�� : 225 ��

�� : �� 225 ��

1970-01-01T01:00:00Z

�� +��

�� : �� 225 ��

1970-01-01T01:00:00Z

��

�� ..� �� ..

�� .. �� ..�

�� : ��

1970-01-01T01:00:00Z

��

��

�:/��

�� : ��

1970-01-01T01:00:00Z

��

�� word ��

��

�

��

�� : ��

1970-01-01T01:00:00Z

��

��

��

�� : ��

1970-01-01T01:00:00Z

��

�- �� word ��

�� ɿ

��

�� : �� mid#1

1970-01-01T01:00:00Z

��

: )

�� : ��

1970-01-01T01:00:00Z

Information security, often compressed to "infosec," is the preservation of secrecy and integrity in the storage and transmission of information. Whenever information of any sort is obtained by an unauthorized party, information security has been breached. Breaches of information security can be grouped into five basic classes: (1) interception of messages; (2) theft of stored data; (3) information sabotage (i.e., alteration or destruction of data belonging to another party); (4) spoofing (i.e., using stolen information to pose as somebody else); and (5) denial of service (i.e., deliberate shutdown of cash machines, electric-supply grids, air-traffic control networks, or the like). Individual computer experts ("hackers"), intelligence agencies, criminals, rival businesses, disgruntled employees, and other parties may all seek to breach information security. All these parties, plus law-abiding private individuals who wish to guard their privacy and protect themselves from identity theft, also have an interest in preserving information security.

Messages and secrets have been subject to interception and theft ever since the invention of writing, but the modern situation is especially challenging. Electronic storage, processing, and transmission of information are now ubiquitous in the developed world, creating novel vulnerabilities. People are authorized to withdraw cash or purchase products on the basis of a piece of information (password or credit card number); trade secrets and business plans are electronically transmitted around the globe. In the U.S., over 95% of military and intelligence communications pass through network facilities owned by private carriers (e.g., the telephone system). Private speech may be broadcast locally by a mobile or cellular telephone or transmitted digitally over a network that can be tapped in numerous locations; databases full of confidential data reside in computers that can be accessed, perhaps illegally, by other computers communicating through networks; and so on. Information security—or insecurity—is a pervasive fact of modern life.

Consequently, breaching information security has become a common practice. For example, credit-card fraud costs approximately $20 per card per year. In 1994, an international criminal group used the Internet to penetrate Citicorp's computer system and shift $12 million from legitimate users' accounts to its own. Two ex-directors of the French intelligence agency DGSE (Direction Generale de la Sécurité Extérieure) have confirmed that one of the agency's highest priorities is to spy on non-French corporations and business-related government agencies. United States government agencies such as the Office of the U.S. Trade Representative and high-tech companies such as Boeing, General Dynamics, Hughes Aircraft, and others have been specifically targeted by French espionage—and probably also by other organizations that happen to be less frank (or more prudent) in their public statements.

There are many tools for increasing information security, including software that scans for computer viruses or prevents unauthorized intrusions into computer systems from the networks; password systems of all sorts; physical access security for computers, discs, passcards, credit cards, and other objects containing sensitive information; and encryption of messages and of databases. While all these tools are important to the conduct of business by a large business or government department, passwords and encryption are probably the most important.

Passwords have the advantage of being simple to use. They are not, however, capable by themselves of providing a high level security for large numbers of users. First, most users are asked to supply passwords for many different systems: banking, shopping, e-mail, and so forth. This tempts users to choose short passwords (which are easier to remember but also easier to guess, therefore weaker) and to use the same password for more than one system (causing a domino effect if a password is guessed).

Cryptography—the process by which raw message information (plaintext) is mapped or encrypted to a scrambled form (ciphertext) before transmission or storage, then mapped back to its original form again (decrypted) when an authorized party wishes to read the plaintext—is arguably the ultimate tool of information security. High-quality cryptographic systems that are breachable (if at all) only by resource-rich groups like the U.S. National Security Agency are widely available to businesses, governments, and private individuals. Appropriate cryptography can virtually guarantee the security of messages in transit and of information in databases; it can also, through "authentication," act as a super-password system whereby the identity of a would-be user (or information service supplier) can be positively confirmed. Cryptography has the disadvantages of added complexity, higher cost, and system slowdown.

Cryptography is also politically controversial, despite—or rather, because of—its technical power. Governments, corporations, private individuals, and private groups all have both legitimate and, occasionally, illegitimate motives for information security. Law-abiding persons and groups, or those rebelling against repressive laws, wish to be secure from surveillance by governments; criminals, terrorists, and the like also wish to be secure from surveillance by governments; government agents who are committing crimes wish to avoid public exposure; and so forth. It is generally advantageous to all parties, whether their activities are legitimate or illegitimate in whatever sense, to advocate maximum privacy for their own activities; it is generally advantageous to governments to advocate, in addition, maximum transparency for everyone else. Thus, for example, the U.S. government has sought (with little success) to prevent the spread of high-quality encryption algorithms, such as Pretty Good Privacy, outside the U.S., and inside the country has sought to establish voluntary compliance with "escrowed" cryptography systems. In such systems a government agency stores copies of cryptographic keys that enable it to decrypt communications between private parties using the system. In theory, these escrowed keys would be released to police or other government agents only when the court system had determined that there was a legitimate lawenforcement or national-security need to do so. Because such systems allow for third-party access to encrypted information by design, they are intrinsically less secure than a non-escrowed cryptography system, and therefore predictably unpopular with the private sector.

�� 424200459

�� : ��

1970-01-01T01:00:00Z

1. What is Information security?Information security (also known as InfoSec) means basically keeping your information under your direct control: that no one can access your information without your permission -- and that you know what risks you take when you allow someone to access the information you own.

It is essential to understand that you do not want everyone to have access to all your information. For most people it is clear that they want to keep their private and sensitive information like passwords and credit card information away from the hands of other people. Many of them don�t understand though, that even some pieces of information, that might seem meaningless to them may be very valuable to some other people, especially when combined together with other pieces of information. For instance a corporation could want your demographic information for marketing purposes -- so badly, that they would be happy to buy it from a person, who gathers this information by accessing your computer illegally.

It is also important to understand, that even if you don�t give any of your information to anyone on the Internet, someone may access your computer system to get the information they need.

2. Vulnerabilities of the InternetInternet is vulnerable to flaws and weaknesses in the network defence. Vulnerabilities may result from bugs or design flaws in the system. Some vulnerabilities are caused by un-sanitized user input, often allowing the direct execution of commands or SQL statements. Sometimes the programmer fails to check the size of data buffers, which can overflow and cause corruption of the stack or heap areas of memory.

Vulnerability usually allows an attacker to trick the application into bypassing access control checks or executing commands on the system hosting the application.

There are a number of vulnerabilities that your computer and network may be subjected to. Some of the most common ones are input validation errors like format string bugs, improperly handling of shell metacharacters so they are interpreted, SQL injection and in web applications cross-site scripting. Also stack smashing and other buffer overflows as well as symlink races are common vulnerabilities.

Vulnerability scansVulnerabilities might exist in all major operating systems like Windows, Mac OS, Linux, OpenVMS, and others. The vulnerability of your network and servers can be tested by vulnerability scans. They test your servers, web pages, firewall and others for possible vulnerability. Vulnerability scans can be downloaded from the Internet.

3. Security problemsThe security problem occurs when an unauthorised attacker; a hacker, virus or other type of malware breaks into the system.

Browsers are the most common targets of Internet security breaches. They are often merely an annoyance as the browser might slow down and crash at regular intervals, the data could become inaccessible and at worse cases the confidentiality of user�s personal information could be violated.

If there are bugs or misconfiguration problems in the Web server they might allow unauthorized remote users to gain access to confidential documents containing personal information or to obtain information about the server�s host machine that will allow a break into the system. They can also execute commands on the server host machine, allowing them to modify the system and to launch denial-of-service attacks, rendering the machine temporarily unusable. Denial-of-service attacks, also known as DoS, will target the computer's network bandwidth or connectivity. A distributed denial-of-services attack, DDoS, will use a number of computers the perpetrator has taken over, to attack against one or more targets. Typically a DDoS master program is installed on one computer using a stolen account.

The spying on interception of network data moving between the server and the browser can be made possible if the vulnerability of the network or the server is left open to it.

HackerA hacker is a person who creates and modifies computer software and computer hardware. The term hacker has negative connotations as it�s a term used for a person who exploits a system and gains unauthorized access to systems and often performs tasks that are not recommended or often legal. However the term can also relate to a person who simply uses his or hers skills to for example create computer programming, administration and security-related items.

Computer virusesThe most common security issue concerning individual users as well as companies, are viruses. Computer virus is an unsolicited program that insert copies of itself on the computer programs. Computer viruses are one type of malicious software or malware. Other types of malware are so called worms, trojan horses, adware and spyware.

Malware can be a mere nuisance by affecting the useability of your computer by slowing it down, making the computer crash at regular intervals and also affecting the various programs and documents you might want to access. More seriously malware can become a security risk by acquiring personal information about you from your emails and other data stored on your computer.

Adware and spyware are most annoying as they keep the unwanted advertising popping up on your screen. Spyware also collects your personal information and provides commercial interests with your details.

You can protect your computer and yourself by using appropriate software to combat unwanted and possibly destructive malware. (See How to protect your computer against viruses for more information.)

PhishingPhishing is a term used for an identity theft. Phishing is a criminal activity where a person or a business is approached fraudulently usually by an email claiming to be from a legitimate organization and requesting personal information, like bank account details, passwords and credit card details, from the receiver of the email. The information is used to access Internet bank accounts and other organizations where personal details are needed to access the site.

Anti-phishing software attempts to expose the true identity of the sender of the email or the website. But the personal vigilance is the best protection from phishing: no reputable bank or legitimate organization would ask for your personal details on an email.

EmailIt is also good to remember, that email has no guarantee of privacy: it is as private as a postcard. On its way to the recipient your email travels through a lot of servers, where it can be accessed by those who manage the system as well as those who have illegally intruded it. The only way to be relatively sure for the privacy of your email is to use encryption. See more below..

4. How to protect your network and systems?Your constant vigilance is essential for protecting your system from being exposed to an attack due to vulnerability. Also efficient software can be installed to make using the Internet more secure for you.

Physical meansBelow we�ll talk more about the different software and other system related means of keeping your information safe, but it is good to remember that there are other ways to the intruders to access your information too. Keep your computer and especially your laptop always in a safe place. Protect your computer with a password and preferably shut it down when you leave it. Be very suspicious of anyone who wants to have any of your passwords - even the people who work (or claim to work) for the technical support of your company. If they need your password, rather type it on the computer by yourself (so that they don�t see it) than tell it to them. Change the password always if you have accidentally let anyone else to know it -- or even if you just feel that someone else has had access to it. Don�t write your passwords anywhere.

UpdatesKeep all your software, including your operating system software up-to-date. If you use automatic update that checks for the updates only on the start-up of your computer, restart your computer daily.

FirewallsFirewall is either hardware or software that will protect your network or server from an intruder. Firewalls vary depending on the needs of the user. If a firewall is needed for a single node operating with one network, a personal firewall is appropriate. With a traffic entering or leaving a number of networks a network firewall filters is needed to filter all the traffic. Many servers and networks come with a default firewall but it is worth checking that it filters effectively everything you need it to, if not it�s worth acquiring a more powerful firewall.

Packet sniffersAn effective way to monitor traffic passing over a network is using so called packet sniffers. Gathering information by logging the traffic coming in and going out can be useful in detecting network intrusion attempts. They can also be used for analyzing network problems and filtering suspect content from network traffic.

EncryptionEncryption is an encoding of data so that it cannot be read by anyone who does not have the password that decodes it. Encryption garbles the data by using irreversible mathematical functions. Encryption makes the information on your computer non-readable for anybody who has stolen or gained access to it without your permission. PGP is one of the most popular piece encryption software programs.

5. Wireless network securityWireless networks are popping up everywhere and the exponential growth doesn't seem to show signs of stopping anytime soon. It comes with some security concerns as well. As well as you can access the network from anywhere the wireless connection is available so can anybody else willing to do so as well. Added to the general security measures you follow to protect your wired network, it�s essential that you follow simple rules to give the wireless connection the best possible security.

EncryptionProtect your wireless network by using Wireless Encryption Protocol (WEP). This works by establishing a shared 64-bit or 128-bit key between the clients and the access-point, then using the key to encrypt and de-encrypt the data passing between them. This offers adequate security for a home network. Consult the documentation for your wireless devices to find out how to enable and configure WEP on your network. For business environments, WEP should be looked on as a starting point for security only. They should seriously consider moving their wireless networks to the more secure WPA capable networking.

IdentificationDevices and Administrators come with default system IDs. It�s very easy for a hacker to find out what they are, so make the passwords and ID personal to you by changing it. It is good idea to name your devices with a names that don�t reveal to whom they belong or where they are: i.e. instead of using your physical address like the name of the building or the name of the company as the name of your device, use names like �mountain� or �my device�.

Identifier BroadcastingYour hardware might have a default function of broadcasting the status of your connection. As the wireless network might be especially easy for hackers to break into, disable the identifier broadcasting from functioning.

MAC FilteringA MAC address (also known as a physical address) is a unique hardware identifier assigned to every network device. MAC address filtering means that you enter manually a list of the addresses found in your local network and configuring your router to allow only these specific addressed to connect via the wireless network. Mac addresses can be easily found by going to the command prompt on each system and typing the following command

�� : ��

1970-01-01T01:00:00Z

Information security (also known as InfoSec) means basically keeping your information under your direct control: that no one can access your information without your permission -- and that you know what risks you take when you allow someone to access the information you own.

It is essential to understand that you do not want everyone to have access to all your information. For most people it is clear that they want to keep their private and sensitive information like passwords and credit card information away from the hands of other people. Many of them don�t understand though, that even some pieces of information, that might seem meaningless to them may be very valuable to some other people, especially when combined together with other pieces of information. For instance a corporation could want your demographic information for marketing purposes -- so badly, that they would be happy to buy it from a person, who gathers this information by accessing your computer illegally.

It is also important to understand, that even if you don�t give any of your information to anyone on the Internet, someone may access your computer system to get the information they need.

The security problem occurs when an unauthorised attacker; a hacker, virus or other type of malware breaks into the system.

Browsers are the most common targets of Internet security breaches. They are often merely an annoyance as the browser might slow down and crash at regular intervals, the data could become inaccessible and at worse cases the confidentiality of user�s personal information could be violated.

If there are bugs or misconfiguration problems in the Web server they might allow unauthorized remote users to gain access to confidential documents containing personal information or to obtain information about the server�s host machine that will allow a break into the system. They can also execute commands on the server host machine, allowing them to modify the system and to launch denial-of-service attacks, rendering the machine temporarily unusable. Denial-of-service attacks, also known as DoS, will target the computer's network bandwidth or connectivity. A distributed denial-of-services attack, DDoS, will use a number of computers the perpetrator has taken over, to attack against one or more targets. Typically a DDoS master program is installed on one computer using a stolen account.

The spying on interception of network data moving between the server and the browser can be made possible if the vulnerability of the network or the server is left open to it.

Phishing is a term used for an identity theft. Phishing is a criminal activity where a person or a business is approached fraudulently usually by an email claiming to be from a legitimate organization and requesting personal information, like bank account details, passwords and credit card details, from the receiver of the email. The information is used to access Internet bank accounts and other organizations where personal details are needed to access the site.

Anti-phishing software attempts to expose the true identity of the sender of the email or the website. But the personal vigilance is the best protection from phishing: no reputable bank or legitimate organization would ask for your personal details on an email.

Firewall is either hardware or software that will protect your network or server from an intruder. Firewalls vary depending on the needs of the user. If a firewall is needed for a single node operating with one network, a personal firewall is appropriate. With a traffic entering or leaving a number of networks a network firewall filters is needed to filter all the traffic. Many servers and networks come with a default firewall but it is worth checking that it filters effectively everything you need it to, if not it�s worth acquiring a more powerful firewall.

Reem alruwaily,426201000

�� : ��

1970-01-01T01:00:00Z

Information Security Technology is a special Master's degree program which is formally part of the Master's degree program Computer Science and Engineering. This special Master's degree program will probably become an independent program in the future.

Protection of electronic data

The protection of electronic data against all kinds of threats during storage or transmission is of ever-increasing importance. These threats range from unauthorized access to malicious manipulation. Information Security Technology provides essential tools for secure communication and data protection in many situations.

This is a fascinating discipline with subjects ranging from cryptographic ciphers to operating systems, and from tool-assisted protocol verification to laboratory attacks on operating systems.

There are people who make a living from hacking or breaking through information security systems. They use their technological skills to break into computer systems and access private information. Firewalls, which are designed to prevent access to a computer's network, can be bypassed by a hacker with the right hardware. This could result in the loss of vital information, or a virus could be planted and erase all information. A computer hacker can gain access to a network if a firewall is shut down for only a minute.

One of the biggest potential threats to information security is the people who operate the computers. A workplace may have excellent information security systems in place, but security can be easily compromised. If a help desk worker gives out or resets passwords without verifying who the information is for, then anyone can easily gain access to the system. Computer operators should be made fully aware of the importance of security.

Simple security measures can be used by everyone to keep data secure. Changing passwords on your computer, and using combinations of letters and numbers, makes it harder for hackers to gain access. Also, do not keep a note of your password where it can be easily accessed. This is the same idea as not keeping you bank card and PIN number together. You would not want anyone to have access to the information or funds in your bank account, and it is the same with your computer.

�� : ��

1970-01-01T01:00:00Z

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.[1] The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.

Governments, military, corporates, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures.

The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including, securing network(s) and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics science, to name a few.

�� : ��

1970-01-01T01:00:00Z

�� : ��

1970-01-01T01:00:00Z

Information security

[an all encompassing term that refers to the security of the information systems that are used and the data that is processed]

''Security problems''

The security problem occurs when an unauthorised attacker; a hacker, virus or other type of malware breaks into the system

Hacker\1

term used for a person who exploits a system and gains unauthorized access to systems and often performs tasks that are not recommended or often legal

Computer viruses\2

The most common security issues concerning individual users as well as companies are viruses

Email\3

It is also good to remember, that email has no guarantee of privacy: it is as private as a postcard. On its way to the recipient your email travels through a lot of servers, where it can be accessed by those who manage the system as well as those who have illegally intruded it

''Protect the network and systems''

Your constant vigilance is essential for protecting your system from being exposed to an attack due to vulnerability. Also efficient software can be installed to make using the Internet more secure for you

Updates\1

Keep all your software, including your operating system software up-to-date

Firewalls\2

Firewall is either hardware or software that will protect your network or server from an intruder

Encryption\3

Encryption is an encoding of data so that it cannot be read by anyone who does not have the password that decodes it.

��

427200619

�� : ��

1970-01-01T01:00:00Z

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.[1] The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.

Governments, military, corporates, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures.

The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including, Securing network and allied infrastructure, Securing Applications and database(s), Security testing, Information Systems Auditing, Business Continuity Planning and Digital Forensics Science, to name a few.

This article presents a general overview of information security and its core concepts.

�� : ��

1970-01-01T01:00:00Z

Information security and the Internet

Internet is a double-edged sword: it can give you access to lot of good things, but unfortunately it allows many bad things to access your computer. The Internet has various security issues that must be addressed in order to keep computers and networks running smoothly. In this article we�ll discuss the most important security issues as well as some solutions to them.

1. What is Information security?

Information security (also known as InfoSec) means basically keeping your information under your direct control: that no one can access your information without your permission -- and that you know what risks you take when you allow someone to access the information you own.

It is essential to understand that you do not want everyone to have access to all your information. For most people it is clear that they want to keep their private and sensitive information like passwords and credit card information away from the hands of other people. Many of them don�t understand though, that even some pieces of information, that might seem meaningless to them may be very valuable to some other people, especially when combined together with other pieces of information. For instance a corporation could want your demographic information for marketing purposes -- so badly, that they would be happy to buy it from a person, who gathers this information by accessing your computer illegally.

It is also important to understand, that even if you don�t give any of your information to anyone on the Internet, someone may access your computer system to get the information they need.

2. Vulnerabilities of the Internet

Internet is vulnerable to flaws and weaknesses in the network defence. Vulnerabilities may result from bugs or design flaws in the system. Some vulnerabilities are caused by un-sanitized user input, often allowing the direct execution of commands or SQL statements. Sometimes the programmer fails to check the size of data buffers, which can overflow and cause corruption of the stack or heap areas of memory.

Vulnerability usually allows an attacker to trick the application into bypassing access control checks or executing commands on the system hosting the application.

There are a number of vulnerabilities that your computer and network may be subjected to. Some of the most common ones are input validation errors like format string bugs, improperly handling of shell metacharacters so they are interpreted, SQL injection and in web applications cross-site scripting. Also stack smashing and other buffer overflows as well as symlink races are common vulnerabilities.

Vulnerability scans

Vulnerabilities might exist in all major operating systems like Windows, Mac OS, Linux, OpenVMS, and others. The vulnerability of your network and servers can be tested by vulnerability scans. They test your servers, web pages, firewall and others for possible vulnerability. Vulnerability scans can be downloaded from the Internet.

3. Security problems

The security problem occurs when an unauthorised attacker; a hacker, virus or other type of malware breaks into the system.

Browsers are the most common targets of Internet security breaches. They are often merely an annoyance as the browser might slow down and crash at regular intervals, the data could become inaccessible and at worse cases the confidentiality of user�s personal information could be violated.

If there are bugs or misconfiguration problems in the Web server they might allow unauthorized remote users to gain access to confidential documents containing personal information or to obtain information about the server�s host machine that will allow a break into the system. They can also execute commands on the server host machine, allowing them to modify the system and to launch denial-of-service attacks, rendering the machine temporarily unusable. Denial-of-service attacks, also known as DoS, will target the computer's network bandwidth or connectivity. A distributed denial-of-services attack, DDoS, will use a number of computers the perpetrator has taken over, to attack against one or more targets. Typically a DDoS master program is installed on one computer using a stolen account.

The spying on interception of network data moving between the server and the browser can be made possible if the vulnerability of the network or the server is left open to it.

Hacker

A hacker is a person who creates and modifies computer software and computer hardware. The term hacker has negative connotations as it�s a term used for a person who exploits a system and gains unauthorized access to systems and often performs tasks that are not recommended or often legal. However the term can also relate to a person who simply uses his or hers skills to for example create computer programming, administration and security-related items.

Computer viruses

The most common security issue concerning individual users as well as companies, are viruses. Computer virus is an unsolicited program that insert copies of itself on the computer programs. Computer viruses are one type of malicious software or malware. Other types of malware are so called worms, trojan horses, adware and spyware.

Malware can be a mere nuisance by affecting the useability of your computer by slowing it down, making the computer crash at regular intervals and also affecting the various programs and documents you might want to access. More seriously malware can become a security risk by acquiring personal information about you from your emails and other data stored on your computer.

Adware and spyware are most annoying as they keep the unwanted advertising popping up on your screen. Spyware also collects your personal information and provides commercial interests with your details.

You can protect your computer and yourself by using appropriate software to combat unwanted and possibly destructive malware. (See How to protect your computer against viruses for more information.)

Phishing

Phishing is a term used for an identity theft. Phishing is a criminal activity where a person or a business is approached fraudulently usually by an email claiming to be from a legitimate organization and requesting personal information, like bank account details, passwords and credit card details, from the receiver of the email. The information is used to access Internet bank accounts and other organizations where personal details are needed to access the site.

Anti-phishing software attempts to expose the true identity of the sender of the email or the website. But the personal vigilance is the best protection from phishing: no reputable bank or legitimate organization would ask for your personal details on an email.

Email

It is also good to remember, that email has no guarantee of privacy: it is as private as a postcard. On its way to the recipient your email travels through a lot of servers, where it can be accessed by those who manage the system as well as those who have illegally intruded it. The only way to be relatively sure for the privacy of your email is to use encryption. See more below..

4. How to protect your network and systems?

Your constant vigilance is essential for protecting your system from being exposed to an attack due to vulnerability. Also efficient software can be installed to make using the Internet more secure for you.

Physical means

Below we�ll talk more about the different software and other system related means of keeping your information safe, but it is good to remember that there are other ways to the intruders to access your information too. Keep your computer and especially your laptop always in a safe place. Protect your computer with a password and preferably shut it down when you leave it. Be very suspicious of anyone who wants to have any of your passwords - even the people who work (or claim to work) for the technical support of your company. If they need your password, rather type it on the computer by yourself (so that they don�t see it) than tell it to them. Change the password always if you have accidentally let anyone else to know it -- or even if you just feel that someone else has had access to it. Don�t write your passwords anywhere.

Updates

Keep all your software, including your operating system software up-to-date. If you use automatic update that checks for the updates only on the start-up of your computer, restart your computer daily.

Firewalls

Firewall is either hardware or software that will protect your network or server from an intruder. Firewalls vary depending on the needs of the user. If a firewall is needed for a single node operating with one network, a personal firewall is appropriate. With a traffic entering or leaving a number of networks a network firewall filters is needed to filter all the traffic. Many servers and networks come with a default firewall but it is worth checking that it filters effectively everything you need it to, if not it�s worth acquiring a more powerful firewall.

Packet sniffers

An effective way to monitor traffic passing over a network is using so called packet sniffers. Gathering information by logging the traffic coming in and going out can be useful in detecting network intrusion attempts. They can also be used for analyzing network problems and filtering suspect content from network traffic.

Encryption

Encryption is an encoding of data so that it cannot be read by anyone who does not have the password that decodes it. Encryption garbles the data by using irreversible mathematical functions. Encryption makes the information on your computer non-readable for anybody who has stolen or gained access to it without your permission. PGP is one of the most popular piece encryption software programs.

5. Wireless network security

Wireless networks are popping up everywhere and the exponential growth doesn't seem to show signs of stopping anytime soon. It comes with some security concerns as well. As well as you can access the network from anywhere the wireless connection is available so can anybody else willing to do so as well. Added to the general security measures you follow to protect your wired network, it�s essential that you follow simple rules to give the wireless connection the best possible security.

Encryption

Protect your wireless network by using Wireless Encryption Protocol (WEP). This works by establishing a shared 64-bit or 128-bit key between the clients and the access-point, then using the key to encrypt and de-encrypt the data passing between them. This offers adequate security for a home network. Consult the documentation for your wireless devices to find out how to enable and configure WEP on your network. For business environments, WEP should be looked on as a starting point for security only. They should seriously consider moving their wireless networks to the more secure WPA capable networking.

Identification

Devices and Administrators come with default system IDs. It�s very easy for a hacker to find out what they are, so make the passwords and ID personal to you by changing it. It is good idea to name your devices with a names that don�t reveal to whom they belong or where they are: i.e. instead of using your physical address like the name of the building or the name of the company as the name of your device, use names like �mountain� or �my device�.

Identifier Broadcasting

Your hardware might have a default function of broadcasting the status of your connection. As the wireless network might be especially easy for hackers to break into, disable the identifier broadcasting from functioning.

MAC Filtering

A MAC address (also known as a physical address) is a unique hardware identifier assigned to every network device. MAC address filtering means that you enter manually a list of the addresses found in your local network and configuring your router to allow only these specific addressed to connect via the wireless network. Mac addresses can be easily found by going to the command prompt on each system and typing the following command

�� : ��

1970-01-01T01:00:00Z

For many years, the term �information security� has been used to refer to solutions that protect and defend the network and IT systems. This is far too often misleading, because what is actually meant in such cases is IT security.

Why make a distinction between IT security and the security of information? Just ask anyone whose top-notch IT security program has been tarnished by a data security breach.

Some of the most high-profile victims of data security exploits have maintained IT security programs among the most well reputed anywhere. The lesson hammered home by such incidents is simply this: Securing IT resources and access to the information they handle and communicate does not necessarily guarantee that information will be used in a secure, trustworthy manner.

Regulators have also shown they consider the distinction of information security to be far from trivial. The U.S. Federal Trade Commission (FTC) has imposed penalties as high as $15 million in some cases of data security breach. The enforcement of an information security program has also factored into regulatory settlements, subject in some cases to audit every other year for 20 years.

No matter how well IT may be secured, a number of questions must be answered in order to protect and defend information, such as:

� How is sensitive information recognized?

� Who has access to this information; authorized or not?

� How is sensitive information to be used or, more specifically, not to be used?

� What is the response when information security risks and threats are manifested?

� Can information security be enforced with credible resistance to subversion; and

� Can these issues be monitored, with controls demonstrated effectively?

Simple questions which may be extraordinarily difficult to answer. For one thing, sensitive information may appear in any number of forms that do not lend themselves to ready identification. Some information formats have structure that simplifies their recognition, such as Social Security or credit card numbers.

Databases lend structure to information that can be leveraged to classify its sensitivity. Other formats, however, do not exhibit such structure, which substantially raises the challenge, because this by far represents the lion�s share of sensitive information in most organizations.

What, for example, constitutes intellectual property? How can sensitive information be recognized in any format, without engaging human judgment in each case? Once recognized, how can its security be effectively enforced?

These are questions to which solutions addressing the security of information itself have arisen to answer. New technologies such as information classification and structure management, content monitoring and filtering, information leak prevention, enterprise information rights management, application and database security; and new approaches to encryption are merging with domains such as message, Web and Internet security, content and information lifecycle management, and even networks, systems and applications themselves, as businesses have become increasingly sensitive to their information risks.

As these examples suggest, this not to say that IT security has little or no relevance to information security. Far from it. Without protecting and defending the resources that house, handle and manage information, an information security strategy has no foundation. Nor can it hope to be effective without taking into consideration what is arguably the most significant factor of all: what people do with information and IT resources.

Information security must be built on three key domains:

� A solid foundation of management that assures business priorities as well as IT security.

� People and process involved in securing information access and use, including the resolution of information security issues and events; and

� The security of information itself.

The integration of these domains represents maturity, not only in the enterprise approach to information security, but in the way the enterprise itself is managed. The more mature organization will be able to take advantage of extending solutions in each domain across its comprehensive information security challenges � but only if its approach to each domain exhibits the discipline necessary to make such integration possible.

What is happening today, however, is that the events of recent months have brought the two domains even closer, with technologies emerging in IT � in concert with people, process, and enterprise management as a whole � that offer new solutions for enhancing the security of information itself.

Maram AL notifi

426201052

�� : ��

1970-01-01T01:00:00Z

�� : ��

1970-01-01T01:00:00Z

Access security (physical and electronic) is critical to ensuring our systems and information are kept safe.

Always logout or secure your computer with a password protected screen saver when leaving it unattended (policy)

Always secure laptops with a cable lock when being used on campus (policy)

Preferably lock away laptops and other desirable and portable items at night

It is good practice to logout before leaving for the day

Whenever possible, close windows and lock doors at the end of the day

Lock your door if you leave your office unattended for any significant period; e.g. lunchtime or for a meeting

Lock away sensitive documents or print-outs; especially those containing information that is classified as Confidential or higher.

Keep your Anti-Virus software up-to-date (policy)

There have been many instances of malicious programs spread automatically or getting passed around purposely or innocently. When such a program is discovered, vendors of anti-virus software update their products to recognize the new program. Running the anti-virus product on our computers protects us from this recognized program if we fail in our efforts at refusing unknown programs. But like flu shots, anti-virus software won't protect us from new viruses. Fast moving, email based viruses can circle the globe in hours and infect a lot of computers before antivirus software can be updated.

Common mistakes that affect our Privacy & Security of accounts, computers and information

Trusting unknown programs

Failure to run and update anti-virus software

Microsoft File Sharing configuration errors

Installing and operating servers without first fixing known defects

Failure to periodically patch defective desktop Windows software at the Windows update site

Failure to back up critical files

Failure to set passwords on computers

Poor password choices

Unsafe handling of passwords

Forgetting to log out of shared computers like those found in labs

Trusting unknown computers that may be running malicious software that records keystrokes

Failure to assure sufficient resources to maintain servers

Treating a computer that accesses sensitive information as an entertainment device

Zahra Al-Zaher

427200675

�� : ��

1970-01-01T01:00:00Z

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.[1] The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.

Governments, military, corporates, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures.

The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including, Securing network and allied infrastructure, Securing Applications and database(s), Security testing, Information Systems Auditing, Business Continuity Planning and Digital Forensics Science, to name a few.

This article presents a general overview of information security and its core concepts.

Safa'a Al-Muallem

427201129

�� : ��

1970-01-01T01:00:00Z

�� : ��

1970-01-01T01:00:00Z

my name is fatima alui al-khadab

426200701

�� : ��

1970-01-01T01:00:00Z

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.[1] The terms information security, computer security

Computer security is a branch of technology known as information security as applied to computers. The objective of computer security varies and can include protection of information from theft or corruption, or the preservation of availability, as defined in the security policy.

Computer security imposes requirements on computers that are different from most system requirements because they often take the form of constraints on what computers are not supposed to do. This makes computer security particularly challenging because it is hard enough just to make computer programs do everything they are designed to do correctly. Furthermore, negative requirements are deceptively complicated to satisfy and require exhaustive testing to verify, which is impractical for most computer programs. Computer security provides a technical strategy to convert negative requirements to positive enforceable rules. For this reason, computer security is often more technical and mathematical than some computer science fields.[citation needed]

Typical approaches to improving computer security (in approximate order of strength) can include the following:

� Physically limit access to computers to only those who will not compromise security.

� Hardware mechanisms that impose rules on computer programs, thus avoiding depending on computer programs for computer security.

� Operating system mechanisms that impose rules on programs to avoid trusting computer programs.

� Programming strategies to make computer programs dependable and resist subversion

and information assurance

Information assurance (IA) is the practice of managing information-related risks. More specifically, IA practitioners seek to protect and defend information and information systems by ensuring confidentiality, integrity, authentication, availability, and non-repudiation. These goals are relevant whether the information are in storage, processing, or transit, and whether threatened by malice or accident. In other words, IA is the process of ensuring that authorized users have access to authorized information at the authorized time.

are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.

Governments, military, corporates, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures.

The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including, Securing network and allied infrastructure, Securing Applications and database(s), Security testing, Information Systems Auditing, Business Continuity Planning and Digital Forensics Science.

�� : ��

1970-01-01T01:00:00Z

Information Security is a broader term than IT Security or Internet Security or Enterprise Data Security.

Information Security encompasses data stored in digital fashion (electronic format), trade secrets, know-how, intellectual property rights, historical data, information on data access, policies and procedures laid down, compliance & standards established within the organization, plans and budgets, financial & management data, brochures, images, logo and designs, employee information and so on and so forth.

Information Security includes the organization's policy on IT Security, Internet Security, Enterprise Data Security, etc.,. To put it in other words, it looks at protecting / safeguarding information and information systems from anyone including employees, consultants, suppliers, customers and of course, malicious hackers.

However, people often confuse information security with IT Security. IT Security is a term which is more concerned with the protection of hardware, software and a network of an organization, from the perils of disaster and external attacks (through virus, hacking, etc.,). It is more to do with the electronic data and is covered in the IT Policy of an organization, whereas Information Security Policy goes beyond the network and applies to the organization as a whole.

Internet Security on the other side, is more concerned with the internet architecture and covers the protection required during communication between two computers over the internet / intranet.

There is also another school emerging, claiming that Information security is about securing information in the broadest sense. One of the spokespersons of this approach is Kai Roer. Information security should be governed by the exec management through goals, strategies and finally as policies. The technological side of things are left to specialists - and include physical security, logical security, HR and information management. Corporate governance and internal control are key to succeed.

Privacy has become an important concern for many internet users. Whenever you use web browser, all information about the user are transferred via insecure internet connection. Most of the times, your information will not be encrypted, allowing hackers to interrupt the connection and get your personal information. When your identity is stolen, anything undesirable may happen. The problem here is that you don't know who stole your private information and there is no means to find 1the culprit. Online shopping is now popular enabling the users to buy anything from the comfort of their home. Though the financial transactions are secured, you cannot stop your personal information to be sent to the server.

Threat to privacy

Whenever you open a website in a web browser, your private information including your ip address and geographic location are sent to the web server. All user interactions and user information are logged in the web server. Thousands if not millions of people are monitoring network connections to get unauthorized access to various computers on the network. The server logs are readable making your private information public. Knowing your ip address and other personal information will let them hack your computer without your knowledge. When you enter your credit card number and other personal details in a webpage, you are risking your privacy. Apart from stealing your identity, hackers may misuse your information in several ways.

Need for proxy services

Secure surfing is possible with the use of proxy web services which allow you to surf the internet without revealing your identity. When you use proxies, your geographic location will not be sent to the server preventing hackers from attacking your computer. Good proxy websites help you stay away from spyware and other malicious programs. Apart from ensuring security, proxy websites speed up browsing by caching requested pages. Rather than fetching the pages from the server, proxies fetch the pages from the cache decreasing the fetching time.

Types of proxies

Transparent proxies help you surf the internet faster but none of your information is protected. If you are looking for secure browsing, then these transparent proxies will not serve the purpose. Anonymous proxies allow you to browse the internet without disclosing your ip address and personal information. However, the servers can understand that you are browsing from a proxy website. You can find a list of many anonymous proxies which provide free services. High anonymous proxies provide the exact security you expect. None of your system information will be sent to the web server and nobody can guess that you are surfing with the help of proxy services. Faster and more secure internet access is possible when you use high anonymous proxies.

If you want to hide your ip address and let the servers know that you are using proxies, then free services can be used. But if you are more concerned about your privacy and you want nobody else to guess that you are using proxy services, then you have to go for paid high anonymous services provided by proxy websites.

��

426204741

�� : ��

1970-01-01T01:00:00Z

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.[1] The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.

Governments, military, corporates, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures.

The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including, Securing network and allied infrastructure, Securing Applications and database(s), Security testing, Information Systems Auditing, Business Continuity Planning and Digital Forensics Science, to name a few.

��

427200426

�� : ��

1970-01-01T01:00:00Z

Information security means :

the process of protecting information. It protects its availability, privacy and integrity. Access to stored information on computer databases has increased greatly. More companies store business and individual information on computer than ever before. Much of the information stored is highly confidential and not for public viewing.

Some of the security threats :

1- Hacking .

2- Computer viruses

3- Phishing.

4- E-mail .. etc

Effective information security systems incorporate a range of policies, security products, technologies and procedures. Software applications which provide firewall information security and virus scanners are not enough on their own to protect information. A set of procedures and systems needs to be applied to effectively deter access to information.

Examples :

1 - Updating computer programs

2 - Fire wall

3 - Packet Sniffers

4 - data encryption with some software like : PGP .

There is also different method to protect data in wireless networks like :

WEP key - Identifier Broadcasting - MAC filtering .. etc

Roaa Saleh .

427201507

�� : ��

1970-01-01T01:00:00Z

Information security

Information security (also known as InfoSec) means basically keeping your information under your direct control: that no one can access your information without your permission -- and that you know what risks you take when you allow someone to access the information you own.

It is essential to understand that you do not want everyone to have access to all your information. For most people it is clear that they want to keep their private and sensitive information like passwords and credit card information away from the hands of other people. Many of them don�t understand though, that even some pieces of information, that might seem meaningless to them may be very valuable to some other people, especially when combined together with other pieces of information. For instance a corporation could want your demographic information for marketing purposes -- so badly, that they would be happy to buy it from a person, who gathers this information by accessing your computer illegally.

It is also important to understand, that even if you don�t give any of your information to anyone on the Internet, someone may access your computer system to get the information they need.

Vulnerabilities of the Internet

Internet is vulnerable to flaws and weaknesses in the network defence. Vulnerabilities may result from bugs or design flaws in the system. Some vulnerabilities are caused by un-sanitized user input, often allowing the direct execution of commands or SQL statements. Sometimes the programmer fails to check the size of data buffers, which can overflow and cause corruption of the stack or heap areas of memory.

Vulnerability usually allows an attacker to trick the application into bypassing access control checks or executing commands on the system hosting the application.

There are a number of vulnerabilities that your computer and network may be subjected to. Some of the most common ones are input validation errors like format string bugs, improperly handling of shell metacharacters so they are interpreted, SQL injection and in web applications cross-site scripting. Also stack smashing and other buffer overflows as well as symlink races are common vulnerabilities.

Security problems

The security problem occurs when an unauthorised attacker; a hacker, virus or other type of malware breaks into the system.

Browsers are the most common targets of Internet security breaches. They are often merely an annoyance as the browser might slow down and crash at regular intervals, the data could become inaccessible and at worse cases the confidentiality of user�s personal information could be violated.

If there are bugs or misconfiguration problems in the Web server they might allow unauthorized remote users to gain access to confidential documents containing personal information or to obtain information about the server�s host machine that will allow a break into the system. They can also execute commands on the server host machine, allowing them to modify the system and to launch denial-of-service attacks, rendering the machine temporarily unusable. Denial-of-service attacks, also known as DoS, will target the computer's network bandwidth or connectivity. A distributed denial-of-services attack, DDoS, will use a number of computers the perpetrator has taken over, to attack against one or more targets. Typically a DDoS master program is installed on one computer using a stolen account.

The spying on interception of network data moving between the server and the browser can be made possible if the vulnerability of the network or the server is left open to it.

Hacker

A hacker is a person who creates and modifies computer software and computer hardware. The term hacker has negative connotations as it�s a term used for a person who exploits a system and gains unauthorized access to systems and often performs tasks that are not recommended or often legal. However the term can also relate to a person who simply uses his or hers skills to for example create computer programming, administration and security-related items.

Computer viruses

The most common security issue concerning individual users as well as companies, are viruses. Computer virus is an unsolicited program that insert copies of itself on the computer programs. Computer viruses are one type of malicious software or malware. Other types of malware are so called worms, trojan horses, adware and spyware.

Malware can be a mere nuisance by affecting the useability of your computer by slowing it down, making the computer crash at regular intervals and also affecting the various programs and documents you might want to access. More seriously malware can become a security risk by acquiring personal information about you from your emails and other data stored on your computer.

Adware and spyware are most annoying as they keep the unwanted advertising popping up on your screen. Spyware also collects your personal information and provides commercial interests with your details.

You can protect your computer and yourself by using appropriate software to combat unwanted and possibly destructive malware.

How to protect your network and systems

Your constant vigilance is essential for protecting your system from being exposed to an attack due to vulnerability. Also efficient software can be installed to make using the Internet more secure for you.

Physical means

Below we�ll talk more about the different software and other system related means of keeping your information safe, but it is good to remember that there are other ways to the intruders to access your information too. Keep your computer and especially your laptop always in a safe place. Protect your computer with a password and preferably shut it down when you leave it. Be very suspicious of anyone who wants to have any of your passwords - even the people who work (or claim to work) for the technical support of your company. If they need your password, rather type it on the computer by yourself (so that they don�t see it) than tell it to them. Change the password always if you have accidentally let anyone else to know it -- or even if you just feel that someone else has had access to it. Don�t write your passwords anywhere.

Updates

Keep all your software, including your operating system software up-to-date. If you use automatic update that checks for the updates only on the start-up of your computer, restart your computer daily.

Firewalls

Firewall is either hardware or software that will protect your network or server from an intruder. Firewalls vary depending on the needs of the user. If a firewall is needed for a single node operating with one network, a personal firewall is appropriate. With a traffic entering or leaving a number of networks a network firewall filters is needed to filter all the traffic. Many servers and networks come with a default firewall but it is worth checking that it filters effectively everything you need it to, if not it�s worth acquiring a more powerful firewall.

Wireless network security

Wireless networks are popping up everywhere and the exponential growth doesn't seem to show signs of stopping anytime soon. It comes with some security concerns as well. As well as you can access the network from anywhere the wireless connection is available so can anybody else willing to do so as well. Added to the general security measures you follow to protect your wired network, it�s essential that you follow simple rules to give the wireless connection the best possible security.

��

427200283

�� : ��

1970-01-01T01:00:00Z

The world today is all about information, trust and money. These words also refer to computer, network and Internet security. It directly or indirectly concerns our lives, that is why I am introducing this article as an introduction to security, authentication and cryptography.

Computer security in enterprise and Internet security concern everybody: Something to thing about

Incalculable information value: Data stored in computers usually have an incalculable value, especially in enterprise. Data loss, theft or abuse mean great problems for individuals and enterprises. If this happen in enterprise, the firm is affected with loss of valuable information, time, trust and money. Abused information can bring money to one side and financial and moral harm to the other side. To have information means to have power. Data loss can bring harm to firms, can cause their paralysis. But if such thing happens on airports, hospitals or similar places it can be the matter of life and death!

Data security is not always ensured - Banks, military systems and large firms usually deal with security very closely. On the other hand, there exist a lot of firms and individuals, who begin to take interest in data security after they must face the loss themselves. Printed documents are often being stored in a safe, but the confidential client database, bookkeeping data, valuable information about firm's accounts or other sensitive data in computer stay unsecured.

Internet = a helper and a danger in one - Internet connects computers and bring an easier access to data, but unfortunately also brings danger, and so higher requirements on computer security. Do not pay attention to security and your data can be in danger thanks Internet.

Leave the security rather to experts - If you start to take interest in security, you will find out that it is a vast and complicated field. The experts pursuing security full time always have to learn new methods and experience new dangers. There exist and come out many standards for security defining methods, security protocols and methods of encryption. You yourselves only manage it by half.

Maximal security - Something like this does not exist. There is always at least a little possibility that something can fail somehow. Security has been developed by people, so anytime can appear somebody who finds a way to get around the security. According to the possibility of breaking through the system we can talk about strong or weaker security. :::: It is important to know what time is needed to encrypt the cipher. It usually does not happen in real time; even if a strong key is used, it can take up to several years even on a super powerful computer.

Client and personal data databases (Data abuse) - Nobody will be happy if some sensitive data stray to some other firm. Some personal information security laws solve this problem. There sometime occur cases that the data are abused so that it causes a money loss or disturbs privacy. So if the customer loses trust, it is still not the worse what can happen.

Historically, information security solutions have focused on preventing external threats such as viruses, hackers and worms through perimeter solutions that include firewalls and antivirus software. While still aware of outside threats, companies are now coming to understand they can no longer ignore inside violations concerning data at rest. So information security and privacy is of atmost importance whether it is internal or external.

Today's employees are able to easily export sensitive files and information via email or by copying to file shares and portable media without concerning about data security and data privacy. Many companies simply do not have the resources or appropriate policies in place to identify NPI and PII and avoid inadvertent, accidental mis-steps or malicious actions from within. As companies continue to accumulate NPI and PII, they are under enormous pressure to mitigate risk and to provide data security to sensitive information before an undesirable loss occurs. Whether you call it data security, Content Loss Prevention or simply Information Security solutions & Privacy, the time has come to take steps to protect your company's data privacy.

��

427200430

�� : ��

1970-01-01T01:00:00Z

Information security defines information as an asset, which adds value to an organization and consequently needs to be suitably protected. It can be printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films, or spoken in conversation.

Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities.

Information security is achieved by implementing a suitable set of controls, which could be policies, practices, procedures, organizational structures and software functions. These controls need to be established to ensure that the specific security objectives of the organization are met

Information security is characterized in the standard as the preservation of:

confidentiality

integrity

availability.

��

427201119

�� : ��

1970-01-01T01:00:00Z

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.

Governments, military, corporates, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures.

The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including, Securing network and allied infrastructure, Securing Applications and database(s), Security testing, Information Systems Auditing, Business Continuity Planning and Digital Forensics Science, to name a few.

��

427200838

�� : ��

1970-01-01T01:00:00Z

Information security is the process of protecting information. It protects its availability, privacy and integrity. Access to stored information on computer databases has increased greatly. More companies store business and individual information on computer than ever before. Much of the information stored is highly confidential and not for public viewing.

Many businesses are solely based on information stored in computers. Personal staff details, client lists, salaries, bank account details, marketing and sales information may all be stored on a database. Without this information, it would often be very hard for a business to operate. Information security systems need to be implemented to protect this information.

Effective information security systems incorporate a range of policies, security products, technologies and procedures. Software applications which provide firewall information security and virus scanners are not enough on their own to protect information. A set of procedures and systems needs to be applied to effectively deter access to information.

There are people who make a living from hacking or breaking through information security systems. They use their technological skills to break into computer systems and access private information. Firewalls, which are designed to prevent access to a computer's network, can be bypassed by a hacker with the right hardware. This could result in the loss of vital information, or a virus could be planted and erase all information. A computer hacker can gain access to a network if a firewall is shut down for only a minute.

One of the biggest potential threats to information security is the people who operate the computers. A workplace may have excellent information security systems in place, but security can be easily compromised. If a help desk worker gives out or resets passwords without verifying who the information is for, then anyone can easily gain access to the system. Computer operators should be made fully aware of the importance of security.

Simple security measures can be used by everyone to keep data secure. Changing passwords on your computer, and using combinations of letters and numbers, makes it harder for hackers to gain access. Also, do not keep a note of your password where it can be easily accessed. This is the same idea as not keeping you bank card and PIN number together. You would not want anyone to have access to the information or funds in your bank account, and it is the same with your computer.

There has never been such a thing as a totally secure system. Hackers will always find more sophisticated ways to gain access. However, with technology implementing higher levels of information security, such as iris recognition systems, security systems should keep them out for a little longer.

*****

Information security (also known as InfoSec) means basically keeping your information under your direct control: that no one can access your information without your permission -- and that you know what risks you take when you allow someone to access the information you own.

It is essential to understand that you do not want everyone to have access to all your information. For most people it is clear that they want to keep their private and sensitive information like passwords and credit card information away from the hands of other people. Many of them don�t understand though, that even some pieces of information, that might seem meaningless to them may be very valuable to some other people, especially when combined together with other pieces of information. For instance a corporation could want your demographic information for marketing purposes -- so badly, that they would be happy to buy it from a person, who gathers this information by accessing your computer illegally.

It is also important to understand, that even if you don�t give any of your information to anyone on the Internet, someone may access your computer system to get the information they need

****

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.[1] The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.

Governments, military, corporates, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures.

The field of information security has grown and evolved significantly in recent years. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including, Securing network and allied infrastructure, Securing Applications and database(s), Security testing, Information Systems Auditing, Business Continuity Planning and Digital Forensics Science, to name a few.

This article presents a general overview of information security and its core concepts.

****

��

425201003

�� : �� /��

1970-01-01T01:00:00Z

��

��

��

�� : Sheet #2

1970-01-01T01:00:00Z

��

��

��

��

� ��

��

�� տ ��

��

�� : Sheet #2

1970-01-01T01:00:00Z

��

�/��

�� : Sheet #2

1970-01-01T01:00:00Z

��

��

�� 2009

��

�� : Sheet #2

1970-01-01T01:00:00Z

�� .. �� .. � �� ...

�� ...�� ..

�� .. ��

� ��

�� : Sheet #2

1970-01-01T01:00:00Z

��

��

��

�� cd

��

�� ȿ

��

�� : Sheet #2

1970-01-01T01:00:00Z

��

�� : ��

1970-01-01T01:00:00Z

��

�� word sheet 2# ��

�� : ��

1970-01-01T01:00:00Z

�� \"�� \"

�� 10

��ޡ�

�� : ��

1970-01-01T01:00:00Z

��

��

��

����� ���� : 225 ���

������ ���: ������ 225 ���

������ ���: ������ 225 ���

������ ���: ����� �������

������ ���: ����� �������

������ ���: ����� �������

������ ���: ����� �������

������ ���: ����� mid#1

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ��� ���������

������ ���: ���� ��� ��� �/�������� � ������ ���� ������

������ ���: Sheet #2

������ ���: Sheet #2

������ ���: Sheet #2

������ ���: Sheet #2

������ ���: Sheet #2

������ ���: Sheet #2

������ ���: �������

������ ���: ����� ��������

������ ���: ����� ��������

�� : 225 ��

�� : �� 225 ��

�� : �� 225 ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : �� mid#1

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : ��

�� : �� /��

�� : Sheet #2

�� : Sheet #2

�� : Sheet #2

�� : Sheet #2

�� : Sheet #2

�� : Sheet #2

�� : ��

�� : ��

�� : ��