Information Systems Security

1931 Words4 Pages
bulb-icon

Recommended: What is networking? chapter 4

Hardware, software and the data that resides in and among computer systems must be protected against security threats that exploit vulnerabilities. Organizations must therefore impose appropriate controls to monitor for, deter and prevent security breaches. Three areas have been considered, in a typical sense, as the basic critical security requirements for data protection: confidentiality is used to assure privacy; principles of integrity assure systems are changed in accordance with authorized practices; and, availability is applied to maintain proper system functions to sustain service delivery (Dhillon, 2007, p. 19).

These security requirements are represented in Figure 1, Classic Critical Security Requirements. This figure depicts the cross-domain solutions of informal controls, also known as human relationships, and formal and technical controls, which provide for organizational and physical information security controls, respectively. Two additional security requirements have recently been added that are of particular importance to networked environments because attacks now extend far beyond traditional firewall perimeters. These are authentication, which is used to assure a message actually comes from the source it claims to have originated; and, nonrepudiation, which can be applied to prevent an entity from denying performance of a particular action related to handling data, thereby assuring validity of content and origin. Figure 2, Core Data Security Set, depicts the interrelationship of the five core requirements of information security.

The remainder of this paper will focus on nonrepudiation, which may also be explained as a security protocol that allows an individual or organization to prove, for instance, t...

... middle of paper ...

...thenticated. The back end receives the transaction request, validates the signature information, and once successfully validated, the transaction may continue.

In closing, it must be understood there are certain variables that must be considered when applying a Challenge Response OTP Token and Digital Signature as nonrepudiation methods. These include costs, technical support, speed, latency time and others. A comparison of these important variables is provided in Figure 9.

Works Cited

Dhillon, G. (2007). Principles of Information Security Systems. John Wiley & Sons, Inc.

DHS. (2008). US CERT. Retrieved September 14, 2011, from United States Certification: http://www.us-cert.gov/control_systems/pdf/SCADA_Procurement_DHS_Final_to_Issue_08-19-08.pdf

Professional Development Center. (2010). Retrieved September 7 from http://pdc-riphah.edu.pk/site/?page_id=69

Show More
Related

  • The Types And Disadvantages Of Asymmetric Encryption

    1007 Words  | 3 Pages

    In July 2015, many of the world’s high ranking cryptographers published that the loss and destruction induced by adopting a key escrow system 20 years ago would be even more serious, that would be very hard to identify security weaknesses that could be misused by

    Read More

  • Network Security

    1526 Words  | 4 Pages

    ABSTRACT : This paper describes the basic threats to the network security and the basic issues of interest in designing a secure network. it describes the important aspects of network security. A secure network is one which is free of unauthorized entries and hackers. INTRODUCTION

    Read More

  • Hb 70 Case Study

    646 Words  | 2 Pages

    The person takes reasonably prompt action to terminate the exchange of a token that does not conform to the requirements of this subsection

    Read More

  • Security Model Essay

    747 Words  | 2 Pages

    Information security is made up of three main attributes: Availability is the prevention of loss of access to resources and data. Integrity is the prevention of unauthorized modification of data, and Confidentiality is the prevention

    Read More

  • Ethical Issues: Improving Health Information Technology

    1275 Words  | 3 Pages

    This includes measures to limit access to electronic information, to encrypt and decrypt electronic information, and to guard against unauthorized access to that information while it is being transmitted to others. Procedures and policies are required to address the following elements of technical safeguards: • Access control - Allowing only access to persons or software programs that have appropriate access rights to data or PHI by using, for example, unique user identification protocols, emergency access procedures, automatic logoff, and encryption and decryption mechanisms. • Audit controls - Recording and examining activity in health IT systems that contain or use PHI. • Integrity - Protecting PHI from improper alteration or destruction, including implementation of mechanisms to authenticate PHI. • Person or entity authentication - Verifying that a person or entity seeking access to PHI is who or what they claim to be (proof of

    Read More

  • Use of e-contracts and e-signatures in Business Contracts

    906 Words  | 2 Pages

    Electronic contracts exist in various ways. For example, agreements can take the form of “click-wraps”, ”browse wraps” or “shrink wraps”. Click-wrap and shrink-wrap agreements enable parties to enter into a binding ...

    Read More

  • Computer Security Act Of 1987 Essay

    931 Words  | 2 Pages

    Recognizing the increasing use of computers by federal agencies, and the vulnerability of computer-stored information including personal information being used with unauthorized access, the Computer Security Act was enacted in 1987. Seeing to the immediate issue prior to the sensitive security, The Act provided for improving the security and privacy of information in federal computer systems”. Several agencies were held responsible for many overlapping computer security which inspire a legislative response through The Act (It Law). It was an immediate concern to decide how best to control information in computerized or networked form, and whether further response should be necessary.

    Read More

  • Data Security Essay

    1058 Words  | 3 Pages

    Data Security is critical in the computerized world we live in today. Cyber Security is a big part of data security in the United States and all parts of the world that rely on networked computers in a business and personal environment. The business and personal environment is more difficult to separate with all computers touching the Internet. Businesses have more responsibility to keep their data safe than someone working personally on the Internet.

    Read More

  • Cryptography is Essential for Information Systems

    860 Words  | 2 Pages

    Cryptography is the essential part of the information systems, helping to provide accountability, accuracy, confidentiality, and fairness. Cryptography is designed to prevent fraudulent activity with the electronic commerce, insuring the validity of all financial transactions. Also, proving that is can help to protect the identity/anonymity while keeping the vandals from making changes to the Web page and prevent all industrial competitors from getting into the confidential documents the company has. “As the Net and the Web move into more central positions in the life of the world, the functions that cryptography provides (including secrecy, integrity, and digital signatures) become more important, and cryptographic functions can be found in more places, doing more things.” (Morar, Chess, & Watson)

    Read More

  • Confidentiality In Computer Security

    784 Words  | 2 Pages

    Computer security and data affirmation lays on confidentiality, integrity, and availability. The interpretations of these three angles fluctuate, as do the settings in which they emerge. The understanding of an angle in a given situation is managed by the requirements of the people, traditions, and laws of the specific company.

    Read More

  • Intelligent Multimedia Security Services

    2629 Words  | 6 Pages

    ISO/IEC 9798, Information Technology - Security Tech- niques - Entity Authentication. Part 1, General. Part 2, Mechanisms Using Encipherment Algorithms. Part 3, Mechanisms Using a Public-Key Algorithm, Int’l Orga- nization for Standarization, Geneva, 1997.

    Read More

  • Hardware And Software Configuration And Maintenance

    1232 Words  | 3 Pages

    Nicholls and Stewart Ltd Handbook, requires appropriate administrative, physical and technical controls be incorporated into all new applications and modified applications. Security Application Systems must have security in place that encompasses not only the software, but the routine activities that enables the computer system to function correctly. These include fixing software or hardware problems, loading and maintaining software, updates to hardware and software and maintaining a historical record of application changes.

    Read More

  • Digital Certificates

    1797 Words  | 4 Pages

    The creation of Digital Ids has become lately a big need since a variety of electronic transaction including e-mail, electronic commerce, groupware and electronic funds transfer have made a part of everyone's life especially those that accessing the net makes the basis of their daily work where nothing can introduce them or identify them but a digital certificate that is authenticated for the server.

    Read More

  • Computer systems security

    1831 Words  | 4 Pages

    For the purpose of sending secret messages there was introduced encryption. As encryption get developed few technique were standardized. They are;

    Read More

  • Information Technology Threats

    609 Words  | 2 Pages

    As the usage of technology and the Internet increases, businesses depend on the security of the IT infrastructures and the data within them. However, a threat to a business’s infrastructure can challenge the systems security. There are four different types of security threats such as, unauthorized data disclosure, incorrect data modification, Denial of service and Loss of infrastructure.

    Read More

More about Information Systems Security

Open Document