Information in its broadest meaning is today one of the essential elements for the development and growth of any organization’s business. The current social and commercial interconnection makes information security an essential element, as information is increasingly exposed to a growing number and variety of threats and vulnerabilities. Consequently, adequate and effective protection is needed. But it happens that sometimes the confusion between the terms “information security, “computer logic security,” or “logical security” causes the specific nuances of each of them to be lost.
Table of Contents
Insecurity, it is essential to know what we are referring to at all times precisely and unequivocally. It is, therefore, necessary to start by pointing out the distinction that exists between the previous terms. Thus, “computer security” would protect the technological infrastructures on which the company or organization works. The “information security” for its part has as its objective the protection of systems and information, as long as they are always accessible, that they do not suffer alterations and that their access is allowed exclusively to duly authorized persons. Information security, therefore, refers to the confidentiality, integrity, and availability of information and data. Finally, “logical security” involves all those measures established by administrators and users of information technology resources, which are intended to minimize security risks in their daily operations, in which information technologies are used.
The main threats of human origin that affect hardware, software, and data in computer security are usually theft, fraud, sabotage, espionage, hacker action, and malicious code. These threats typically materialize through phenomena such as:
To start fighting against the wide range of threats that put information systems at risk, we must bear in mind the three basic computer security principles.
First principle: the intruder to the system will use any means or gadget that makes his access and subsequent attack easier.
The expression “any means or device” implies the existence of an enormous variety, both of fronts through which an attack can be produced, and of modalities, due to how they are produced, which includes actions of Social Engineering. This variety of methods and means makes risk analysis very difficult, although a clue to start. It is that: the intruder will always apply the philosophy of searching for the weakest point.
Second principle: data should be protected only until they lose their value
This principle implies the expiration of the protection system. In other words, there is a time interval during which the confidentiality of the data must be maintained, after which it is no longer necessary.
Third principle: control measures are implemented to be used effectively, and they must be efficient, easy to use, and appropriate to the environment.
This principle implies that control measures must work at the right time, optimizing system resources and going unnoticed by the user. It should also be noted that the effectiveness of any control system cannot be verified until the time comes when it is necessary to apply it.
To minimize the above threats in information security, an appropriate set of specific controls must be implemented. These controls typically include policies, processes, procedures, organizational structures, and software and hardware features. It is also essential to use tools that allow the installation of information systems to be analyzed and organized, establish work procedures to define security, and have controls that will enable the effectiveness of the security measures implemented to be measured. All this must occur within a framework of continuous improvement, in which these measures are in a permanent state of review and revision.
The main objective pursued by the framework of information security controls is to protect the confidentiality, integrity, and availability of information and data, regardless of how they can be obtained.
Within information security, logical security refers to safety in the use of systems and software. It also implies the protection of data, processes, and programs and the orderly and authorized access of users to information.
With logical security, the following objectives are pursued :
From a practical point of view, logical security policies are the means of control used to achieve the above objectives. The rational security policies of an organization are usually articulated through the following key elements:
Access controls. Access controls can be implemented in the operating system, in the information, in the databases, in a specific security package, or any other utility. It is usually the first line of defense for most computerized systems, its purpose being to prevent unauthorized persons from accessing them. They are the basis of almost all subsequent controls since it also allows you to track the activities of each of the users.
Roles, In this case, the access rights are grouped according to a specific position. Correspondingly, the use of resources is restricted to persons authorized to assume the said role. The use of parts is a relatively effective way of implementing access control. The role definition process is based on rigorous prior analysis of the organization’s behavior.
Transactions
It is articulated when the system knows the account number that provides a user with the relevant access in advance. This access has the duration of a transaction. When it is completed, the access authorization ends, leaving the user unable to continue operating.
Limitations to the services
The limitations to the services are controls that refer to the restrictions that depend on parameters specific to the use of the application. It also refers to those that the system administrator has preset.
Access
mode When specific access is allowed, it is also necessary to consider what type of access or mode is permitted. The four classic access modes that can be used are: read, write, execute, and delete.
Location and Time
Access to specific system resources may be based on data or people’s physical or logical location. As for the schedule, the use of parameters such as office hours or day of the week is expected when this type of control is implemented, which allows users to limit access to specific dates and times.
Controls determine what a user (or group of users) can or cannot do with system resources. The main internal access control methods are:
Controls are a protection against the interaction of our system with systems, services, and people external to the organization.
Only some approaches offer B2B and B2C companies more opportunities than digital lead generation. Customers…
When deciding on a business phone system, consider the features necessary to your company’s call…
Freight brokers help businesses get the products they need to run their businesses. They are…
Natural face moisturizers are gaining immense popularity among skincare enthusiasts. Unlike their synthetic counterparts, these…
The practice of gathering information from different aspects of a retail chain, such as planning,…
In the dynamic sphere of education and professional certifications, the need for reliable and secure…