Security Management Responsibilities

Security Management Responsibilities

Overview of Security Management Responsibilities in relation to cyber crime: [1]In all organizations information assurance is a combination of ensuring the confidentiality, integrity, and availability of data contained on information systems. Confidentiality refers to keeping sensitive data nonaccessible to people who do not have authorization to view the data. Integrity refers to protecting data against unauthorized modification or destruction. Availability pertains to how accessible data are to users who are authorized to view the data. Additional technical concepts related in information assurance include the following: (a) authentication, which means to verify data stored, transmitted, or received has not been manipulated; (b) nonrepudiation, which refers to a sender of data or source of an information security problem not being able to later claim they were not responsible; and (c) audit trail, which includes records of user activities that occur on an information system and are in their own right to be considered sensitive data in need of relatively high levels of protection. For example, during software testing a technology developer may send test messages through a security boundary device to validate that the number of messages sent is the same as the number of messages received. An audit trail of this test that shows an unequal number of messages sent and received within an information system may reveal a security flaw.

Resources

Notes and References

1. By Rob Paisley

See Also

• Types of Cybercrime
• Cybercriminal

Further Reading

Caelli, W., Longley, D., and Shain, M. (1991). Information security handbook. New York: Stockton Press; Director Central Intelligence. (2000, May). Protecting Sensitive Compartmented Information Within Information Systems. Washington, DC: Government Accountability Office. Available at (internet link) fas.org/irp/ offdocs/dcid-6-3-manual.pdf; Guttman, B. (1995). An introduction to computer security: The NIST handbook. Darby, Pennsylvania: Diane Publishing Company; McQuade, S.C. (2006). Preventing cybercrime with information security. In Understanding and managing cybercrime (Chap. 10). Boston, MA: Allyn and Bacon; Committee on National Security Systems. (2006, June). National Information Assurance (IA) glossary. CNSS instruction 4009. Washington, DC: Government Printing Office. Available at (internet link) cnss.gov/Assets/pdf/cnssi_4009.pdf