4 Aspects of Information Security: Threats and Risks and Strategies

See the source image

Quoted from Wikipedia Information is a message or collection of messages consisting of an order sequence of symbols or meanings that can be interpreted from messages or collections of messages. Information can also be referred to as the result of processed data.

Along with the rapid development of information systems, information security becomes vulnerable, there are many threats in the information system, for example if an information can be accessed by unauthorized people and will be misused by that person. You have to pay attention with Hacker, there are lots of crimes in cyberspace that can harm you, therefore, you have to study the IT world, or take it security training, to avoid hackers

Information is an asset that must be protected from irresponsible parties, so information cyber security plays an important role in protecting information. 

4 aspects of information security, namely:

  1. Authentication, a method to certify that the data is really genuine.
  2. Integrity, the authenticity of messages sent over the network and it can be ensured that the information sent is not modified by unauthorized persons.
  3. Availability, the aspect where data is available when needed
  4. Confidentiality, an effort to protect information from people who are not entitled to access / maintain data confidentiality.

Information security threats

Information Security Threats are people or organizations that have the potential to harm information resources. These threats can be internal (can include employees, business partners, contractors) or external and can be intentional or unintentional. There are several types of information security threats including:

  • Virus: a computer program that can replicate itself without the user knowing, this virus attaches itself to copies of programs and the boot sector.
  • Malware (Malicious software): consists of programs that can attack system information that can delete files, cause the system to stop.
  • Phishing : fraud carried out to steal the target’s account, usually carried out via the web (web phishing) and email (email phishing).
  • Adware: the way this adware works is by displaying annoying advertisements.
  • Spyware: a program used to spy on a target with the aim of gathering information from that target.

Network Security Risk

  • Theft and disclosure of information

An information or database is provided to people who have the right to access it, but what happens if the information is known or accessed by people who do not have access rights. It could be that the information will hang or be modified according to the wishes of the person or leak information to other people that can harm the source of the information, whether it’s an organization, company or others.

  • Modify information

As before, this risk occurs when someone who does not have access rights tries to obtain information and modify that information. So that when the information arrives at the destination, the information has changed or is not the same when the source was sent.

  • Illegal user

When an illegal user manages to enter the company’s information system, it is not impossible that they will use resources illegally, for example, gain access to telephones and make long-distance calls without access rights.

  • Unauthorized destruction

Someone can destroy hardware in a company or private property which causes the company’s computer operations to be disrupted and even not functioning.

Risk Management

Risk management is a strategy used to overcome or reduce the impact of various network security risks. The definition of risk consists of 4 steps, namely:

  • Identify company (business) assets that must be protected
  • Be aware of the risks
  • Determine the level of impact caused if the risk does occur
  • Analyze company weaknesses.

Strategies for information security in a company include:

  • Physical security: focuses on the physical security of information such as workplace security.
  • Personal security: Focusing on securing people (personal) within the company.
  • Operation Security: by focusing on the ability of a company to run without interruption
  • Communication Security: by focusing on securing communication media to achieve a company goal
  • Network Security: security on computer network devices and company data.