Department of Computer Science & Applications, Panjab University, Chandigarh - 160 014
The immense popularity of the Internet as a business medium, and organizations opening their internal networks to customers and partners, has changed the nature of computing environment significantly. While providing convenience, the systems are more vulnerable to security threats and managing information security is getting nightmarish by the day. This paper attempts to identify the myths about information security and shows a more appropriate management strategy for organizations to follow for enhancing security. A comprehensive analysis should be conducted to identify resources that need to be protected. The resources should be classified according to the sensitivity level of information. A cost-benefit analysis should be performed to determine the level of security precautions that should be taken. Since it is impossible to have perfect security, consideration should be given to contingency planning and recovery. If the security is compromised, the organization should be able to recover quickly to keep the business running and minimize damages. Information security in the light of IT Act 2000 of GOI has also been discussed.
Key words: Computer Security, Network Security, Information Security, Data Backup, Data Recovery, Access Control, Audit Trail, Contingency Planning.