Our lives are inseparable from numbers, and people rely on information technology more than ever. Information technology is inseparable from the use of medical equipment in hospitals, security systems and smart phones. Computerized equipment plays an important role around people. Information security has become a basic requirement of human life.
Information technology is not only a basic requirement of life, but also very important to work and business. Information is one of the most important intangible assets, and managers have the responsibility to protect the confidentiality of important information, because information technology carries a lot of sensitive data and customer information. Its history can be traced back to 1980, when the use of computers was limited to computer centers, and the security of computers represented the physical computing infrastructure. Today, the openness of the Internet simplifies the process of internal information storage. The world is rapidly transforming from an industrial economy to a digital society. With the development of information technology, people’s demand for information security is increasing.
What is information security?
Information security, also known as Infosec. It is to establish technical management security protection for the data processing system, the purpose is to protect the computer hardware, software, and data from being damaged, modified and leaked by malicious factors. At the same time, it is responsible for protecting data and ensuring its confidentiality, integrity and availability. And, in the concept of information security, they are called information security principles:
1.Confidentiality: data cannot be accessed without authorization;
2.Integrity: the data will remain unchanged and remain valid;
3.Availability: Managers who have the right to access the information can obtain the information.
What are the types of information?
Information is divided into public and confidential. Anyone can access is public, while information that only individuals can access is confidential.
It is generally believed that there is no need to protect public information. Although the principle of confidentiality does not apply to public information, it is still necessary to ensure that public information is complete and accessible. Therefore, information security also applies to handling public information. For example: online store. Product details, blog posts, seller contact information, etc., all key information is publicly available and anyone can view it. But the online store still needs to be protected to ensure that no one will disrupt the work.
Personal information: information about a specific person (name, ID, phone number, physical characteristics, marital status and other data), anyone has an obligation to protect it and not to transfer it to others;
Trade secrets: internal information about the company’s work (technology, management methods, customer base). If the outside world knows this data, the company may lose profits. The company has the right to decide on its own trade secrets and publicly available information, but it does not mean that all information is classified as trade secrets, such as legal representative.
Professional secrets: medical, notarization, lawyers and other types of secrets related to professional activities.
Official secrets: including known information such as taxes or registered companies. Government agencies usually store this data, they have a responsibility to protect it, and only provide it on request.
State secrets: including military information, intelligence data, information about the economy, national science and technology, and foreign policy. This data is a high-level secret, and the system security for storing such information is very strict.
Of course, if the company stores personal data, business or professional secrets, that data must be specially protected, and it is also necessary to restrict unauthorized persons from accessing it. You can usually set the access level and password; install security software; configure encryption. The main task of information security is not only to protect confidential information, but to avoid illegal behaviors and adverse consequences caused by malicious behaviors.
Why pay attention to information security?
Before the advent of the digital age, people locked important documents in safes, hired security guards, and encrypted them on paper to protect data. However, with the rapid development of the Internet, data also faces a large number of different types of risks. For example, threats such as computer hackers, malicious code and denial of service DOS attacks have become more and more common. The implementation, maintenance and update of information security are also huge challenges facing the current group. With information security, information and technology can be protected by responding to, preventing, and detecting internal and external threats.
According to McAfee, losses related to information security and cybercrime currently exceed 200 billion U.S. dollars, and have grown to 250 billion U.S. dollars in recent years, indicating that more sophisticated hacking has increased significantly. Because digital information is getting more and more protected, most people will use antivirus software and use encryption methods to encrypt digital information. However, digital information needs not only virtual protection, but also physical protection. If outsiders steal important data, antivirus software will not help. Therefore, they are placed in a protected storage space.
What are the threats to information security?
Understanding potential threats and security vulnerabilities is very important for choosing appropriate information security management and control. In most cases, threats are the result of vulnerabilities in the protection of information systems. Let us introduce the common threats faced by information systems.
1.Free internet facilities
For example: Many people use laptops to run software in public areas. Since other people can also access information, there is a risk of performing operations.
2.Data security threats
Due to the existence of viruses in the programs installed on the user’s computer, security threats are increasing day by day, and the installed protection programs cannot operate normally.
If the user does not click, the malware cannot enter the computer. To penetrate the computer system, it is necessary to use means to trick the victim into running on the PC. Usually, malware hides itself by attaching itself to interesting content (for example: pictures, videos, GIF animations). Malware that is used to damage the system will be classified according to the user’s startup method, working method, etc. The action strategy of malicious software is different from that of viruses. It will cause abnormal system behavior and will not be noticed by the system for a long time. Will deliberately destroy the system, copy and steal information from the computer, create a computer virus or Trojan horse environment.
Phishing is one of the common types of online fraud, the main purpose is to steal usage data and destroy it. Phishers usually target: personal information; login name and password; access code; personal account data; bank card or account details; service information; database; trade secrets and other information.
Ransomware is created by professional programmers. Such a program can infiltrate the victim’s device through an email attachment file, or a virus-infected browser. At the same time, it can also penetrate the user’s device from the local network.
Client-side attacks: This type of attack has been practiced in the Web environment, and the same is true for the cloud. Because the client usually uses a browser to connect to the cloud. Including cross-site scripting (XSS), hijacking Web sessions, stealing passwords, “man in the middle” and other attacks.
Virtualization threat: Because cloud component platforms are traditionally virtualized environments, attacks on virtualized systems also threaten the entire cloud. This threat is unique to cloud computing.
Hypervisor attack: The key element of a virtual system is the hypervisor, which can share physical computer resources between virtual machines. If you interfere with the operation of the hypervisor, a virtual machine may be able to access memory and resources, intercept network traffic, occupy physical resources, or even completely remove the virtual machine from the server.
In summary, whether it is an organization or an individual, information security is indeed very important, and every security measure requires continuous improvement and optimization. At present, the only solution is prevention. Using a built-in protection program for all types of viruses and real-time detection of security is an effective solution to prevent data leakage and reduce risks.