After watching the Managed network Webcast on Information Security conducted by company’s CEO Mr Ben Rapp, I was exposed to the notion that information Security is 3 dimensional and these dimensions include:
Confidentiality: In the webcast Mr Rapp talked about “Privacy” in the sense that business need to restrict access to important information and focus more effort on what information that is most valuable. Also that staff pose the biggest risk because they require the organizations information to carry out duties, so clear policies and procedures to follow while using and distributing information and should be properly trained. He advised that rules be kept as simple as possible and don’t assume technology can/will easily solve the problem because technology needs to be operated correctly to get the best out of them. He suggested that network be structured in layers to restrict access to sensitive data. Also ensure that physical security is not lacking.
Integrity: Here he talked about protecting data from damage, unauthorised modification, authorised inaccurate modification using methods like version control or making modification impossible with a sole authority, implement data validations. Here one needs to consider loss off or damage to information. Also it is very important to always have updated back-ups.
Availability: Here he talked about making sure the system is working at all times (keeping going not just disaster recovery). Absorb, adapt, recovery are your major concerns. He also talked about considering cost of risk by making a business continuity plan and have disaster recovery procedures properly outlined and communicated effectively to staff.
Other considerations include Threat; what might go wrong, Exposure: Impact, Counter Measures;
Attributes of an information security system include people, technology, physical protection.
I found the webinar useful because it can help small and medium business know what they are supposed to consider when trying to provide the adequate level security for their information.
Dafe Ojoboh's Blog 