Supply chain management

INFORMATION SECURITY

Course: NameINFORMATION SECURITY Yours Name Professors Name [optional]University

INTRODUCTIONInformation security is a process of protecting data from illegal access, inspection, destruction, disruption, use, recording, use, modification. According to the standard reports integrity, confidentiality and availability are the primary part of information security. These are the key concepts of information security management. These points can be summarizing as:Integrity in information security means that the process of maintaining the quality and the message as same as transmitted by the user. It can be stated as that the data should not be adjust from anyone at illegally. Information security systems classically provide the message integrity in adding together to data confidentiality.Availability is the element of information security. It is provided by the information systems this means that data is available when the user needs this. This process is ensured from the information system such a way by store and process. Various safety controls are used to protect data and statement channels are also be maintained to perform correctly. Authenticity in information or data transfer is that to ensure that the data is sending by the standard user or not. Data authenticity is provided by validating both parties involved in communication. This is completing by digital receipt or signature.Non-repudiation According to act non repudiation is having ones attention to complete the obligations to a contract. This means that neither party can deny for communication or sending data. In cryptographic systems non repudiation efforts are used. This is achieved by the private key access. In this system that only senders can send the message having private key only persons having the private key can only read this message.Information security is the basic need in the modern world. As well as technology has been advanced so it is being necessary to secure data to protect it from theft or misuse. Information security consists of answer of the following five questions. In other words, it is the sum of explanation of what, when, why, where and who. What is information security?A way to prevent availability, integrity and confidentiality of the information is termed as security. Information security is the function of technical, physical, administrative control of the information.Administrative controlAdministration control is the human factor of information security. It comes management principles, policies, plans, standards, and methods. Examples of administration control are business continuity and disaster recovery policies, hiring and firing process, training and awareness programs.Physical controlIt is the easiest type of control for the people. These controls may be seen or be physically touched or seen. Buildings, locks construction systems0 fences and alarm systems are the part of physical control system. They manage the access to the physical part of the information.Technical ControlIn this control technology is being monitored to control access to the information. It controls the technical factors of information security. The most part of the information we use in the modern world is not in physical form so it cannot be touched. So it can be control with the help of technology. Some examples are firewalls, file permissions, access control lines, and antivirus software. Why information security is necessary?It required secure data or information from theft or unauthorized access. It may happen that somebody may disclose or modify the secret information. Sometimes it may destroy the information. Information security is used to down the stealing risk so it can be easily acceptable to the management. Information security is necessary to progress the way of running business. Information security is necessary to keep data confidential. It is necessary to kept information accurate and updated. Information security ensures that information is being available when you need it. Who is responsible for information security?Information security is responsibility or everybody who is working for the organization. Top down way to the information security is stated as. Senior ManagementTop level is the senior management who is responsible for making policy. Senior management ensures the function for the security of information in the business. Commitment to senior management to the information security required to be transferred and implicit with every business professional as well as consumers. This transformation of commitment gives outcome with figure of guidelines. Top administration demonstrate the devotion by directly involved in the information security policy, budget approval and risk acceptance between further things. Information security is an effortless way without senior management.. Business Unit LeadersBusiness is the way of making money with the efforts and promises. Generating profit is the primary objective of business. Secondary and supportive objective is protecting the information that runs the business. Information security officers must be understood the policy of business that runs the organization. If the information security personal is being failed then it leads to ineffective control and process difficulty. Business unit leaders should check information security parameters through their business within the company. EmployeeHow the information is used in the organization it is best known with the employees. But in the corporate manner opinion of employee is not taken in making policy. Workers are answerable to the complains and query with all information security policy and supporting documents. The supporting documents include guidelines, procedures and standards. Employees are accountable in quest of direction when the security implications of premeditated actions are not well implicit. Information security staff requires the workforce to take part, the report and observe. Indirect employee Outdoor employees such as salesperson and contractor who are not a part of organization but they are helpful in running your business. It is the sole accountability of the third party to preserve information security. It is required that the information security parameters should be included in the contract agreements. Youre precise to review the third-partys sequence security pedals. It should also be incorporated in the contract, at whatever time probable. The accountability of the third-party is to kowtow to the words restricted in contract.When we have to check information security?There are two characteristic which are required to superior and effectual information security.Information security should be real. In the organization it is not an issue related to IT department as well as it is not a HR issue or accounting. Information security is a business issue. Information security necessities to be included in the company and should be calculated in most of the company decisions. This position indicates the significance of address in sequence security all of the time.Securing the information is a process of continuous improvement and it must be updated. To make it effectual this security policy should be changed regular basis because it requires updating time to time. Because the environment of the corporate and business are always changed with time so it is necessary to update information security. Sometimes company has not designed the company policy of information security but they also stated few policies related to information security. The Company should be kept notice that when it should be updated and a new policy is implemented in the business. Where does Information Security Apply?By our definition of the information security it is clear that this can be applied to every part of the organization. The submission of technical objective and administrative pedals is an effort to protect the availability, privacy and integrity of information is termed as information security. This is useful to the organization activity not a segmented fraction of the company. You should maintain an assessment for information security. Security to the information will be useful to find where it is sufficient and where it has a lack in the organization.Various technologies for data security are:Cloud Access Security BrokersThese are placed in between the end user and service providers to meet the desired the security policy of the organization. In some cases this service is taking place by external part of IT.Adaptive Access ControlIt is the form of control access to the unauthorized user in the system. The use of adaptive access administration style allows to admittance with any device anywhere and by any id within the organization.Endpoint Detection and Response SolutionsThis is used to maintain the security from the end user such as laptops, desktops, etc. in this technique various tools are used to store endpoint in sequence in a central database. Analytics tools are continuously identify these with the data base and control them to access the system. The tasks performed by the system configured by the database. These tools also help with fast examination into the scope of attacks.Software-defined SecurityIt is the process of defining the software use by the company within server, data center, security and networking. The Impact of networking, storage, and computation on security is transformational. It is not mean that only dedicate hardwares are needed to work with it. Interactive Application Security TestingIt is the combination of two types of security testing such as static and dynamic. Aim of this security testing to provide accuracy during data security. Both kind of data security is integrated in IAST. IAST is the single solution for both kind of security. This move toward makes it possible to authenticate or decline the exploitability of the detect susceptibility and determine its point of origin in the application code.Security Gateways, Brokers and Firewalls Gateway is the points in the network that acts as the entry point to another network. In the internet gateway can be a node either gateway node or host node. The computers that control traffic within your company's network or at your local Internet service provider are gateway nodes. In the organization a server acts as a gateway and we can control data security by the server by blocking illegal access to the network. A gateway is connected with both a router, which knows where to straight a given packet of data that arrives at the gateway, and a switch, which furnishes the actual path in and out of the gateway for a given packet. We can ensure data security by installing firewalls in the network systems. Firewalls are the network security system that controls the incoming and outgoing traffic in the network by set of rules. It can be either hardware or software. AntivirusAntivirus are the softwares that are used to remove or detect viruses. These are also known as the anti malware software also. These are used to prevent our system from various attacks such as BHO, browsers hijacking, key loggers, Trojan horses attacks, worms etc. these attacks are also the part of data theft from a system or a server. Some products also include protection from other computer threats, such as infected and malicious attacks such as phishing. Cryptography Cryptography is a process of securing the data by encrypting data with such a special manner before transfer it to another user. The aim of this is to ensure the data security during data transmission from one place to another place. When a user wants to use this data it needs a decryption key to decrypt it. After encryption text is called cipher text. Cryptography is of two kinds: symmetric and asymmetric. In symmetric key cryptography only a single input is used to encrypt and decrypt the information while in case of asymmetric input cryptography a public key is used to decrypt and encrypt the data. Cryptography is also helpful in security of data on the network during transmission. For increasing information security in the digital systems in healthcare industries we have to follow these two steps:1. Study the existing policies in healthcare information system for proving security. If there is a vulnerability found in the policies then it is necessary to develop new policies related to security of information. These new policy required different technology such as encryption, decryption etc.2. We have to configure each and every physical device so that it is easy to block illegal access in the system.SECURING ELECTRONIC HEALTH INFORMATION IN YOUR HEALTH IT ENVIRONMENT Many of the organization are now planning to implement the EHR system. So that is being an easy task to store information about the patient. It is an electronic document that contains information about the individual. It is designed according to the local laws in the country. The Electronics health record considerably changed the environment and increases risk of theft information about any patient. So it is necessary to give security to this data. We can provide security to this data by providing password access to this data. When you are firstly use this system then you have to need various entities and patients. You should have to follow various standards decided by the international and national bodies related to the information exchange department. You have to do your work within the boundary of law and humanity. You can decide that this information is shared with patient only and he can access on it through a portal by entering username and password. You can also provide a facility of secure messaging to the patient by online communication. EHRs can have a widespread collision, and ensure the integrity; the availability and the confidentiality of EHRs can be difficult. The aim of information security management is to ensure that the business is running continuously without any barrier. It is used to reduce the harm to the trade by prevent and minimize the collision of security incident. There are various technologies such as EHR system are now used for the security of data in hospital industry. EHR stands for the electronics health record. In this system information about patients is stored in electronics manner. Since this information is in digital form so it is necessary to protect this information from illegal access. EHR improves the efficiency of the system. Information security risk can be understood by terms like data breach, theft, and attack by hackers in the media. The main idea about information security is providing integrity to the data as well as availability and confidentialityIn is necessary to share information in the healthcare sector between various institutions beyond the countries because it is necessary to keep tracking every kind of disease. In the healthcare sector, it is often necessary to share data across organizational boundaries to support the larger interests of multiple stakeholders as well as agencies involved with public health. This sharing of data can cause disclosing of identity of the patient that will be harmful for the social as well as economic status of the patient. When covered for identifying and susceptible information, must maintain the analytic properties to assure statistical inferences, especially when released for research.

REFERENCES Javidi, B. (2005). Optical and digital techniques for information security (Vol. 1). New York: Springer. Thomson, M. E., & von Solms, R. (1998). Information security awareness: educating your users effectively. Information management & computer security, 6(4), 167-173. Information security introduction is retrieved from Information security technology retrieved from < www.nacr.cz/dlm/presentations/dresdner > Information security technology is retrieved from < www.tue.nl/en/education/tue.../information-security-technology >

12