Is the protection of computer assets from unauthorized access, use, alteration, or destruction.

Information SecuritySafe & SecurityData Structure

Information security is a group of practices designed to perform data capture from unauthorized access and variation for the period of storing or broadcasting from one position to another.

Information security is designed and required to secure the print, digital, and other private, susceptible, and personal information from unauthorized persons. It is generally used to secure information from being obsolete, recognition, destruction, modification, and disruption.

Information security is the prevention and security of computer assets from unauthorized access, use, alteration, deterioration, destruction, and various threats.

There are two main sub-types such as physical and logical. Physical information security includes tangible security devices. Logical information security includes nonphysical security.

Information security operates with higher than one layer of security at the edge and in between the web. There are some security layers that perform some approaches and follow specified policies.

There are some challenges in providing information security which are as follows −

• Security containing communications and networks is not easy as it can first occur to the beginner. The requirements appear to be straightforward. There are some major requirements for security services that can be given obvious one-word labels such as confidentiality, verification, non-repudiation, integrity.

• In information security, the structure that can meet those requirements can be difficult, and understanding them it can involve instead of subtle reasoning.

• In developing a specific security structure or algorithm, one should always treated potential attacks on those security characteristics. In some cases, successful attacks are designed by viewing at the problem in an effectively different way, therefore exploiting an unanticipated weakness in the structure.

• The process that can support particular services are generally counterintuitive. It is not accessible from the statement of a specific condition that such elaborate measures are required. It is only when the several countermeasures are treated that the measures used to create sense.

• It can be having designed several security structures, and it is essential to decide where to use them. This is true both in terms of physical placement (e.g., at what points in a network are specific security structures required) and in a logical sense including at what layer or layers of an architecture including TCP/IP (Transmission Control Protocol/Internet Protocol) should structure be located.

• Security structure generally include more than a specific algorithm or protocol. They generally also need that participants have some secret data (including an encryption key), which increase questions about the generation, distribution, and protection of that secret data.

• There is also a confidence in connection protocols whose behavior can confuse the function of developing the security structure.

• In information security, if the proper service of the security structure requires setting time period on the transit time of a message from sender to receiver, therefore some protocol or network that offer variable, unpredictable delays can render such time limits useless.

Updated on 10-Mar-2022 09:24:11

Information SecuritySafe & SecurityData Structure

Information security is the avoidance and protection of computer assets from unauthorized access, use, modification, degradation, destruction, and multiple threats. There are two main sub-types including physical and logical. Physical information security contains tangible protection devices. Logical information security contains non-physical protection.

Information security defines protecting information and information systems from unauthorized access, use, acknowledgment, disruption, alteration or destruction. Governments, military, financial institutions, hospitals, and private businesses amass a big deal of confidential data about their employees, users, products, research and monetary status.

Computer systems are vulnerable to several threats that can inflict multiple types of damage resulting in essential losses. This damage can area from errors damage database probity to fires spoiling whole computer centers. Losses can stem from the elements of probably trusted employees cheating a system, from external hackers, or from careless data entry assistant.

Information assets are essential to any business and vital to the survival of some organization in globalize digital economy. Information leak is unacceptable. Confidential data about a businesses users or finances or new product line fall into the hands of a competitor, including breach of security can lead to lost business, law suits or even failure of the business.

An information leak denotes that security measures were not implemented. Improper information security hurts both users and merchant. A security breach is not best for anyone.

Information security is the only thing that maintains computerized commerce running. Security breach can break the confidence of the user. It can take long time to reconstruct that trust. Information security is needed for the goodwill of the business. Hence companies are thinking about compute information security on the basis of a possible breach.

Information security is needed because some organizations can be damaged by hostile application or intruders. There can be multiple forms of damage which are interrelated. These includes −

• It can be damage or destruction of computer systems.

• It can be damage or destruction of internal data.

• It can be used to loss of sensitive information to hostile parties.

• It is the use of sensitive information to steal items of monetary value.

• It is the use of sensitive information against the organization’s customers which may result in legal action by customers against the organization and loss of customers.

• It is used to damage to the reputation of an organization.

• It can be used to monetary damage due to loss of sensitive information, destruction of data, hostile use of sensitive data, or damage to the organization’s reputation.

Updated on 03-Mar-2022 09:53:46

Computer security-The protection of assets from unauthorized access, use, alteration, or destruction „Physical security- Includes tangible protection devices „Logical security- Protection of assets using nonphysical means „Threat- Any act or object that poses a danger to computer assetsE-commerce Security is a part of the Information Security framework and is specifically applied to the components that affect e-commerce that include Computer Security, Data security and other wider realms of the Information Security framework. E-commerce security has its own particular nuances and is one of the highest visible security components that affect the end user through their daily payment interaction with business. E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. Dimensions of e commerce security-Integrity, Non-repudiation, Authenticity, Confidentiality, Privacy, Availability. E-Commerce offers the banking industry great opportunity, but also creates a set of new risks and vulnerability such as security threats. Information security, therefore, is an essential management and technical requirement for any efficient and effective Payment transaction activities over the internet. Still, its definition is a complex Endeavour due to the constant technological and business change and requires a coordinated match of algorithm and technical solutions.

Ecommerce Security Issues

E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. While security features do not guarantee a secure system, they are necessary to build a secure system. Security features have four categories:

• Authentication: Verifies who you say you are. It enforces that you are the only one allowed to logon to your Internet banking account.
• Authorization: Allows only you to manipulate your resources in specific ways. This prevents you from increasing the balance of your account or deleting a bill.
• Encryption: Deals with information hiding. It ensures you cannot spy on others during Internet banking transactions.
• Auditing: Keeps a record of operations. Merchants use auditing to prove that you bought specific merchandise.
• Integrity: prevention against unauthorized data modification
• Nonrepudiation: prevention against any one party from reneging on an agreement after the fact
• Availability: prevention against data delays or removal.

E-Commerce Security Tools

• Firewalls – Software and Hardware
• Public Key infrastructure
• Encryption software
• Digital certificates
• Digital Signatures
• Biometrics – retinal scan, fingerprints, voice etc
• Passwords
• Locks and bars – network operations center

Purpose of Security in E-Commerce

1. Data Confidentiality – is provided by encryption /decryption.
2. Authentication and Identification – ensuring that someone is who he or she claims to be is implemented with digital signatures.
3. Access Control – governs what resources a user may access on the system. Uses valid IDs and passwords.
4. Data Integrity – ensures info has not been tampered with. Is implemented by message digest or hashing.
5. Non-repudiation – not to deny a sale or purchase

• SECURITY THREATS
  • Three types of security threats
    • denial of service,
    • unauthorized access, and
    • theft and fraud Security (DOS):
  • Denial of Service (DOS)
• Two primary types of DOS attacks: spamming and viruses
  • Spamming
    • Sending unsolicited commercial emails to individuals
    • E-mail bombing caused by a hacker targeting one computer or network, and sending thousands of email messages to it.

Surfing involves hackers placing software agents onto a third-party system and setting it off to send requests to an intended target. DDOS (distributed denial of service attacks) involves hackers placing software agents onto a number of third-party systems and setting them off to simultaneously send requests to an intended target