With the rise of the internet , and the use by the majority of companies and organizations of computerized processes , threats to information systems have continued to increase and become more sophisticated , making today computer security a necessity for all types of structures .
In order to be able to secure a system , it is necessary to identify the potential threats , and therefore to know and predict the way hackers act , to categorize them, and finally to give an idea of their way of proceeding in order to better understand how it is possible to limit the risks of intrusions.
The information system is generally defined by all the data and the material and software resources of the company making it possible to store or circulate them. The information system represents an essential asset of the company, which must be protected.
Information systems security issues
The information system constitutes an essential heritage of companies. Made up of a set of hardware and software resources, it is used to process, store and transfer company data. Thus the security of information systems seeks to provide better control of the risks that really weigh on the company and respond to the following challenges :
- 1- Integrity
That is, to guarantee that the data is what we believe it to be. Checking data integrity involves determining whether the data has not been accidentally or intentionally altered during communication .
- 2- Confidentiality
Consisting of ensuring that only authorized persons have access to the resources exchanged; consists in making the information unintelligible to other people than the only actors of the transaction.
- 3- The availability
Guarantee access to resources, at the right time , to those authorized to access these resources.
- 4- Authentication
Authentication consists of ensuring the identity of a user, that is to say of guaranteeing to each of the correspondents that his partner is indeed who he believes to be. An access control can allow for example by means of a password that must be encrypted access to resources only to authorized persons .
Safety requires a comprehensive approach
We regularly compare the security of a computer system to a chain by explaining that the level of security of a system is characterized by the level of security of the weakest link . Thus, an armored door is useless in a building if the windows are open to the street . This means that security must be approached in a global context and in particular take into account the following aspects:
- Raising user awareness of security issues
- 1- Logical security
That is to say security at the level of data, in particular company data, applications or even operating systems.
- Telecommunications security: network technologies, company servers, access networks, etc.
- 2- Physical security
or security at the level of physical infrastructures: secure rooms, places open to the public, common areas of the company, staff workstations, etc.
Establishment of a security policy
The security of information systems is based on several models (DAC, RBAC, BIBA, Bell La Padulla, Muraille de chine… etc.). These models are generally confined to formalizing multi-level security strategies in order to guarantee access rights to data and resources of a given system. However, despite the diversity of these models, the implementation of an information system security policy will probably involve adapting a model to the real case.
Need to secure your IS? Contact us