What is information security and what are its aspects?

Information system security is to put forward security requirements from the aspects of technology, management, engineering and personnel in the whole life cycle of the information system, so as to ensure the confidentiality, integrity and availability of the information system, reduce the security risk to an acceptable level, and thus ensure the system to realize the mission of the organization. All instructions required for information processing include operating instructions (programs), which indicate and control computer hardware and processing instructions used in information processing. Programs include operating system programs, spreadsheet programs, word processing programs, etc. This process includes data input, error correction and data transmission.

Data resources include: alphanumeric data composed of numbers, letters and other characters, describing organizational activities and other things; Text data consisting of sentences and paragraphs; Image data in the form of graphs and charts; Record audio data of people and other sounds.

Information systems with various functions to meet different needs constitute the foundation of the information society, which improves the production and management efficiency of various industries and departments, facilitates human daily life and promotes social development.

(1) risk

Information security risks are mainly caused by the loopholes in the information system itself and threats from outside the system. There are threat sources with specific threat motives in the operating environment of information systems. By using all kinds of attacks and taking advantage of all kinds of loopholes in the information system, it has a certain adverse impact on the information system, leading to information security problems and incidents.

(2) guarantee

Information security assurance is to formulate information security assurance strategies for various risks faced by information systems in the operating environment, design and implement information security assurance frameworks or models under the guidance of the strategies, and take security assurance measures such as technology and management to control risks in an acceptable range and degree, so as to realize its business mission.

(3) Mission

This paper describes the requirements and objectives of information system in the whole life cycle of design, implementation, testing, operation, maintenance and abandonment. The mission of information system is inseparable from its security, and it is necessary to ensure the correct realization of the goal through information system security measures. With the threats faced by the information system and the changes in the operating environment, security also needs to provide corresponding safeguard measures to ensure the correct operation of the information system.

Risk management is the basic method of information security. Information security should be based on risk management and take targeted preventive measures against possible threats and their own weaknesses. Information security is not the pursuit of absolute security, but the pursuit of controllable security risks. The most suitable information security strategy is the optimal risk management countermeasure, which is the optimal choice problem under the premise of limited resources. Insufficient preventive measures for information systems will cause direct losses, affect the normal operation of business systems, and also cause adverse effects and losses. In other words, the problem of information security is the utility of security, which should be weighed and selected from the feasibility and effectiveness of economy, technology and management.