Information systems security is the process of protecting information, data, and information systems against unauthorized access or manipulation so that private information, such as financial records, remain safe.
Discover the difference between information systems security and cyber security, seven famous cybercrimes, and how to protect your data.
What Is Information Systems Security?
Information Systems Security, also referred to as InfoSec, includes all of the processes and methodologies of keeping information secure and available. This does not have to be computer information, but can include data of any kind.
In addition, InfoSec consists of:
- Preventing unauthorized personnel from accessing a system
- Protecting information in transit, in storage, or anywhere else
- Detecting and remediating security breaches
While InfoSec is focused on prevention, detecting and remediating security breaches are just as important. Quick detection can mean saving a greater percentage of private information.
What Are Information Systems?
Information systems are all of the components and pieces of equipment for the dissemination of information. Usually, information systems consist of:
- Computer connections
Combined and executed properly, information systems are platforms, or a combination of platforms, that manage a set of information or technology product.
What Is Information Technology?
Information technology also consists of several types of hardware, software, and anything else that is used to transmit data. IT professionals use these tools of a larger system to build smaller systems that solve specific business problems.
As a result, those who pursue a master’s in information technology analyze topics such as how to apply technology in the analysis of data and how to assess social, ethical, and legal issues in the field.
Three Domains of Information Security
Every organization faces cyber threats on a daily basis, especially those that store private information, such as financial records, credit card numbers, or social security numbers. Information security systems professionals have a responsibility to protect this information, but so does every employee.
Therefore, the three domains of information security are:
- Cyber (computer, network, and information security)
- Physical (wires, silicon, glass, and structures)
- People (employees, consultants, suppliers, and partners)
Part of protecting each of these is creating enough awareness inside the organization of things you should be on the lookout for, including phishing emails, as all it takes is one employee to open a virus and it can quickly infect the entire network or allow hackers access to the private network.
As shown in some of the famous hacks listed below, often this type of attack can go undetected for long periods of time. In fact, in some cases it goes unnoticed until credit card companies discover fraudulent claims that all have used a specific business.
Why Do People Commit Cyber Crimes?
According to Cisco Systems, many attackers are looking for money. In fact, 53% of cyberattacks resulted in damages of $500,000 or more.
What Is Phishing?
Phishing is a cybercrime in which someone posing as a legitimate company, friend, or family member sends an email attempting to lure an unsuspecting person into providing sensitive data, such as financial information, social security numbers, or passwords.
This information is then used to gain access to a company’s network to upload viruses and download the personal information of customers and employees. Or, if the attack is to a personal email, it is used to steal financial information that results in stolen credit cards.
When attacking a company, usually the email will go out to many employees and it only takes one person to fall for the trick for the hacker to gain access. On the other hand, when sent to personal emails, the hacker will usually send it to thousands of people hoping that only 1% provide their information.
Information System vs. Information Technology
Information technology is a subset of information systems and is the study, design, implementation, support, or management of computer-based information systems.
On the other hand, information systems refer to the bridge between technology and the user and includes all of the systems and processes that businesses use to create and store information.
Unfortunately, many people use these terms interchangeably, which leads to even more confusion.
Cyber Security vs. Information Security
Both cyber security and information security are designed to protect data. The main difference between cyber security and information security is that cyber security is focused on protecting data in electronic form, whereas information security is concerned with protecting data in any form, including electronic.
As with information technology and information systems, these terms are often used interchangeably. However, it is more accurate because in recent years there has actually been a fusion of the two.
Changing Role of Cyber Security
While cyber security is only concerned with the electronic form of data, that usually includes servers, processors, computers, and cloud storage, which need to be protected and secured in order to protect the data.
While this used to only be the realm of information security, cyber security has had to take on more of these responsibilities as the needs of companies have changed over recent years. Many graduate schools offer master’s in cyber security that focus on new methods hackers use and how to protect personal data.
7 Recent Cyber Attacks
The cyber-attacks listed below are recent and have impacted many people’s lives. In many cases, they have also provided lessons on how we try to protect their data. Unfortunately, hackers will always be searching for new ways to steal personal information and try to make money from these thefts.
2013: 41 Million Credit Card Numbers Stolen from Target
- Hackers also stole contact information for more than 60 million customers
- Hackers infiltrated the system by a third-party vendor opening an email that contained a virus that allowed access to Target servers
- Target paid $18.5 million in a multi-state settlement, the largest ever for a data breach at the time
2013 to 2016: 3 Billion Users’ Data Stolen from Yahoo!
- By far the largest data breach, the Yahoo! attack was larger than the next eight biggest combined
- Hackers obtained usernames, email addresses, encrypted passwords, birthdates, phone numbers, and security questions
- Yahoo! was fined $35 million for failing to disclose the data breach
2014: 56 Million Credit Card Numbers Stolen from Home Depot
- Hackers also stole email addresses of 53 million customers
- Self-check-out terminals were hacked
- In total, the company paid at least $134.5 million in settlements
2014: Personal Data from 83 Million People Stolen from JP Morgan Chase
- Hackers ran elaborate $100 million pump and dump stock scheme and other fraud operations
- They would buy penny stocks then email stolen addresses to get others to buy it
- Then the hackers sold their shares before the crash
- These hackers stole personal data from JP Morgan Chase and other banks to email these penny stock “opportunities”
2015: 79 Million Customers Data Stolen from Anthem
- Hackers stole names, birthdays, medical IDs, social security numbers, street and email addresses, and employment data, such as income
- Anthem settled for $115 million, which was the largest ever for a data breach
- Settlement was used to pay for two years of credit monitoring for all affected
2015: 700,000 Social Security Numbers Stolen from the IRS
- Hackers used “Get Transcript” program, which allows you to check tax history online
- The criminals used data stolen from other sources, such as social security numbers, birth dates, to gain access to past returns
2016: Records of 21.5 Million People Stolen from Office of Personnel Management (OPM)
- Hackers stole social security numbers and other sensitive data of current, former, and prospective Federal employees and contractors
- Some records also included findings from interviews conducted by background investigators and approximately 5.6 million fingerprints
Earn a Computer Science or Information Systems Graduate Degree
More interested in machine learning? Discover 10 master’s in machine learning programs.
- Take advantage of some of the nation’s most affordable tuition rates, while earning a degree from a private, nonprofit, NEASC accredited university
- Qualified students with 2.5 GPA and up may receive up to $20K in grants & scholarships
- Multiple term start dates throughout the year. 24/7 online classroom access.
Popular Online Programs
Business Administration, Psychology, Information Technology, Human Services…