Information system security refers to the way the system is defended against unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
There are two major aspects of information system security −
Security of the information technology used − securing the system from malicious cyber-attacks that tend to break into the system and to access critical private information or gain control of the internal systems.
Security of data − ensuring the integrity of data when critical issues, arise such as natural disasters, computer/server malfunction, physical theft etc. Generally an off-site backup of data is kept for such problems.
Guaranteeing effective information security has the following key aspects −
Preventing the unauthorized individuals or systems from accessing the information.
Maintaining and assuring the accuracy and consistency of data over its entire life-cycle.
Ensuring that the computing systems, the security controls used to protect it and the communication channels used to access it, functioning correctly all the time, thus making information available in all situations.
Ensuring that the data, transactions, communications or documents are genuine.
Ensuring the integrity of a transaction by validating that both parties involved are genuine, by incorporating authentication features such as "digital signatures".
Ensuring that once a transaction takes place, none of the parties can deny it, either having received a transaction, or having sent a transaction. This is called 'non-repudiation'.
Safeguarding data and communications stored and shared in network systems.
Information systems bring about immense social changes, threatening the existing distributions of power, money, rights, and obligations. It also raises new kinds of crimes, like cyber-crimes.
Following organizations promote ethical issues −
The Association of Information Technology Professionals (AITP)
The Association of Computing Machinery (ACM)
The Institute of Electrical and Electronics Engineers (IEEE)
Computer Professionals for Social Responsibility (CPSR)
Strive to achieve the highest quality, effectiveness, and dignity in both the process and products of professional work.
Acquire and maintain professional competence.
Know and respect existing laws pertaining to professional work.
Accept and provide appropriate professional review.
Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis and possible risks.
Honor contracts, agreements, and assigned responsibilities.
Improve public understanding of computing and its consequences.
Access computing and communication resources only when authorized to do so.
IEEE code of ethics demands that every professional vouch to commit themselves to the highest ethical and professional conduct and agree −
To accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to disclose promptly factors that might endanger the public or the environment;
To avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist;
To be honest and realistic in stating claims or estimates based on available data;
To reject bribery in all its forms;
To improve the understanding of technology, its appropriate application, and potential consequences;
To maintain and improve our technical competence and to undertake technological tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations;
To seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others;
To treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or national origin;
To avoid injuring others, their property, reputation, or employment by false or malicious action;
To assist colleagues and co-workers in their professional development and to support them in following this code of ethics.