Operational security requires a continuous process of awareness, preparedness and readiness. It is a highly demanding, cross-domain activity that requires effective communication and coordination between people that often have different knowledge and perspective for information security within the organization. It is neither a fixed cost nor a fixed duration project; rather an on-going business program with strategy, plans, objectives and stakeholders.
It appears that the external threats to an organization are increasing steadily, and may, in fact, be increasing more rapidly than is commonly reported. To combat cybercrime, a set of management procedures and an organizational framework for identifying, assessing and mitigating risks, is necessary. Rather than reacting to individual problems in an ad-hoc manner these fundamental activities allow an organization to deal with risks throughout the business. This set of activities constitutes risk management. The optimal model to address the risks of internet security must combine technology, process and insurance. This Risk Management approach permits companies to address successfully a range of different risk exposures. In some cases, technical controls help address these threats; in others, procedural and audit controls must be implemented. Because these threats cannot be completely removed, however, Cyber - Risk insurance coverage represents an essential tool in providing such non-technical controls and a major innovation in the conception of risk management in general.
Today, infrastructure encompasses computer technology and key business processes and is increasingly web-based. Thus, the availability and security of computer networks and web sites have become a critical component of an organization’s risk profile. Even though preventative security steps can be taken by companies, there is no silver bullet that can make businesses completely secure. Insurance companies have to develop new insurance policies to provide coverage for online risks. Cyber insurance covers a number of areas not normally spelled out in traditional policies. Failure to attend to information-security issues may result in contractual liability through material adverse effect clauses as well as representations and warranties regarding security, due diligence and compliance. The optimal model to address the risks of Internet security must combine technology, process and insurance.
Information Security in critical infrastructures is a major challenge. Critical infrastructure can be damaged, destroyed or disrupted by deliberate acts of terrorism, natural disasters, and negligence, leading to loss of confidentiality, integrity and availability of the critical infrastructure information assets. Vulnerabilities in critical infrastructure not only create risk for systems, networks, information and public trust, but also create risk to the economic and national security. Protection of the critical infrastructure information components has become especially important for the economic vitality and way of life. Attacks on critical infrastructure could disrupt the direct functioning of key business and government activities. Critical infrastructure protection requires the development of a competent protection strategy by identifying the critical assets and evaluating the possible risks.
PKI implementations have a great failure rate, statistically, due to absent or misplaced organizational structures, the role and the effectiveness of which is considered critical in the establishment of the relevant operational model, supporting policy and legal framework. The scope of this framework describes the delivery of PKI services by, and on behalf of, government and provide recommendations based on experience and best practices as these have been recorded by Obrela Security Industries and the industry in general. It is applicable to all systems responsible for the delivery of e-Government services to citizens, businesses and other organizations.
The need for protection of information, one of the most valuable assets in the modern society, has increased dramatically in the last decade. ‘However, hand by hand with any technological and economic advancement new fraud and crime committing methods appear, targeting at our valuable information assets. Cryptography is one of the key technologies for ensuring confidentiality, integrity and availability of information, however it is being also used in order to cover criminal activities and evade wiretapping by Law Enforcement Authorities. The use of cryptography as a means of protection of privacy has created the need for establishing a Legal as well as technological framework in order to perform Lawful Interception (LI). Lawful interception (LI) is the legally sanctioned official access to private communications, such as telephone calls or e-mail messages. The usage of Lawful Interception has been and still is one of the most controversial issues of modern society.
This Information Security Guide is meant for all users in the organization. The Guide summarizes the most central basic issues of information security and gives practical advice for the implementation of information security in one’s own work. If you need more information you should first check the organization’s IS Policy manual.
Over the past few years there has been a rapid development of Global IT infrastructures, which has fundamentally shifted the way information is managed today. In this dynamic environment new dependencies and new risks are born. Information is a valuable business asset and organizations must make sure that information remains available and trustworthy yet protected from intrusion. Today, organizations need to realize that in order to protect their information assets in an effective and efficient way they must understand what are the risks associated with the use of their information systems. In this context, a risk assessment methodology represents a valuable tool which can be used by modern organizations to assist them firstly to identify and rate the risks associated with the use of their information systems and secondly to take the appropriate measures to protect their information systems. The purpose of this paper is to address the issue of risks with respect to information security.