INFORMATION SECURITY
Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...)
Unintentional Threats to Information Systems
Information systems are vulnerable to many potential hazards and threats, as you see in Figure . The two major categories of threats are unintentional threats and deliberate threats. In this section you will learn about unintentional threats. The next section addresses deliberate threats.
Unintentional threats are those acts with no malicious intent. Human errors are unintentional and represent a serious threat to information security.
Human Errors
Organizational employees span the breadth and depth of the organization, from mail clerks to the CEO, and across all functional areas. There are two important points to be made about employees. First, the higher the level of employee, the greater the threat the employee poses to information security. This situation exists because higher-level employees typically have greater access to corporate data and enjoy greater privileges on organizational information systems. Second, employees in two areas of the organization pose significant threats to information security: human resources and information systems. Human resources employees generally have access to sensitive personal information about all employees. Likewise, information systems emp....
Security controls are safeguards or countermeasures to avoid, counteract or minimize security risks relating to personal property, or computer software. For business-to-business facing companies whose service may affect the financial statements of the other company, the prospect may require successful audit reports of policy controls such as a SSAE 16 report before granting them authorization as a vendor.
ليست هناك تعليقات:
إرسال تعليق