication that can be used to verify the identity of persons. The use of key cards is common but this present challenges with regards to loss/misplacement of the identity token. Therefore, a combination of two forms of authentication, for example, the use of RSA devices, offers more security (Hoekstra, 2013).
Access control is crucial in ensuring that users can only retrieve appropriate information resources. Two main forms of access control can be used in an organization. These are access control lists (ACL) and role-based access control (RBAC) (Buehler, 2015). In general terms, access control is used to determine who is authorized to read, add, modify or delete specific information.
Encryption offers additional security of information beyond access control and authentication. Any type of information is vulnerable to access by third parties. It is therefore essential to ensure safe transmission of data to recipients through encryption which entails encoding and decoding of data. An encryption key assures that only the sender and the receiver have access to the transmitted information.
Backups are also vital tools for information security. They protect against information loss in the event of unprecedented events such as fire outbreaks. Good data backup plans entail storage of backed up data in offsite locations. Moreover, backups should be conducted regularly, ideally, on a daily basis. Newer trends have seen the inception of universal power supply (UPS) systems that provide battery backup to vital system components to allow them to remain online longer.
Firewalls are also commonly used by many organizations to increase security on their networks. They limit the flow of data packets into and out of an organization’s system. In summary, the value of information security has increased over time as technology and networking resources become integral in the field of business. It is currently hard to imagine a world without technological resources at our disposal.
- Buehler, D., Hurek, T., & Jones, D. N. (2015). U.S. Patent No. 9,032,076. Washington, DC: U.S. Patent and Trademark Office.
- Juels, A., & Oprea, A. (2013). New approaches to security and availability for cloud data. Communications of the ACM, 56(2), 64-73.
- Hoekstra, M., Lal, R., Pappachan, P., Phegade, V., & Del Cuvillo, J. (2013). Using innovative instructions to create trustworthy software solutions. HASP@ ISCA, 11.