INFORMATION SECURITY: Information Security (IS) is designed to protect the confidentiality, integrity, and availability of computer system data from those with malicious intentions. Confidentiality, integrity, and availability are sometimes called the CIA cybersecurity triad. This triad has evolved into what is commonly referred to as the Parkerian hexade, which includes confidentiality, possession (or control), integrity, authenticity, availability, and usefulness. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an Original Essay NEED: The purpose of information security management is to ensure business continuity and reduce business damage by preventing and minimizing the impact of security incidents. The Audit Commission Update Report (1998) shows that fraud or computer abuse cases often occur due to the absence of basic controls, with half of all detected frauds discovered by chance. An information security management system (ISMS) enables information sharing while ensuring the protection of information and computing resources. The Audit Commission's update report shows that in the UK the proportion of organizations reporting incidents of computer fraud and abuse in 1997 rose to 45% from 36% in 1994. Although theft of equipment is a real problem, the he most damaging aspect is the loss of data and software. Sources of damage such as computer viruses, hacking attacks and denial of service attacks have become more common, more ambitious and increasingly sophisticated. The Internet puts organizations at greater risk of improper access to networks, data corruption and the introduction of viruses. The percentage of organizations reporting hacking incidents has tripled, and the new target is phone systems. Not all violations are the result of a crime; unintentional misuse and human error also play their part. Virus infections still represent the most widespread form of abuse. More common, and just as destructive as crime, are threats such as fires, system crashes, and power outages. Poor staff supervision and lack of adequate authorization procedures are often cited as the main causes of safety incidents. Companies vary in their approach to preventing security breaches: some ban everything, making mundane login tasks difficult; others are too permissive and allow access to everyone, exposing themselves to a high degree of risk. Business efficiency is about getting the balance right, and that's where standards can help. Dependence on information systems and services means that organizations are more vulnerable to security threats. The interconnection of public and private networks and the sharing of information resources increase the difficulty of achieving access control. The trend towards distributed computing has weakened the effectiveness of central and specialist control. OBJECTIVES OF INFORMATION SECURITY: CONFIDENTIALITY: The confidentiality aspect refers to limiting disclosure and access to information only to authorized persons and preventing those who are not authorized from accessing it. Through this method, a company or organization is able to prevent highly sensitive and vital information from falling into the hands of the wrong people, while still making it accessible to the right people. Encryption: First, data encryption involves converting data into a form that only authorized people can understand. In this case,.