Wednesday, November 7, 2007

Security awareness

Nowadays, in the information’s and the digitalization’s age indispensable the having security awareness. Everybody has very big responsibility of information security.

The security awareness themselves is the knowledge and attitude of the members of a company regarding secrets and data of the organization. Making this awareness more effectual the companies training their employees about this topic.

If you are a security aware person you can understand that there is the potential for some people to deliberately or accidentally steal, damage, or misuse the data that is stored within our computer systems and through out our organization.
You can read more: www.infosecuritylab.com

Principle of information security

For over twenty years information security has held that three key concepts form the core principles of information security: confidentiality, integrity and availability. These are known as the CIA Triad. These are the part of the principles of information security.

The other part of the principle is the risk management. Here is a definition about it by the CISA Review Manual 2006: "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.”The risk management themselves is an ongoing recurring process. Risk means that something bad will happen which can cause harm.During the risk management the first step is the estimating their value. Conduct a threat assessment, then conduct a vulnerability assessment, and for each vulnerability, calculate the probability that it will be exploited. The next step is the calculating the impact with using qualitative and quantitative analysis. Identify, select and implement appropriate controls. Finally, evaluate the effectiveness of the control measures.

The control is one of the principles and it has three types The first is the administrative controls which consist of approved written policies, procedures, standards and guidelines.The second control is the logical control. They use software and data to monitor and control access to information and computing systems. The third one is the physical which monitor and control the environment of the work place and computing facilities.

Security classification of information. Not all information is equal and so not all information requires the same degree of protection. We have to assess the importance of information. Common information security classification labels used by the business sector are: public, sensitive, private, confidential, and labels used by government are: unclassified, sensitive but unclassified, confidential, secret, top secret.

Access control : access to protected information must be restricted to people who are authorized to access the information.

The cryptography is used by the information security’s technology which transforms the usable information into a form that renders it unusable by anyone other than an authorized user. Cryptography provides information security with other useful applications as well including improved authentication methods, message digests, digital signatures, non-repudiation, and encrypted network communications.

On of the most important principles is the defense in depth. The information must be protected during the motion and during the rest too. Using a defense in depth strategy, should one defensive measure fail there are other defensive measures in place that continue to provide protection. The three types of controls can be used to form the bases upon which to build a defence-in depth-strategy.
You can read more: www. infosecuritylab.com

Information security

The information security is one of the most important and indispensable factors. Today almost every data is on computer CD etc…We have to be very careful with the using of these equipments for reason maybe we do not have idea how people can steal information from us.

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Governments, military, financial institutions, hospitals, and private businesses amass much confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers.
That is why it is dangerous. We must have responsibility and be aware!
You can read more: www.infosecuritylab.com

Wednesday, October 24, 2007

New type of spam: loud spam

One of the most annoying factors in our digital mailbox is the spam. Nowadays there is a new form of spam namely the loud spam. This is a new security awareness threatment

Almost every mailing program contains spam-filter. Although much of them is quite week and we get almost every spam mail, although the others are too safety therefore we can not get those e-mails which would be important.

Now, there is a new spam type which contains mp3 file and when you play it, a robot’s speaker encourages buying shares on the stock exchange. First the sound tells you the advantages of this share then it spells you the code of the stock. The better spam-filters can sift out these mails.
You can read more: www.infosecuritylab.com

Monday, October 22, 2007

The other threat is: the stroke of lightning

The summer time is one of the most dangerous terms when we can meet stroke of lightning. Summers there are storms with stroke of lightning after every 4-5 days. The sensitive electronically tools (PC, television, etc…) brakes down because of the lightning’s overcharge.

There are 2 main reasons -when it is overcharging in the power supply-:
The too high voltage is because of the lightning and the electronically network’s fault is the much higher voltage level. The lightning caused overcharge is able to go not just to the tramway and telephone systems but to informatics and telecommunication systems, too.
Lightning causes damage not just in that exact place to where it strikes but the magnetic field with the induction also occasions damage in 1 km area.

When we want to defend against the strike of lightning we have to know that the lightning-conductor is protects us from the direct destroying effect of the high current.

One of the bad effects of stroke of lightning is the blackout and the data losing because of the blackout. The security awareness of our information is not concern only hackers and viruses but the natural disaster, too.

One way of the protection is if we buy an uninterruptible power supply, which can protect our data if there is blackout. It consists an accumulator which can register if the voltage level is changing and it turns on the accumulator by the time is necessary. There is another type of this equipment when it uses the accumulator all the time and supposing blackout the conversion is not causing problem.
You can read more: http://www.infosecuritylab.com/ !

Tuesday, October 16, 2007

Is the mobile-internet safe?

The mobile internet through SIM card is as safe as the normal internet connection through cable.
We can hear many stories about the danger of the internet mainly if we use Wi-Fi. Others can brake into our PC and can steal our data. Professionals think that using the mobile internet is much safer when we use normal internet. At the same time any kind of internet we use, we have to be careful because of the information security, and have to follow the next rules:
5 rules for the safety using internet:
Never send your bank and credit card number in e-mail or in other forms (MSN, Skype, etc..) These chatting programs are the most dangerous because the information is going without any encryption and anybody can get them easily.
Never sign in to your personal platforms (e-mail, bank account, etc…) from other’s PC. Maybe the computer will remember your password and others will be able to sign in with your user name. You can never be sure that your password is not stolen.
Always refresh your firewall on your PC and on your mobile phone, too. You can encumber that other programs would come to your appliances. Namely these programs can cause data losing. Do not open unknown program whoever the sender is.
Turn off the Wi-Fi and the Bluetooth (
http://buy.infosecuritylab.com/product_info.php?cPath=25&products_id=26&osCsid=6ed3261760c4ef6f720893f55bba6929) on your laptop or mobile phone if you do not use it.
If we do not use mobile internet but we use wireless –and the connection is not branded- make sure whose it is. If you do not know, jump to the point number 2.

Thursday, October 4, 2007

Social networks and the information security

Nowadays we live in the social networking time. There are so many internet site, where if we register, we can find our friends and that people who we know. The main point of these pages: we can make contact with those people who we already knew. We can get some information about them, what they are working, where they are living, what they like doing in their free times, etc… In case of inform in these sites we just give our data (name, job, schools, telephone number, address, etc) and those people who we know can see it.

But many times you do not need to be registered for seeing other’s data, and you just give these information to other’s hand. But you never know who will misuse with these information. So many people on these sites trust in the data security. There are many people who publicize their personal data and their very near photos.

Some adepts are concerned about the data trail that people are routinely leaving behind them on social networking and other sites. Others believe that personal content will become accessible for marketing and other purposes. For instance the police use these programs for finding criminals. If you want to be safe do not give your address, phone number and those things with that others can misuse.

When we talk about information security awareness, these things are very important, too. It is not just about the computer viruses and hackers, or “look after your credit card” things. Having our personal data in safe is one of the most important security awareness.


You can read more: www.infosecuritylab.com