The objectives of Information Security System:
- Confidentially: Assuring whether the information sent can not be opened or not can be known by others who are not eligible.
- Integrity: Ensures that data consistency is still intact in the original or not, so that the efforts of people who are not responsible for the do penduplikatan and data destruction can be avoided.
- Availability: Ensuring that authorized users can access information and the source of his own. – Legitimate Use: Ensuring the certainty that the source is not used by people people who are not responsible.
Information Systems Security:
An application of technology to achieve these
purpose of the information system security by using key areas namely:
- Communication System Security (Communications Security) is a protection of information when it is sent from a system to system other.
- Computer Security (Computer Security) is the protection against system computer information itself.
- Physical security such as security by the security guards, door locked, other physical control systems, and so on.
- Personal Security includes the personality of the people who operate or have direct contact with the system.
Security – for example, held administrative control over the device software used, check back all the events which has been examined previously and so on.
- Security of media used include controlling the media existing storage and ensure that the storage media containing sensitive information is not easily go away.
Basic Concepts of e-Commerce:
- Security Policy (security policy is used) is a set of rules that apply to all security activities in security domain. Security domain is a set of communication systems and computer owned by the organization concerned.
- Authorization (Authorization) for the provision of power by law to conduct their activities
- Accountability (ability to be accessible) provide access to the personal security.
- A Threat (Threat unwanted) is a likelihood the possibility of a person, thing or circumstance that may endanger valuable assets, especially related matters with the confidentiality, integrity, availability and legitimate use.
- An Attack (Attack which is a realization of the threat), the system There are two kinds of computer network attack, namely passive attacks (eg monitoring of all activities of sending confidential information
- performed by people who are not eligible) and active attacks (eg destruction of information that was done deliberately and directly hit on target).
- Safeguards (Security) include physical controls, mechanisms, policies and procedures that protect valuable information from threats may arise at any time.
- Vulnerabilities (kemaan holes that can be penetrated)
- Risk (risk of loss) is the estimated value of losses caused by possibility of a successful attack.
- Risk Analysis (Loss Analysis) is a process that produces a decision whether the expenditure was made to the safeguards can completely guarantee the desired security level.
- System Penetration: people who are not entitled, gaining access to computer system and is allowed to do everything.
- Authorization Violation: The threat of a breach or penayalahgunaan legal authority owned by seseoarang eligible.
- Planting: Threats are planned such as Trojan horses that enter the secretly to be an attack at a pre- be determined.
- Communications Monitoring: an attacker can monitor all information confidential.
- Communications Tampering: an attacker to change the transaction information in the middle road on a communication network and can replace the server system with a fake.
- Denial of Service (DoS): Denial of service to the client is entitled.
- Repudiation: The rejection of a transaction or an activity communication that occurs because of something that is senagja, accidents or other technical errors.
Conducted safeguards are:
- Prevent the emergence of threats (threats) before it is actually realized
- Minimize the possibility of the threat.
- Reduce the consequences arising due to threats that have been realized.
Security guards safe service:
- Authentication Service: Provide certainty the identity of the user.
- Entity authentication: for example a password.
- Data origin authentication: prove the legitimacy of the identity in pesna written form.
- Access Control Services: Protecting all the facilities and resources there is access from unauthorized access.
- Confidentiality Service: Provides protection against information try revealed by others who are not eligible.
- Data Integrity srevice: Protection against threats that can change data item if it occurs in the security policy environment.
- Non-repudiation Service: Protects users against threats that originate from other eligible users. The threat may be a rejection error when the transaction or communication is happening.