Information security involves maintaining the confidentiality, integrity, and availability of information assets, protecting against threats like data theft, system sabotage, and phishing. Major threats include hacking, social engineering attacks, and malware that can lead to identity theft and unauthorized access to sensitive data. Best practices for protection include enhancing online reputation and retaining services for brand management.

2. Information security means that the confidentiality,
integrity and availability of information assets is
maintained.
 Confidentiality: This means that information is only
used by people who are authorized to access it.
 Integrity: It ensures that information remains intact
and unaltered. Any changes to the information through
malicious action, natural disaster, or even a simple
innocent mistake are tracked.
 Availability: This means that the information is
accessible when authorized users need it.

3. Most common types of information security threats are:
 Theft of confidential information by hacking
 System sabotage by hackers
 Phishing and other social engineering attacks
 Virus, spyware and malware
 Social Media-the fraud threat

4. One of the major threat to information security is the theft of
confidential data by hacking. This includes theft of employee
information or theft of trade secrets and other intellectual
property (IP).
Theft of Employee Information
 Employee information includes credit card information, corporate credit card information,
social security number , address, etc. It also includes theft of healthcare records as they
contain personal information such date of birth, address, and name of relatives.
Theft of Trade Secrets and other Intellectual Property (IP)
 Technology from various verticals including IT, aerospace, and telecommunications are
constantly stolen by outsiders or insiders (industrial espionage). China is a growing offender
as it continues to advance in technology relying on theft of international trade secrets and IP.
 Piracy/copyright infringement.
 Corporate business strategies including marketing strategies, product introduction
strategies.

5. What is system sabotage?
Planting malware on networks of target organization and generating
an enormous amount of transaction activity resulting in malfunction or
crash of the system.
Who would perpetrate it?
 System sabotage is usually committed by disgruntled ex-employees
and by remote cyber-attackers for no particular reason.
 The most sensational case of system sabotage: One of the recent
examples is the sabotage of Sony PlayStation.

6.  To obtain confidential data about individuals-customers, clients,
employees or vendors that can be used to commit various types
of identity fraud such as:
◦ Opening bank accounts in victim’s name
◦ Applying for loans in victim’s name
◦ Applying for credit cards in victim’s name
◦ Obtaining medical services in victims name (e-death)
 Other kind of more sophisticated social engineering attacks
include spear-phishing.
 Spear-phishing targets specific individuals such as AP manger,
controller, senior accountant to gain access to corporate bank
accounts and transfer funds abroad.

7. Other threats include:
 Smishing: Phishing via SMS (texting)
 Vishing: Phishing via voice (phone)
 Mobile hacking: Intercepting messages between cell
phone/smart phones and stealing data
Virus and Spyware
 Virus: A computer virus is a malicious software or code that
can replicate itself and spread to other computers and can
damage a computer by deleting files, reformatting the hard
disk etc.
 Spyware: It is software that secretly tracks information such
websites visited, browser and system information, and
computer IP address and transmits the data gathered to the
another system.

8. Impersonation is one of the social engineering tools used
by fraudsters to commit identity theft. Following are best
practices to protect organizations from social engineering
attacks:
 Broaden company’s online reputation. Blogging is the best.
 As part of online reputation management, optimize your company’s
listings in search engines like Google (search engine optimization).
 If a company identifies themselves using your organization’s photo
or bio in social media, be very persistent in contacting their site
administrators. They too have reputations to manage and they will
often delete stolen profiles as this constitutes to fraud.
 Enlist services such as Mark Monitor or other brand protection and
trademark management firms.

9. Want to learn more about information security, its
requirements and best practices to comply with them?
ComplianceOnline webinars and seminars are a great
training resource. Check out the following links:
 Information Security and Cybercrime
Prevention Essentials
 How to Manage Ongoing Information Security
Requirements?
 How to Evaluate Effectiveness of Your
Information Security Program?
 Auditing Your Information Security Program.
 Third Party Information Security Assessment.