IT Security Essentials

IT security is absolutely necessary for a computer system and the data that is processed through its channels. Information security means protecting information and information systems from unauthorized access,

use,

disclosure,

disruption,

modification, or

destruction.

Computer security refers to protecting the physical system as well as the data and information processed within the system. The physical system and its data form one complete whole. You cannot have one without the other.

Why would someone want to harm a computer system? Because there are,

Good Guys and Bad Guys

IT security is all about good guys and bad guys. The good guys are trying to outsmart the bad guys, and the bad guys are trying to outsmart the good guys. It is a circular game that never stops. As long as there are good guys and bad guys there will be threats to computer systems.

The bad guys, which are the hackers and people that damage computer systems, do there dirty work, in part, because they say it gives them a sense of power and control that they would not otherwise possess. They are frequently "nerds" in their late teens or early twenties that have nothing else to do in life, but to peck on their computers.

Roughly 70% to 80% of threats to computer systems and their data are internal, within the organization. These threats are the employees of the company.

Employees will do things like the following to compromise a computer system and its data.

  • Post passwords to programs and systems on their computer monitors.
  • Share systems access information with co-workers.
  • Allow co-workers into controlled access areas to socialize. And,
  • Most importantly, harm computer systems intentionally.

Hiring employees that are a good fit for your organization ethically will help to reduce threats to computer systems. Making sure employees are satisfied with their jobs and roles within your company will also serve to reduce threats.

Proper training of employees with regard to risks and threats to computer systems, and how to prevent them is necessary for any organization to reduce system compromise. Documentation within procedural manuals made available to employees is one method to train information system workers.

In the general work force in the U.S. roughly 80% of all workers perform some job tasks on computer systems on a daily basis. This means that information systems security training should be made a regular part of employee training.

Hackers, which are people that work with computers for the pure intellectual challenge, can be bad guys as well as good guys. These bad guys often get access to computer systems by stealing system's access codes from co-workers. They then proceed to compromise computer systems.

Bad guy hackers can also "blast" a computer system to gain access through login gateways by sending thousands of combinations of password characters one after the other in the hopes that one combination will break the password access code.

Employees normally select passwords that are easy to remember and are logically related to themselves such as a social security number, date of birth, first and last name, etc. This type of password protected system is easy to break into with blasting software.

IT security experts recommend creating passwords that are at least 12 characters in length, and that are illogical combinations of letters, symbols, and numbers. This way the statistical probability that blasting software will be successful in breaking passwords is made impossible.

IT security is more of a process than a final goal because there will always be risks and threats to computer systems. Information systems managers must continuously monitor computer systems and protected data for compromise on a continuous, constant basis 24/7.

After viewing IT Security please click here to return to Home Page of Terris Worldwide

To return to the IT, Information Technology page in this website please click here.