Virtual University Solved Assignments Online Quiz Past Papers GDB VUsolutions VU solutions

1. mSCOPE

Information security

means protecting information and information systems from

unauthorized access, use, disclosure, disruption, modification or destruction.

The terms information security, computer security and information assurance are

frequently incorrectly used interchangeably. These fields ar e interrelated often and share

the common goals of protecting the confidentiality, integrity and availability of

information; however, there are some subtle differences between them.

These differences lie primarily in the approach to the subject, the methodologies used,

and the areas of concentration. Information security is concerned with the confidentiality,

integrity and availability of data regardless of the form the data may take: electronic,

print, or other forms.

Governments, military, corporate, financial institutions, hospitals, and private businesses

amass a great deal of confidential information about their employees, customers,

products, research, and financial status. Most of this information is now collected,

processed and stored on electronic computers and transmitted across networks to other

computers.

Should confidential information about a businesses customers or finances or new product

line fall into the hands of a competitor, such a breach of security could lead to lost

business, law suits or even bankruptcy of the business. Protecting confidential

information is a business requirement, and in many cases also an ethical and legal

requirement.

For the individual, information security has a significant effect on privacy, which is

viewed very differently in different cultures.

The field of information security has grown and evolved significantly in recent years. As

a career choice there are many ways of gaining entry into the field. It offers many areas

for specialization including, securing network(s) and allied infrastructure, securing

applications and databases, security testing, information systems auditing, business

continuity planning and digital forensics science, to name a few.

2. Objective

An Information Security Policy usually has the following objectives:

To protect the organization's business information and any client or customer

I.

information within its custody or safekeeping by safeguarding its confidentiality,

integrity and availability.

To establish safeguards to protect the organization's information resources from

II.

theft, abuse, misuse and any form of damage.

To establish responsibility and accountability for Information Security in the

III.

organization.

To encourage management and staff to maintain an appropriate level of awareness,

IV.

knowledge and skill to allow them to minimize the occurrence and severity of

Information Security incidents.

3. Responsibilities

•

Monitor to a reasonable level the use of the computer so as to detect breaches of

the system's security. In the event of a serious breach being detected, especially if

network security may have been compromised, CSD should be alerted so

institutional corrective measures can be taken.

•

All user ids on departmental computers must be provided to the CSD to enable

such users to be traced.

•

Ensure that each registered user is only allowed access to positively authorized

facilities; the default on all computers should be to bar access.

•

•

Ensure that all software and/or data that are accessed via the computer are

•

properly licensed for such access.

4. Implementation.

To aid departments who have a real need to run their own computers in this way the CSD

will:

Provide a designated contact to liaise with departmental system administrators.

•

Operate a closed security mailing list that is regularly updated with the latest

•

national and international information on hacking attempts, tools, etc. All

departmental system-administrators who are properly appointed and are recorded

as such with the CSD will be included in this list.