Security

The whole course begins with some potential IT System attackers. Externally, they might include

• State
• Organised criminals
• Customers
• Opportunist criminals
• Amateur hackers
• Competitors
• Hacktivists

The following factors mean that IT systems are ever more vulnerable to attack.

Complexity of IT environments means risks are harder to identify/control Intruder techniques improving

Dependence on computers increasing

Decentralised/distributed computing means more points of attack

Security is increasingly seen as an integral part of customer service which makes it ever more commercially important.

The chapter on security opens with the three aspects of information security namely confidentiality, integrity and availability. Confidentiality is about ensuring that only authorised persons have access to information and systems, integrity is ensuring that only authorised modifications are made and availability is about ensuring that authorised users have access to systems and information as required. The section continues by describing in detail some of the different approaches and techniques to secure IT systems. Details on an information security management system (ISMS) are also provided as is detail on relevant pieces of legislation and regulation.