1. Identify and define the various types of information assets utilized by organizations. Provide an example of how organizations use the various type of information assets.
This assessment should be a minimum of 300 words.
GENERAL OVERVIEW
Information is an asset for organizations that exists in various forms (critical, propriety, intellectual, and digitized). Thus, securing the various forms of information are priorities for organizations. Laws such as the Fair Credit Reporting Act were created to help protect information from improper use, but such measures are insufficient in providing the level of protection needed to secure organizational information.
Organizations use various tools and strategies to ensure information security (INFOSEC) which is the protection of “information assets and systems against any internal or external threat that might endanger them”. INFOSEC risk assessments and analyses are conducted to identify the threats against organizational information that may exist and information protection strategies are implemented to protect against and respond to the identified threats. Protection strategies range from control strategies (discretionary access control, mandatory access control: hierarchical and non-hierarchical, operations security) to personnel security (information protection-related agreements) which includes information security legislation (e.g., National Security Decision Directive 298), classification systems for business information (e.g., sensitive compartmented information protocols), information security policies, and copyrights, patents, and trademarks.
Communication security (COMSEC) is important for any information transmitted regardless of the medium (e.g., voice, electronic, impulses, microwave, etc.). Computer security is concerned with information accessible through computers. Maintaining computer security is a complicated task because information can be accessed locally and remotely through numerous means. The term cybercrime was coined to identify the crimes that are associated with using the internet to illegally gain access to information that is used in crimes (e.g., hacking, email wiretappings, phishing, and vishing).
Thus one can image that one of the greatest challenges related to computer security is securing computer databases from internal and external threats. Government agencies have added issues of protection threats against their agencies and their personnel. To aid all organizations in maintaining computer security various computer protection strategies are utilized (physical security, administrative controls, and logical controls: passwords, firewalls, malware). Research has suggested strategies for safeguarding sensitive computer information (e.g., Carroll’s 10 strategies) and the federal government has enacted legislation to research and develop cyber security measures (e.g., the Cyber Security Research and Development Act of 2002). Existing strategies and the continued development of future strategies are necessary to ensure that information, communication, and computer security is maintained in organizations