According to Wikipedia, Information Security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
Most people would take that definition on consider that it only relates to big networks, servers, computers and more. Unfortunately, so many people take this for granted, that it is not surprising that there is so much identity theft and fraud in today’s society. Criminals are smarter, so you need to take the proper security measures to ensure that you do not fall victim to information theft.
Typically, information security on the personal level can be split into three separate categories: Confidentiality, Integrity and Authenticity (Traditionally, the CIA triad was considered the core principles, however the A referred to availability).
Keeping your information confidential is simply the practice of preventing the disclosure of important information to parties or individuals who should not have it. This can be as simple as shredding your important documents before trashing them, but it goes much much further in today’s electronic world. People have become extremely complacent when it comes to computer passwords, key codes, etc.
Additionally, you would think that common sense would prevail here, however, many people sell/lose laptops without secured information or even fall prey to people overlooking one’s shoulder. The point here is to be diligent in your efforts to secure your information from loss/theft.
Some good tips for passwords are:
- Use at least 6 characters in the password (I prefer 8 at a minimum)
- Include uppercase letters, numbers and punctuation
- NEVER use your username in the password
- Avoid common words, local names, family names, or pet names
- Use multiple words, possibly separated with punctuation
- Use a different password for each account
- CHANGE your password at least every 360 days (I prefer 180 days)
- DO NOT write your password down and sticky-note it to your monitor
Using those as guidelines to create secure passwords and keeping them secure will put you on the right track for keeping your electronic information from being stolen. Some systems have great programs which can help you manage your passwords. One notable program is 1Password for the Mac OS X operating system. There may be others out there as well.
Integrity refers to the notion that a message or transmission can be actively modified in transit. Specifically referring to modification without detection. This is especially important to online shoppers who are sending personal information such as name, address, phone numbers, and credit card information over the Internet.
Some things that you can do to mitigate any possibility of interception would be to pay attention to the websites that you shop on. Look at the SSL (Secure Sockets Layer) certificates and make sure they are valid and working. Use VPN technologies when accessing files at home/work in order to encrypt the data transmission. A combination of these tactics are a great start to maintaining data integrity. You can also ask your IT manager or network support team for more information on how your company polices are laid out.
With regards to information security, it is necessary to ensure that the information you use or give out is authentic and remains authentic. Authenticity is closely related to integrity in that you must ensure that the websites you do business on are authentic, the emails you receive are authentic (and not phishing attempts, scams, etc), as well as the documents you read/write are authentic.
One example of fraudulent activity as it relates to authenticity would be the concept of social engineering (wikipedia). Social engineering is a very scary concept for security professionals, and without being aware and diligent with regards to security and personal protection, it is extremely easy to fall victim to even the novice social engineer.
Side Note :: Availability
While not in the main triplet of information security concepts, Availability deserves some discussion here. Availability typically refers to how “available” a server or network system might be. It’s also can be referred to as uptime. Typical Denial of Service or DOS attacks will cause a network or system to go down. For many systems, such as banking, credit card processing, or high end hosting companies, downtime is not an option and can cost a company a great deal of money.
For many people on this site, security is only as deep as having firearms in the house or even concealed carry. However to disregard information security in these times would be a big mistake, as well as the reason for so many scams (They must be successful to some people or they wouldn’t exist). Protecting your information is a vital component to your personal security and well-being, and that of your families.
Information security falls on YOU! You must be diligent and hold information security in high importance. Take some time to inspect your security measures and make changes if necessary. The information in this article really only scratches the surface of information security. It is you decision as to how far you want to dive into it, and it has it’s advantages being in the know! There is a vast amount of information on security out on the internet and it can easily be found via your favorite search engine.
Mike has bachelor’s degrees in Computer Systems Engineering and Electrical Engineering. He finished those up with a master’s degree in Information Technology, specifically networking. He has worked for IBM Global Services as a Network and Security specialist as well as for PaeTec as a backbone engineer.