Information security is now usually identified as having a critical part to play in double-checking that little to intermediate enterprises (SME's) can take full benefit of electrical devices commerce. Quite apparently the data humanity of the future will just not work if the data we depend on - the lifeblood of a enterprise - is not secured. Note that the phrase “IT (Information Technology) security” was not cited, since the topic is not just about defending the expertise, it is about defending enterprise or individual data while it resides (Wills, 1999, p. 1).
Therefore, in an data humanity, security emphasizes the defence of data and not only the infrastructure. The method of commanding and protecting data from inadvertent or malicious alterations and deletions or unauthorized revelation is called “information security” (URN 96/702,1996, p. 3). Information security is characterised as all the facets associated to accomplishing and sustaining confidentiality, integrity, accessibility, auditability (accountability), authenticity and reliability (ISO/IEC TR 13335-1, 1996, p. 1). Information security thus aspires at supplying confidentiality, integrity, accessibility, responsibility, authenticity and reliability, which are mentioned to as data security anxieties (ISO/IEC TR 13335-1, 1996, p. 5).
In defending data, it is not only significant to address these anxieties, but furthermore to work out how much security is needed to address each of these concerns. The allowance of security required to supply the needed grade of data security, is mentioned to as the “security requirements” of an organization. In other phrases, the security anxieties, simultaneously with the grade of security needed for each, outcome in the security requirements.
The term “information security” means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide:
Integrity, which means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity; Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and Availability, which means ensuring timely and reliable access to and use of information.
Effective information security depends on taking a multi-layered approach, combining technical, organisational and legal countermeasures.
Security and Information Systems
Security and control of information systems is very important, however, often overlooked by some companies. Companies have to depend on information system to manager their core business. Once the information system have a security problem, company's information assets like confidential staff information, business secrets, and commercial development plan will be lost.
Risks of Accidents with Information Systems
Many people, particularly in managers assume that information systems will operate as they are designed to work. They assume that the system will work reliably and the information generated will be correct. When these assumptions are proven wrong, the consequences can be disastrous. Alter (1992) argued that there are five types of risks of accidents in information systems.
Operator Error
A prime cause of accidents is operator error, a combination of inattention, nonconformance to procedures, or other error by people who are part of a system. Several factors may magnify vulnerability to operator error. It is often difficult to anticipate ...