“Today, a large portion of information resides electronically, and this information is processed using the Information Systems Infrastructure.”
The rapid advances in information and communication technologies are not only changing production methods but also facilitating human life and radically altering daily practices. The advantages offered by information technologies have grown in recent years, leading to the emergence of a lifestyle that is irreversibly dependent on these technologies. The continuation of this lifestyle is only possible by ensuring the safe and secure use of information technologies.
There are, of course, certain risks posed by information technologies that have managed to penetrate human life to such an extent. Since the “human” factor lies at the core of information technologies, the vast majority of threats and risks to information systems and infrastructures naturally come from humans, whether consciously or through negligence.
What are the Definition and Elements of Information Security?
Information security is defined as preventing information, as a type of asset, from unauthorized or unauthorized access, use, modification, disclosure, destruction, transfer, and damage. It consists of three fundamental elements: “confidentiality,” “integrity,” and “accessibility.” A security vulnerability occurs if any of these three fundamental security elements are compromised.
Confidentiality: The protection of information from unauthorized access and unauthorized access.
Integrity: The protection of information from unauthorized modification.
Accessibility: The availability of information to authorized individuals when needed.
The internet has become an indispensable online space in every aspect of our lives. From our homes to our workplaces, from cafes to restaurants, we are compelled to use applications and websites to stay connected to the internet and sustain our lives. While the internet can be beneficial to our personal and business lives, it can also bring significant risks, causing us to suffer material and moral harm. At this point, we must take certain precautions to protect against potential cyberattacks, maintain our personal data, and maintain our corporate operations, ensure internet security, and minimize the damage caused by cyberattacks.
User Responsibility in Information Security
The most crucial component of information security is user security awareness. In any corporate business process, the creator of information is the owner of that information. Therefore, they are also responsible, but this is not enough. From the creation and classification of all information to its archiving, information can be exposed to various threats. Therefore, everyone, from the officer who transmits documents related to an information asset to the institutional supervisor who signs them, the person who enters data into information systems to the programmer who writes that information system, is responsible for the security of that information asset. In short, all employees within an organization are responsible for information security. The level of information security is determined by the weakest link. Often, that weakest link is the person. “A chain is only as strong as its weakest link.” When considering information systems, the weakest link in this chain is often the system’s users. Employees within an organization are obligated to protect their organization’s information as if it were their own and to comply with the organization’s information security policies. As examples of these responsibilities, employees should:
Choose strong passwords for the information technology products they have access to and keep these passwords confidential.
Comply with the organization’s security standards and restrictions regarding internet and email use.
Avoid opening emails with suspicious attachments.
Avoid visiting unsecured websites.
Avoid using the organization’s information technology resources for personal matters (social media software, etc.).
Accept security rules when using company computers and prevent unauthorized access.
Considering the degree of confidentiality, if corporate information is written down, it should not be kept on the desk or taken outside the organization. If it is in digital form, it should not be sent outside the organization on flash drives or via email.
Assess the company’s information security restrictions with an awareness of information security, understand their necessity, and comply with them.
Because most attacks originate from internal vulnerabilities, firewalls and antivirus applications never provide a completely secure environment for an organization. Therefore, it’s safe to say that many attacks originate from within the organization. Therefore, everyone working within the organization is responsible for security.
Uğur YELESER