Information Security Threats
threats to information security are understood as potentially possible events, processes or phenomena that can lead to loss of integrity, confidentiality or accessibility of information. The concept of loss of integrity includes unauthorized modification, complete or partial destruction of information.
Comparison of the concepts information risk and the "security risk of information". allows us to draw the following conclusions. Both of them are connected with random events in the information system, which have a negative impact on the information. However, when considering threats to the security of information, problems of information quality and total damage to the enterprise are not considered. Emphasis is placed on studying the nature of threats in order to counteract them at the legal, organizational and especially technological level.
There are many approaches to the classification of threats to information security. Thus, all threats to information security can be divided into two groups: external and internal.
External threats come from non-IP sources. Internal threats are generated within the information system itself. The existing stereotype about the greatest danger, threatening the security of the system from the outside, is refuted by statistical data. The share of internal threats accounts for 80% of all registered threats to information security.
Separation of internal and external threats is useful for choosing priorities in determining the information security policy. But it does not allow for a more detailed classification of threats, aimed at selecting a set of methods and means of protection against threats of a certain class. For example, a computer virus can be created and implemented by a user or an expert from the service department. A similar virus can get into the system from the outside. Means of protection from such a threat do not depend on the origin of the virus. In addition, some threats are generated by both external factors and internal ones.
Therefore, it is advisable to classify the whole multitude of potential threats to information security in such a way that the selected group of threats is parried by some subset of methods and means of protection. With this approach, it is often possible to identify groups of threats that are counteracted by certain departments of the enterprise. All threats to information security are divided into random and deliberate (Figure 13.1).
Fig. 13.1. Information Security Threats
Threats that are not related to the deliberate actions of intruders and are realized at random times are called random or unintentional.
Realization of threats of this class leads to the greatest losses (according to statistical data - up to 80% of the damage to the information resources of IP by any threats). As a result of such threats, it is possible to directly violate the integrity and accessibility of information, as well as create prerequisites for malicious actions in relation to information.
When characterizing threats to information in IP that are not related to deliberate actions in general, it should be noted that the mechanism for their implementation has been studied quite well, and considerable experience has been accumulated in counteracting these threats.
The threat characteristics of this class change slightly over time. Modern technology for the development of hardware and software, an effective system of IS operation, including mandatory information backup, can significantly reduce losses from the implementation of threats of this class.
The random threats are parried during the development and use of information technology. During the operation of the IS, the main burden for the implementation of the entire range of measures to counter threats to this class is borne by the IT department and users.
Natural disasters and accidents are fraught with the most devastating consequences for IP, as the latter are physically destroyed, information is lost or access to it is impossible. The most likely accidents are related to power outages.
Failures and failures of complex systems are inevitable. As a result of failures and failures, the working capacity of technical facilities is disrupted, data and programs are destroyed and distorted, the algorithm of the devices is broken. Violations of the algorithms of individual nodes and devices can also lead to a breach of confidentiality of information.
Errors in the development of IP, algorithmic and software errors lead to consequences similar to the consequences of failures and failures of technical means. In addition, such errors can be used by intruders to impact IP resources. Especially dangerous are errors in operating systems (OS) and in software tools for protecting information. Annually Microsoft officially recognizes the presence of errors in its software products, which seriously affect the level of information security in IP. In 2010, the company eliminated 106 vulnerabilities.
According to the National Institute of Standards and Technology (NIST), 65% of information security breaches occur as a result of user and maintenance personnel mistakes Incompetent, negligent or inattentive performance of functional duties by employees leads to destruction, violation of the integrity and confidentiality of information, as well as compromising protection mechanisms.
Also We Can Offer!
- Argumentative essay
- Best college essays
- Buy custom essays online
- Buy essay online
- Cheap essay
- Cheap essay writing service
- Cheap writing service
- College essay
- College essay introduction
- College essay writing service
- Compare and contrast essay
- Custom essay
- Custom essay writing service
- Custom essays writing services
- Death penalty essay
- Do my essay
- Essay about love
- Essay about yourself
- Essay help
- Essay writing help
- Essay writing service reviews
- Essays online
- Fast food essay
- George orwell essays
- Human rights essay
- Narrative essay
- Pay to write essay
- Personal essay for college
- Personal narrative essay
- Persuasive writing
- Write my essay
- Write my essay for me cheap
- Writing a scholarship essay