Security can be defined as the degree of protection against criminal activity, danger, damage, and/or loss. Following this broad definition, information security refers to all of the processes and policies designed to protect an organization’s information and information systems (IS).
A Threat to an information resource is any danger to which a system may be exposed.
The exposure of an information resource is the harm, loss or damage that can result if a threat compromises that resource.
An Information resource’s vulnerability is the possibility that the system will be harmed by a threat.
Threat : Any danger to which an information resource may be exposed
Exposure : The harm, loss or damage that can reslut if a threat compromises an information resource
Vulnerability : The possibility that an information resource will be harmed by a threat
Five key factors are contributing to the increasing vulnerability of organizational information resources, making it much more difficult to secure them :
- Today’s interconnected, interdependent, wirelessly networked business environment
- Smaller, Faster, cheaper computers and storage devices
- Decreasing skills necessary to be a computer hacker
- International organized crime taking over cybercrime
- Lack of management support