Striking a balance

There are two factors that have to be looked into in the context of an Information Systems. This system is highly accessed for data at the same time it has to be protected. But implementing security measures will hinder the access time. It means that the response time of the system will be considerably high in a system where security measures are implemented more. This is an issue that has to be dealt and a balance has to be established. From the security professional’s point of view this may mean that he has to implement the necessary measures to secure the information system. But from the end user’s perspective this may mean that his system is responding slowly and he may get irritated. This problem is more a management problem than a technical problem. To solve this trade-off has to be established between the security measures implemented and the access time. The users have to be made aware of their computing environment and its associated threats. With sufficient knowledge of the threats they may accept to adjust with the response time expected out of the information system. Also the security professionals have to understand the nature and the purpose of the system to which they add security.

Components of an Information System

Having described what adds value to the information we shall proceed to the components of Information System. What are those components that actually build these systems? We can categorize them into six different types.

First and foremost component is the software. Any information system contains necessary software that performs various functions. A security measure can be implemented either as a software or hardware. So the second component here is the hardware. To be simple these are the components like firewall, filtering firewalls etc.

The next crucial component is the actual data. From the name itself the importance of the component can be identified. We have to protect the data in all forms or states like storage, transmission and manipulation. For this reason organizations employ security measure in handling all forms of information. They take care of its storage and secure its transmission media.

People are also an essential component of the Information System. They are the one who operate by the security policy and carry out the necessary procedures. All type of security training and education are administered to make the employees well aware of the security system that has to be maintained. The other components of the system are the procedures and the networks. The network security is itself a broad field and its beyond our scope here.

Characteristics of Information

Here we intend to expand the CIA triangle. Let us go through each of them. First let us take availability. It means that data should be available to its intended user whenever necessary with his proper access credentials. This facility can be threatened by an intruder resulting in a denial of service attack. Then comes the accuracy factor. The data that we handle has to be accurate as it was during the time of creation. This can be ensured by various error checking techniques like hash functions or in a simply means with the parity bits. Confidentiality is the maintenance of the secrecy of the information handled. If an information looses is confidentiality then it becomes valueless suppressing the competitive advantage of the organization. Then we have the utility factor. For what reason the information being protected. Answer to that will address the importance of the utility factor. Possession may also induce value to the information. For example the details of certain customer records shall prove to be a valuable source of marketing and advertising and the organization will intend to protect it from its competitors. Authenticity is to make sure that the information that we handle is authentic. It means the data are available in good shape and accuracy but most importantly from an authentic and the intended user.