“Systems securities mean preventing the information systems from unauthorized access, use, display, alteration, interruption, or destruction of private content”.
Electronic information sharing is much faster, accurate, reliable and relatively cheaper. All this comes with bundle of problems. One of the heaviest concerns since the initial days of information technology systems is of security. Today, more organizations are sharing data by electronic means, even individual use electronic means to perform their activities, and security concern is for everyone. However, as organizations deal in the competitive environment, the need of security increases. (National Research Council, 1991)
This document provides the basics of systems securities, its need, familiarizes with common practices in it, and provides an overview of managing such systems.
Elements of Security
Vulnerability
It is a weakness in the form of software or hardware that can be exploited by someone. For example, lack of physical security to system's server or unrestricted access of users.
Threat
A possibility that an intruder will identify point of vulnerability and will cause a security issue.
Risk
Risk is chance of loss. The level of chance or likelihood that an intruder will cause a threat to security measures.
Exposure
It is the instance when the system is exposed to potential threats for security breach.
Safeguard Measures
Any step taken to prevent or reduce the vulnerability, dismiss immediate threat, reduce the chances of breach or exposed to such situations is taken as safeguard measures. For Example, hiring security guards or increasing the strength of password (Cornell University, 2012).
Objectives of Security System
The premier role of security systems is to identify, analyze, and estimate the threats and measure the risk associated with each according to predefined standards, rules, procedures, policies guidelines and framework. The administrator running the system can make intelligent decisions and enhance performance of an organization. Security management must define the objectives, rules, standards, guidelines and lay down crisp strategies to develop and run a security management program. Management should also define the goals of the system. Last but not the least, it is the responsibility of management to make sure that all activities are properly aligned, executed and accounted for in a cost effective manner. The objectives of companies differ as per their goals and requirements. However, there are three principles of security which include confidentiality, integrity, and availability (timely access to secured content) which usually prevail.
Approaches to Develop Security Systems
There are many ways to develop effective security programs and systems. Effectiveness of each is dependent on factors like, size of the organization (small/medium/large), and ownership (public/private), and level of importance of that content to be secured.
There are two basic approaches of designing security systems:
Top-Down Approach
As its name indicates that this approach is initiated, and directed by the top management and is channeled via middle level management making its way to staff ...