Information security
Information security is the key element for business and organization success.
In the age of Internet almost every user of an information system has surely dealt with the security issues. Different attacks performed by hackers from outside the network or by malicious software constitute a very severe danger for correct functioning of the system and security of important information. In this context, data confidentiallity and reliability plays a particularly important role.
Most of the users of information system are not aware of the threats originating from within the institution. For example, a dishonest employee performing a corporate espionage is able to install so called logical bombs or backdoor programs, that give him later unrestricted access to company's confidential data from outside, which can be then used for the activities of dishonest competition.
A lot of threats
are connected with blocking the operation of whole operating system (so called denial
of service), often caused by aggresive clogging of the network and its component
resources.
Speaking of
the threats connected with information confidentallity and reliability,
one can
distinguish physical interception of the communication medium, monitoring and altering
wireless transmission, interception of signal within the network with the aid of hidden
devices (eg. keyloggers), wireless bugs, cameras,
etc. Security management
is a complex process of identifying the relations within the structure of particular
organization's information system and further precise supervision over the information
flow according to specified security policies.
A well designed
security policy shuld be implemented in the following primary stages: a complete
security audit, a design and a deployment. After that, a continuous supervision
over the system is required to ensure the guaranteed reliability and security.
Major threats in the software layer include viruses and other malicious software
programs called malware, such as worms, trojans (that allow to acquire a full controll
over target system), spyware (software that collects and sends out private information
about the system's users), adware (advertisement software that decreases system
performance and stability), dialers (programs that use modems to connect to the
expensive phone numbers without the user's knowledge), or exploits (utilizes holes
in critical network software to obtain access to the target system).
