1.What is the purpose of information needs to be secured? Explain and give examples of your answer!
The purpose of information management is to protect the confidentiality, integrity and availability of information. With the growth of various scams, espionage, viruses, and hackers have threatened the business information management due to the increased transparency of information and less control / control is done through modern information technology. As a consequence, increasing expectations of business managers, business partners, auditors, and other stakeholders requires effective information management to ensure the information that ensures business continuity and meminimise business damage by preventing and memimise impact of security inciden.
keep confidential information protected from a variety of possible damage due to improper storage or possible stolen by persons or parties who are not entitled to have that information. All organizations have confidential information that is deemed confidential information so that every effort should be made yntuk guarantee that such information does not fall into the hands of people or parties who are not eligible. The cost of information storage, these considerations about the efficiency factor must be considered given the company has a lot of information is intentionally collected for the benefit of the organization in the future so that the selection of appropriate technology will be in order to save storage costs, and when they are no longer required, either the data or information should dealt with the removal, in addition to saving storage space is important is to maintain the confidentiality of the data or information.
2. What does the manager if the information is accurate, and relevant insecure?
What should be done by the Manager when the information is accurate and relevant to be unsafe is the manager will immediately alert followed up with a way to make aspects of privacy or confidentiality. where the effort to keep information from people who are not authorized to access. It also acts as a way of re-evacuation information in the can so that information can be in error if there happens to inaccurate information. If the information in the can not be in use, then the manager should seek information that is completely up to date, accurate, relevant and gated.
3.How do the stages in securing information? tell In general, the security can be categorized into two types: prevention (preventive) and treatment (recovery). Prevention efforts carried out so that information systems do not have security holes, while efforts carried out if the treatment has been exploited security holes.
* Set up access (Access Control)
One method commonly used for securing information is to regulate access to information through the mechanism of "authentication" and "access control". Implementation of this mechanism, among others, by using the "password".
* Closing the service that is not used
Often the system (hardware and / or software) is given with some services running as a default. For example, on UNIX systems the following web services are often installed from the vendor: finger, telnet, ftp, smtp, pop, echo, and so on. The service is not all it takes. To secure the system, unneeded services on the server (computer) should be turned off.
* Installing Protection
To further enhance the security of information systems, protection can be added. This protection can be a filter (in general) and the more specific is the firewall. Filters can be used to filter e-mail, information, access, or even in the packet level.
* Firewall
A firewall is a device that is placed between the Internet to internal networks. Outgoing or incoming information must pass through this firewall. The main purpose of a firewall is to keep (Prevent) to access (inside or out) of person who is not authorized (unauthorized access) can not be done.
* Monitoring of the attacks
Monitoring systems (monitoring system) is used to determine the presence of uninvited guests (an intruder) or of an attack (attack). Another name of this system is "an intruder detection system" (IDS). The system can notify the administrator via e-mail or through other mechanisms such as via pager.
* Monitoring the integrity of the system
Monitoring the integrity of the system is run periodically to test the system integratitas. One example of a program commonly used on UNIX systems is the Tripwire program. Tripwire package program can be used to monitor the changes to the file.
* Audit: Observing Log Files
All (most) use activities can be recorded in the file system is usually called the "logfile" or "log" only. This log file is very useful for observing deviations that occur. Failure to enter the system (login), for example, is stored in log files. For that the administrators are required to diligently maintain and analyze the log file that has
* Backups are routinely
Sometimes an uninvited guest (intruder) into the system and damage the system by deleting files that can be encountered. If an intruder is breaking into the system and log in as super user (administrator), then there is a chance that he can delete the entire file.
* Use of Encryption to enhance security
Tidak ada komentar:
Posting Komentar