Information System Security

Hi, everybody... welcome to our blog. This blog is about Information System Security...

First post tells about Introduction of Information System Security. 

1.      What is an Information System?

An information system is any combination of information technology and people's activities that support operations, management and decision making. In a very broad sense, the term information system is frequently used to refer to the interaction between people, processes, data and technology. In this sense, the term is used to refer not only to the information and communication technology (ICT) that an organization uses, but also to the way in which people interact with this technology in support of business processes

As such, information systems inter-relate with data systems on the one hand and activity systems on the other. An information system is a form of communication system in which data represent and are processed as a form of social memory. An information system can also be considered a semi-formal language which supports human decision making and action.

Information systems are the primary focus of study for the information systems discipline and for organizational informatics.

  What is Information System Security?

Information security is the process of protecting information. It protects its availability, privacy and integrity. Access to stored information on computer databases has increased greatly. More companies store business and individual information on computer than ever before. Much of the information stored is highly confidential and not for public viewing.

Wikipedia : Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them.

What do you know about security on the field of information system (own opinion)?

For me, security of information system on the field is a For me, security of information system on the field is a security that has been made to protect the security of data, information, system and avoid threats, errors and risks that are not in want. So that the data, information and the existing system can be maintained.

Why we need to secure an Information System?

To avoid the threats and weaknesses of the system and the prevention possibility of viruses, hackers, crackers and others.

a.   Threats of the system :

threats that may arise from information processing activities are from three main things :

-          Natural Threats: Floods, Tsunami, sea water intrusion, high humidity, storms, melting snow

-          Human Threats: Hacking, cracking, viruses, logic bombs, Trojan horses, worms, active contents, Countermeasures

-          Environmental threats: pollution, effects of chemicals such as insect spray killer drug, anti-fire spray, etc.

b.      Weaknesses of the System :

Is a defect or weakness of a system that may arise at the time of design, establish procedures, implement and weaknesses of the existing control system to trigger action by the perpetrators of violations of trying to infiltrate the system. System defects can occur in procedures, equipment, and software owned, examples of which may occur such as: setting firewall to open a telnet so it can be accessed from outside, or VPN settings are not followed by the application of kerberos or NAT.

It will impact on the major things in information systems:

·      Effectiveness

·      Efficiency

·      Secrecy

·      Integrity

·      Availability

·      Compliance

·      Reliability

What is the difference between securing by offensive method with securing with defensive method?

Defensive security method is a program code that is used to anticipate the threats and risks that occur. to fight attackers and overcome the risks that come, and is used to enhance system security.

Security method is kind of offensive attack against a computer or server on the internet network by spending resources (resource) owned by the computer until the computer is not able to function properly so that indirectly prevent other users to gain access to the services of computer attacked them.

In a Denial of Service attack, the attacker will try to prevent a user access to the system or network using a number of ways,

-          Traffic flooding the network with a lot of data so that network traffic coming from users who are not registered to be able to get into the network system. This technique is called the traffic flooding.

-          Flood the network with a lot of requests to a network service provided by a host so that the requests are coming from registered users can not be served by such services. This technique is called the request flooding.

-          Disrupt the communication between a host and its clients who registered by using a lot of ways, including by changing the system configuration information, or even physical destruction of the component and the server.