It is very difficult to define security, and there are many reasons why. Information systems are very complex; they have structural and dynamic aspects. Generally speaking, information systems are structured as information repositories and interfaces, connected by channels (physical and logical). Interfaces connect information systems between them, allow interaction with users, and facilitate input/output of information.
Repositories hold information temporarily or permanently. Information systems are dynamic, producing results and exchanging messages through channels. Information systems process data, but data is not information. The same information can be rendered as binary data using different formats and rates of data to information. The importance of a single bit of data depends on how much information it represents.Security is not a presence, but an absence. When there haven’t been any incidents, we could say that we have been safe.
Security depends on the context. An unprotected computer wasn’t as safe connected directly to the Internet in 1990 as it would be when connected to a company’s network in 2005, or totally isolated. We can be safe when there are no threats, even if we don’t protect ourselves. So security depends on the context.Security costs money. We must consider the cost of protection, as there is a clear limit on how much we spend protecting an information system, which depends both on how much the system is worth to us and the available budget. Finally, security depends on our expectations. The higher the expectations, the more difficult they will be to meet. A writer who stores everything he wrote in his life in a computer and someone who just bought a computer will have totally different expectations. The writer’s expectations will be more difficult to meet, as he might expect his hard drive to last forever, so a crash can mean catastrophe, while the recently bought computer’s hard drive might be replaced with little hassle.
A good security definition should assist in the processes related to protecting an information system, for example:
1. Find what threats are relevant to me.
2. Weigh the threats and measure the risk.
3. Select security measures we can afford that reduce the risk to an acceptable level at the lowest cost.
Unfortunately, current definitions are not up to this task, and worse still, they are not helpful for advancing information security knowledge. Ideally,a security definition should comply with the scientific method, as it is the best tool for the advancement of empiric knowledge. Scientific theories are considered successful if they:
· Survive every falsification experiment tried.
· Explain an ample spectrum of phenomena becoming widely usable.
· Facilitate the advance of knowledge.
· Have predictive power
For our Information Security Services visit us at : http://www.digitalwaves.in
No comments:
Post a Comment