Thursday, June 30, 2022

Principle of Information Security: Module 2 The Need for Information Security (Part 1)

By Nhat Nguyen at 11:04 AM    No comments


The need for information security


By the end of this module, you will be able to discuss;

  • The needs for information security.

  • Explain why a successful information security program is the shared responsibility of the entire organization.

  • List and describe the threats posed to information security and common attacks associated with those threats.

  • List the common information security issues that result from poor software development efforts.


Unlike any other business or information technology program, the primary mission of an information security program is to ensure that information assets—information and the systems that house them—are protected and thus remain safe and useful. Organizations expend a lot of money and thousands of hours to maintain their information assets. If threats to these assets didn’t exist, those resources could be used exclusively to improve the systems that contain, use, and transmit the information. However, the threat of attacks on information assets is a constant concern, and the need for information security grows along with the sophistication of the attacks. While some organizations lump both information and systems under their definition of an information asset, others prefer to separate the true information-based assets (data, databases, data sets, and the applications that use data) from their media—the technologies that access, house, and carry the information. For our purposes, we will include both data and systems assets in our use of the term. Similarly, we’ll use the term information to describe both data and information, as for most organizations the terms can be used interchangeably.

Organizations must understand the environment in which information assets reside so their information security programs can address actual and potential problems. This module describes the environment and identifies the threats to it, the organization, and its information.



Information security performs four important functions for an organization


  • Protecting the organization’s ability to function.

  • Protecting the data and information the organization collects and uses, whether physical or electronic.

  • Enabling the safe operation of applications running on the organization’s I T systems.

  • Safeguarding the organization’s technology assets.

0 comments:

Post a Comment