Java Reference
In-Depth Information
there. Many believe that because they have a irewall in place, they do not need antivirus solutions
or do not need to perform patch management. An organization is only secure when its employees
truly practice and follow the defense-in-depth concept. Overreliance on a single device or a single
process can be extremely detrimental. Having a irewall does not mean that an antivirus solution is
not needed or that sensitive information does not have to be encrypted. Security, as we will explore
moving forward, is a continuous and constantly improving process. It is a combination of technol-
ogy, processes, and education, and a comprehensive security program that never compromises has
the right elements of all.
2.5 Summary
We have emphasized the need for security. and have explained how the growth of the Internet, the
digitization of information, the coming of age of hackers and attackers, and legal requirements have
resulted in the growing need for information security. We have explored the motivation for security
and have delved into the question of why organizations and individuals are motivated to ensure
security over their critical information assets. Reputation is the primary motivating factor for secu-
rity. A loss of reputation because of a security incident can be disastrous for an entity. Financial
losses and legal and compliance requirements are other critical motivating factors for security.
We then explored some basic security concepts and understood the CIA Triad, or the coni-
dentiality, integrity, and availability triad. hereafter, we considered the fact that there has to be
a trade-of made between the levels of conidentiality, integrity, and availability requirements for
the protection of information assets. We then explored, briely, the concept of risk and touched
on the basic elements of risk, primarily vulnerability and threat. With a basic understanding of
risk, we highlighted the concept of defense-in-depth and, stressing the fact that a layered security
approach was preferable to a single device or technological protection for an organization's infor-
mation assets.
Further, we discussed the various security incidents and attacks that have shaped the world
of information security and described the evolution of hacking and the current-day scenario with
respect to attacks.
Lastly, we elaborated on some myths that have existed around security and discussed, regarding
the myths and the realities that exist in the world today, with reference to information security.
Search WWH ::
Custom Search