Information systems security is an adaptable machine made up of various software, hardware, and wetware that has evolved dramatically from rudimentary in man’s early days to complex and ever efficient in the present. Eunuchs are a great example of a rudimentary information security system: they were used to protect queens, princesses, and concubines because they could not consummate a relationship. Similarly, early messengers were selected on their illiteracy so that they could not ready the message they were delivering, or copy it. The message might also be sealed with a wax seal so the recipient would know if it had been opened or not. One thousand years ago or yesterday, though, the goal remains the same: protect the information. However, modern day information security has evolved exponentially with the advent of computers and the internet, and continues to get stronger and more efficient each year. Since the world and societies evolve, information security must follow.
Since personal computers became mainstream, technology has produced mobile phones and mobile phone apps, as well as tablet computers. These always-connected devices create all kinds of new challenges beginning with “How to balance the flexibility that these devices offer while safeguarding the flow of information through them?”
Use your promo and get a custom paper on
"Computer and Information Systems Security".
A challenge like this and others like it are tackled by security teams and IT professionals within organizations, big and small. Typically, these teams will be led by an upper management team consisting of a Chief Information Officer (CIO) and Chief Information Security Officers, Champions, and Team Leaders. System Administrators, Security Policy Developers, and Risk Assessment Specialists are the core part of IT that handles the daily operations of information security. Since information security is an art (multiple, creative ways of solving the same problem) and a science (malfunctions are results of interactions between specific hardware and software), the approach to information security oversight should be both managerially and technically led.
The evolution of information systems and their security have spawned innumerable laws and ethics to address rising concerns with continuously improving software and hardware that handle said information and store data. Laws dealing with information systems security are typically meant to protect consumers (i.e. end users of hardware and software), businesses, organizations, and governments, to name a few entities. Ethics, on the other hand, are not laws but are defined socially acceptable behaviors and procedures. Both laws and ethics help regulate what is deemed permissible and legal in the information security world. Some examples of computer crime laws would be the Computer Fraud and Abuse Act of 1986 and The National Information Infrastructure Protection Act of 1996.
Information security legislation fosters a more dependable business environment and a more stable economy. Protecting one’s information is akin to protecting one’s privacy, which is why security protocols, laws, and ethics keep identity theft at bay and protect privacy. One of the biggest game changers of data security stemmed from the professional organization, the PCI Security Standards Council, which put into effect the Payment Card Industry Data Security Standards (PCI DSS). These standards greatly improved end consumer privacy and protection when completing financial transactions online. Another landmark legislation was the Digital Millennium Copyright Act (DMCA), which was the U.S. contribution to the international effort to reduce the impact of copyright and trademark infringement.
Other major IT professional organizations include the International Information Systems Security Certification Consortium (ISC)2, the System Administration, Networking, and Security Institute (SANS), and Information Systems Audit and Control Association (ISACA).
