1.

IMPORTANCE OF SECURITY FOR IS

Information is a strategic asset for a company irrespective of the nature of its business. This strategic asset has to be protected from unauthorized usage and alteration of this information. Information system security is therefore necessary for the protection of information. The importance of information system security could be further explained by the CIA triad as it is the most important part of information security and it is based on the CIA triad. The CIA triad stands for Confidentiality, Integrity, and Availability. Confidentiality: It refers to the privacy of the information. It includes restricting outsiders or company personnel from unauthorized access to the information present in the companys servers. To ensure the confidentiality of companys information, technologies such as Cryptography are used. Integrity: Data integrity means that the data stays accurate and consistent over the period of time. This means that the data is free from devious actions of unauthorized people and the data doesnt change in its transit from the point of origin to its point of delivery. Digital signatures are used to maintain the integrity of the information in its transit. Availability: Availability of information refers to the timely delivery of information to the authorized individuals when it is needed. Availability also means preventing the company form Denial-of-Service (DOS) attacks. Redundant architectures, high availability protocols etc are used to ensure the availability of the information.

2. SECURITY PROBLEMS...ISSUES...REQUIREMENTS...
Information Security is required to prevent the company from viruses such as file infector virus, Browser Hijacker, Boot sector virus, resident virus, Autorun, Zeus etc. Security is also needed to prevent the company from malware and phishing attacks. The information security issues we face are: Lack of awareness about the risk associated with information theft A number of online possibilities are present for hackers Unauthorized access to vital information Secret information disclosure

To ensure that the information doesnt go in the wrong hands information security is required.

3. OLD WAYS OF SECURITY....DRAWBACKS...

The old way of record keeping i.e. cabinet file system used the old ways of security. The major drawbacks of this type of security were: The files thrown due to lack of space had valuable information in them Lack of information monitoring Slow access time No records or slow sync time in case of a mishap

4. NEW TRENDS IN SECURITY ....ADVANTAGES.....PROBLEMS SOLVED....

The new trends in security are: Security of Networks Security of Data Security monitoring Consumerization or mobility of information Identity and access management Cloud security Business continuity and disaster recovery Privacy Information governance and IT security Sandboxing Smartphone apps Endpoint security Network data loss prevention (DLP), Due to mobility of corporate information, the security threats have increased and for this reason the trend towards mobile security is on the rise. The companies are focusing to protect their corporate information from unauthorized access via BYOD and as a result of this focus are the Sandboxing Smartphone apps. The growth of cloud should be with the growth in security measures or else the company would be vulnerable to attacks. Companies are also starting to rely on Software as a Service (SaaS) providers for their security needs. These new trends have solved several problems which were faced in the traditional method, problems such as: Problem in information monitoring Unintentionally throwing away vital information due to lack of physical space Information loss and problems in syncing the information

5. OPPORTUNITY COST OF THE SECURITY

The opportunity cost of security is that its like a tradeoff between costs incurred due to information loss in case of breach or costs associated with security measures. The opportunity cost is calculated when the company is monitoring its security measures. The opportunity cost is calculated to determine whether the security cost of protecting the information is higher/lower than the business value of the information itself. If the security cost is low then the company takes action for the security measures.

6. IT BUDGETS ON SECURITY
The IT budgets on security are rising despite of the market uncertainties. The security budget is anticipated to increase by 5% to 10%. The increase in the security budget is due to increase in the opportunities for hackers and the prevalent information security threats.

7. TECHNOLOGIES USED IN SECURING INFORMATION SYSTEMS

The technologies used for Information System security are: Firewalls: Firewalls block unauthorized access to corporate information Antivirus: Designed to protect computers from viruses Digital Signatures: These are used to ensure the integrity of the information in transit. Access Control List Cryptography: This is used to ensure that the information in transit stays accurate and is not changed. The integrity is ensured by encrypting it in a distorted language which could not be understood by anyone except the person with the encryption key. Hash algorithms fall under this category. Port Security Virtual Private Networks are used for secure exchange of corporate data. It uses encryptions and dedicated network connections.

8. CASE STUDIES OR INDUSTRY EXAMPLES....

Trinity College Dublin has implemented an information security system for the security of their administrative information and other vital information. The college has mentioned its policy and the conditions which would be considered as a confidentiality breach. Their system is mainly to

protect them from internal breach by unauthorized personnel. The college has published their security policies for awareness and to prevent individuals from unintentional information breach.