A secure information system is a system that has the following properties:
• Confidentiality, i.e. protects data from unauthorized access, giving access to sensitive data only to authorized users who are allowed this access;
• Availability, meaning that authorized users will always have access to the data;
• Integrity, which guarantees the safety of data, which is ensured by the prohibition for unauthorized users to modify, modify, destroy or create data in any way.
Any action aimed at violating the confidentiality, integrity and (or) availability of information, as well as the illegal use of other resources, is called threat. The sources of information threats are people, various environmental factors (for example, fire), hardware and software. The realized threat is called attack. A successful attack causes damage. The probability assessment of damage is risk. The more vulnerable the security system and the higher the probability of attack, the higher the risk value
There are two types of threats generated by different sources:
• Inadvertent, or unintentional, threats, which include erroneous actions of loyal employees, due to low qualifications or irresponsibility; natural disasters; unreliability of the software and hardware of the system, leading to failures and failures in the work of staff, etc. They usually lead to a violation of the reliability and safety of information, less often - to violation of confidentiality. These security threats can be reduced (or prevented) by improving the skills of staff, reserving hardware, backing up files, etc .;
• Intentional, or intentional, threats that are clearly aimed at inflicting damage to information security, for example, illegal penetration into one of the network computers under the guise of a legal user by using someone else's password; the destruction of the system by means of virus programs; illegal actions of a legal user who tries to perform actions that go beyond his job duties; & quot; eavesdropping & quot; Intranet traffic, including illegal network monitoring, capture and analysis of network messages.
The persons who are the sources of threats are usually called attackers. In general, the attacker may be a system developer, a user, an unauthorized person, a security officer, a programmer, an engineering employee.
The objects of the impact of threats are the hardware and software of information systems. As a result of the impact of threats, their characteristics deteriorate, the basic properties of information (reliability, safety and confidentiality) are lost, the reliability of the functioning of the system decreases and the effectiveness of the tasks it performs.
How to ...
We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)