Information Security (IS)

Information Security Threat Planning

In a world where having the right information at the right time can mean the difference between success and failure, safeguarding your company's data is becoming an increasingly critical part of day-to-day operations. The vital process of information security comprises three key parts:

(1)  Confidentiality – Making sure that information is only accessible by authorized parties.

(2)  Integrity – Making sure that information is unaltered and fully accurate.

(3)  Availability – Making sure that information is accessible when needed and reliable service is provided.

With a wide range of possible threats to IT ranging from viruses and spyware, to hacking and employee misuse, to physical equipment failure and damage, information security has become an ongoing process of discovering, correcting and preventing security problems. While not all IT problems are preventable, the successful implementation of security controls, backup procedures and data protection measures goes a long way towards making sure your data is there when you need it.

Information Security Planning:

• Because of the frequency and force with which IT threats can invade a system, preparing for these threats requires having a dedicated IS process in place. Disaster recovery products, services and plans help companies achieve the necessary speed and levels of data restoration when an incident strikes. For more information, visit our Industry page to connect with professional IS organizations.

Tips for Avoiding Information Security Threats:

• Install and use regularly updated anti-virus software.
• Keep your operating system and programs up-to-date with all the latest patches and software updates.
• Backup all of your data on a regular basis.
• Protect sensitive data by using strong passwords and only accessing it on trusted systems.
• Always use secured internet connections.
• Be cautious when downloading files and reading email with attachments.
• Control access to your machine by setting a login password.
• When using computers in public places, be sure to logout of all programs before leaving the machine.
• Use a desktop firewall to prevent your computer files from being scanned.
• Never give out your private information online and be wary of unsolicited forms and information requests.

Information Security Links

MIT's IT Security site includes resources about securing devices, guarding privacy, protecting data and getting help.

The IT Security site includes a wide variety of articles and resources about information security, as well as a dictionary and multiple FAQs.

The site for Information Security magazine features recent security news and in-depth information on various security topics.

F-Secure's site has a listing of recent security threat summaries listed by year and quarter.

The US government-supported OnGuard Online site provides advice on guarding against internet fraud, securing your computer and protecting personal information.

The Stay Safe Online site features information about IT security geared towards different types and levels of users.

The ISO 27001 security standard

The US-CERT site (United States Computer Emergency Readiness Team)

The National Vulnerability Database site is the U.S. government repository of standards based vulnerability management data.

Atlassian Confluence's IT Security site contains a variety of resources about managing and assessing IT risks.

eWeek article about how employees can pose security threats to an organization