SecurityIntelligence is another division of MalwareIntelligence that focuses on aspects related to Information Security. The proposed content related to security issues and aspects relating to the management and administration of an information environment.

June 10, 2010

Computer Security or Information Security? What are we talking about?

Usually receive consultations in which, conceptually speaking, there is a notable confusion about the difference between computer security and information security. Therefore, we will try to clarify the issue in question.

While both issues are complementary and interact constantly in computer systems, the truth is that they have different aims. For one thing, computer security is responsible for protecting computer systems, the latter being understood as a combination of information, computers information and support people who use it. Basically, everything is in a computer environment.

While, Information Security is a much broader process involving not only the protection of information stored in computer systems but also ensures the information without discrimination where it's. In other words, information security goes far beyond its purpose is to safeguard the information, regardless of the means by which circulates or the place where it's stored.

Information is a "significant" assets that can be stored in different ways, in different ways and through different channels, not only can be stored digitally it can also be printed, written on paper in hand.

Not limited to these forms but can also be found in films, recordings, using the spoken language (conversational) and even the memory of people. Besides being able to be transmitted through various means, be they conventional communication channels (analog) or late-generation (digital).

Regardless of the character to take the information, it collects or spreading, should be adequately protected to ensure at all times the confidentiality, integrity and availability of data.

Therefore, the main goal in information security is just a way appropriate to protect the information, preserving a number of basic parameters for the assets (anything that can be measured through a cost) can be considered safe and secure, minimizing potential damage from any eventuality that may impede the normal operation of the organization.

Ver más

June 06, 2010

Some words about Information Security

Organizations are increasingly dependent on their computer networks and a problem affecting them, no matter how small, can compromise the continuity of operations, a situation which inevitably results in economic loss.

An increasing number and complexity of new computer attacks, becoming more specialized skills whose goals are an economic nature for the benefit of the attackers also in the midst of this variety, have been increasing disrespectful actions of privacy.

In addressing the issue on Information Security, a common tendency to scan only the aspects of computer media (backups, maintenance of computers, servers, networks, etc.), All aimed at ensuring that information is available, ignoring other aspects that must be addressed because they keep the same level of criticality, such as confidentiality and integrity of data and services.

It's important to note that the human factor covers over 90% of security and that the remainder consists of the technological aspect. Therefore, overconfidence and lack of awareness are the main problems.

Keep the information protected is equivalent to keeping it safe to threats to its functionality, either corrupt, improperly accessed, removing, and even stealing information.

Therefore, information security is to protect the information of an organization preserving and protecting three basic parameters: confidentiality, integrity and availability.

In the first of which seeks to ensure that only authorized persons have access to information. If the information is confidential should not be disclosed because the loss of confidentiality equivalent to the loss of secrecy. Furthermore, the more valuable the more information should be its degree of confidentiality and the greater the degree of confidentiality, the higher the level of security that must be implemented.

For its part, the integrity of the information ensures that data will not be altered, removed or destroyed by unauthorized entities, preserving completely with the methods used for processing. If the information is altered then it loses integrity.

Instead availability ensures that authorized persons have access to information, and its associated resources whenever they need it. The availability involves not only information but also all the physical and technological structure that allows access, transit and storage to ensure it arrives in a timely manner.

These three key areas form the main column of information security, and constitutes the essential mechanisms to ensure confidence in the business processes so they have the desirable situation for any organization.

"The information security is achieved by implementing a set of controls that include policies, practices, procedures, organizational structures ... depending on what you are trying to protect." 

However, every implementation must provide a balance between use and transparent maximum safety, all at a reasonable cost.

Ver más