Пређи на садржај

Bezbednost informacija — разлика између измена

С Википедије, слободне енциклопедије
Интерактиван преглед историје
← Старија изменаНовија измена →
Садржај обрисан Садржај додат
ВизуелноВикитекст
Спашавам 1 извора и означавам 0 мртвим.) #IABot (v2.0.8
.
Ред 1: Ред 1:
{{Short description|Zaštita informacija smanjenjem rizika}}
{{Kompjuterska bezbednost-lat}}
{{Kompjuterska bezbednost-lat}}


'''Bezbednost informacija''', ponekad skraćena na -{''infosec''}-, jeste praksa zaštite [[informacija]] ublažavanjem informacionih rizika. To je deo informacionog [[Risk management information systems|upravljanja rizikom]]. Time je obično obuhvaćeno sprečavanje ili barem smanjenje verovatnoće neovlašćenog/neprikladnog pristupa, upotrebe, otkrivanja, ometanja, brisanja/uništavanja, korupcije, modifikacije, inspekcije, evidentiranja ili devalvacije, mada to može uključivati i smanjenje štetnih uticaja incidenata. Informacije mogu poprimiti bilo koji oblik, npr. elektronski ili fizički,<ref name=":0">{{usc|44|3542}}(b)(1)</ref> opipljivi (npr. papirni dokumenti) ili nematerijalni (npr. znanje). Osnovni fokus informacione bezbednosti je na balansiranoj zaštiti poverljivosti, integriteta i dostupnosti podataka (što je poznato i kao CIA trijada), uz istovremeno održvanje fokusa na efikasnoj implementaciji smernica, bez ometanja produktivnosti organizacije.<ref name="AndressTheBasics14">{{cite book |url=https://books.google.com/books?id=9NI0AwAAQBAJ&pg=PA6 |title=The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice |author=Andress, J. |publisher=Syngress |pages=240 |year=2014 |isbn=9780128008126}}</ref> To se uglavnom postiže strukturiranim procesom upravljanja rizikom koji obuhvata:
'''Bezbednost informacija''', ponekad skraćena na -{''infosec''}-,<ref>{{Cite journal |last1=Curry |first1=Michael |last2=Marshall |first2=Byron |last3=Crossler |first3=Robert E. |last4=Correia |first4=John |date=2018-04-25 |title=InfoSec Process Action Model (IPAM): Systematically Addressing Individual Security Behavior |url=https://dl.acm.org/doi/10.1145/3210530.3210535 |journal=ACM SIGMIS Database: The DATABASE for Advances in Information Systems |language=en |volume=49 |issue=SI |pages=49–66 |doi=10.1145/3210530.3210535 |s2cid=14003960 |issn=0095-0033}}</ref> jeste praksa zaštite [[informacija]] ublažavanjem informacionih rizika.<ref>{{Cite journal|last1=Joshi|first1=Chanchala|last2=Singh|first2=Umesh Kumar|date=August 2017|title=Information security risks management framework – A step towards mitigating security risks in university network|url=http://dx.doi.org/10.1016/j.jisa.2017.06.006|journal=Journal of Information Security and Applications|volume=35|pages=128–137|doi=10.1016/j.jisa.2017.06.006|issn=2214-2126}}</ref><ref>{{cite web |last1=Fletcher |first1=Martin |title=An introduction to information risk |url=https://blog.nationalarchives.gov.uk/introduction-information-risk/ |website=[[The National Archives (United Kingdom)|The National Archives]] |access-date=23 February 2022 |date=14 December 2016}}</ref> To je deo informacionog [[Risk management information systems|upravljanja rizikom]]. Time je obično obuhvaćeno sprečavanje ili barem smanjenje verovatnoće neovlašćenog/neprikladnog pristupa, upotrebe, otkrivanja, ometanja, brisanja/uništavanja, korupcije, modifikacije, inspekcije, evidentiranja ili devalvacije, mada to može uključivati i smanjenje štetnih uticaja incidenata.<ref>{{cite web|title=SANS Institute: Information Security Resources|url=https://www.sans.org/information-security|access-date=2020-10-31|website=www.sans.org|language=en}}{{Circular|date=October 2022}}</ref><ref>{{Cite journal|last1=Daniel|first1=Kent D.|last2=Titman|first2=Sheridan|date=2001|title=Market Reactions to Tangible and Intangible Information|url=http://dx.doi.org/10.2139/ssrn.274204|journal=SSRN Electronic Journal|doi=10.2139/ssrn.274204|s2cid=154366253|issn=1556-5068}}</ref><ref>{{Cite book|first=Kerstin|last=Fink|url=http://worldcat.org/oclc/851734708|title=Knowledge Potential Measurement and Uncertainty|date=2004 |publisher=Deutscher Universitätsverlag|isbn=978-3-322-81240-7|oclc=851734708}}</ref>

Informacije mogu poprimiti bilo koji oblik, npr. elektronski ili fizički,<ref name=":0">{{usc|44|3542}}(b)(1)</ref> opipljivi (npr. papirni dokumenti) ili nematerijalni (npr. znanje). Osnovni fokus informacione bezbednosti je na balansiranoj zaštiti poverljivosti, integriteta i dostupnosti podataka (što je poznato i kao CIA trijada), uz istovremeno održvanje fokusa na efikasnoj implementaciji smernica, bez ometanja produktivnosti organizacije.<ref name="AndressTheBasics14">{{cite book |url=https://books.google.com/books?id=9NI0AwAAQBAJ&pg=PA6 |title=The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice |author=Andress, J. |publisher=Syngress |pages=240 |year=2014 |isbn=9780128008126}}</ref><ref>{{Citation|last=Keyser|first=Tobias|title=Security policy|date=2018-04-19|url=http://dx.doi.org/10.1201/9781315385488-13|work=The Information Governance Toolkit|pages=57–62|publisher=CRC Press|doi=10.1201/9781315385488-13|isbn=978-1-315-38548-8|access-date=2021-05-28}}</ref> To se uglavnom postiže strukturiranim procesom upravljanja rizikom koji obuhvata:
* Identifikacija informacija i srodnih sredstava, plus potencijalne pretnje, ranjivosti i uticaji;
* Identifikacija informacija i srodnih sredstava, plus potencijalne pretnje, ranjivosti i uticaji;
* Procena rizika;
* Procena rizika;
* Donošenje odluka o načinu tretiranja rizika, tj. njihovog izbegavanja, ublažavanja, raspodele ili prihvatanja;
* Donošenje odluka o načinu tretiranja rizika, tj. njihovog izbegavanja, ublažavanja, raspodele ili prihvatanja;
* Ako je neophodno ublažavanje rizika, vrši se izbor ili dizajn odgovarajućih bezbednosnih kontrola i njihovo sprovođenje;
* Ako je neophodno ublažavanje rizika, vrši se izbor ili dizajn odgovarajućih bezbednosnih kontrola i njihovo sprovođenje;
* Nadgledanje aktivnosti, i prema potrebi prilagođavanje radi rešavanja problematičnih situacija, prilagođavanja promenama i sprovođenja mogućih poboljšanja.
* Nadgledanje aktivnosti, i prema potrebi prilagođavanje radi rešavanja problematičnih situacija, prilagođavanja promenama i sprovođenja mogućih poboljšanja.<ref>{{Cite web|last=Danzig|first=Richard|date=1995-06-01|title=The Big Three: Our Greatest Security Risks and How to Address Them|url=https://apps.dtic.mil/sti/citations/ADA421883|archive-url=https://web.archive.org/web/20220119012000/https://apps.dtic.mil/sti/citations/ADA421883|url-status=live|archive-date=January 19, 2022|location=Fort Belvoir, VA|access-date=18 January 2022}}</ref>

Da bi standardizovali ovu disciplinu, akademici i profesionalci sarađuju na izradi smernica, preporuka i industrijskih standarda vezanih za [[lozinka|lozinke]], [[antivirus software|antivirusni softver]], [[Заштитни зид|zaštitne zidove]], [[Encryption software|softver za šifrovanje]], pravnu odgovornost, sigurnosnu svest i obuku itd.<ref>{{Cite journal|last1=Lyu|first1=M.R.|last2=Lau|first2=L.K.Y.|title=Firewall security: policies, testing and performance evaluation|url=http://dx.doi.org/10.1109/cmpsac.2000.884700|journal=Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000|year=2000|pages=116–121|publisher=IEEE Comput. Soc|doi=10.1109/cmpsac.2000.884700|isbn=0-7695-0792-1|s2cid=11202223}}</ref><ref>{{Cite news|url=http://www.wisegeek.org/what-is-information-security.htm|title=What is Information Security? (with pictures)|work=wiseGEEK|access-date=6. 10. 2017}}</ref> Ovoj [[standardization|standardizaciji]] mogu da doprinesu razni zakoni i propisi koji utiču na pristup podacima, obradi, skladištenju, prenosu i uništavanju podataka.<ref>{{Citation|title=How the Lack of Data Standardization Impedes Data-Driven Healthcare|date=2015-10-17|url=http://dx.doi.org/10.1002/9781119205012.ch3|work=Data-Driven Healthcare|pages=29|place=Hoboken, NJ, USA|publisher=John Wiley & Sons, Inc.|doi=10.1002/9781119205012.ch3|isbn=978-1-119-20501-2|access-date=2021-05-28}}</ref> Međutim, primena kakvih standarda i smernica unutar datog entiteta može imati ograničen efekat ako se ne usvoji kultura procesa [[continual improvement process|kontinuiranog unapređivanja]].<ref name="Schlienger, Thomas 2003">{{cite journal|last1=Schlienger|first1=Thomas|last2=Teufel|first2=Stephanie|date=decembar 2003|title=Information security culture - from analysis to change|journal=South African Computer Society (SAICSIT)|volume=2003|issue=31|pages=46–52|hdl=10520/EJC27949}}</ref><ref>{{Citation|last1=Lent|first1=Tom|title=Rethinking Green Building Standards for Comprehensive Continuous Improvement|url=http://dx.doi.org/10.1520/stp47516s|work=Common Ground, Consensus Building and Continual Improvement: International Standards and Sustainable Building|pages=1–1–10|location=West Conshohocken, PA|publisher=ASTM International|isbn=978-0-8031-4507-8|access-date=2021-05-28|last2=Walsh|first2=Bill|year=2009|doi=10.1520/stp47516s}}</ref>

== Definicija ==
{{rut}}
[[File:CIAJMK1209-en.svg|alt=vectorial version|thumb|left|250px|'''Information Security Attributes''': or qualities, i.e., [[Confidentiality]], [[Data integrity|Integrity]] and [[Availability]] (CIA). [[Information Systems]] are composed in three main portions, hardware, software and communications with the purpose to help identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers: [[Physical information security|physical]], personal and organizational. Essentially, procedures or policies are implemented to tell administrators, users and operators how to use products to ensure information security within the organizations.<ref name="Cherdantseva Y 2013">Cherdantseva Y. and Hilton J.: "Information Security and Information Assurance. The Discussion about the Meaning, Scope and Goals". In: ''Organizational, Legal, and Technological Dimensions of Information System Administrator''. Almeida F., Portela, I. (eds.). IGI Global Publishing. (2013)</ref>]]
Various definitions of information security are suggested below, summarized from different sources:


# "Preservation of confidentiality, integrity and availability of information. Note: In addition, other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved." (ISO/IEC 27000:2009)<ref>ISO/IEC 27000:2009 (E). (2009). Information technology – Security techniques – Information security management systems – Overview and vocabulary. ISO/IEC.</ref>
Da bi standardizovali ovu disciplinu, akademici i profesionalci sarađuju na izradi smernica, preporuka i industrijskih standarda vezanih za [[lozinka|lozinke]], [[antivirus software|antivirusni softver]], [[Заштитни зид|zaštitne zidove]], [[Encryption software|softver za šifrovanje]], pravnu odgovornost, sigurnosnu svest i obuku itd.<ref>{{Cite news|url=http://www.wisegeek.org/what-is-information-security.htm|title=What is Information Security? (with pictures)|work=wiseGEEK|access-date=6. 10. 2017}}</ref> Ovoj standardizaciji mogu da doprinesu razni zakoni i propisi koji utiču na pristup podacima, obradi, skladištenju, prenosu i uništavanju podataka. Međutim, primena kakvih standarda i smernica unutar datog entiteta može imati ograničen efekat ako se ne usvoji kultura procesa [[continual improvement process|kontinuiranog unapređivanja]].<ref name="Schlienger, Thomas 2003">{{cite journal|last1=Schlienger|first1=Thomas|last2=Teufel|first2=Stephanie|date=decembar 2003|title=Information security culture - from analysis to change|journal=South African Computer Society (SAICSIT)|volume=2003|issue=31|pages=46–52|hdl=10520/EJC27949}}</ref>
# "The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability." (CNSS, 2010)<ref>[[Committee on National Security Systems]]: National Information Assurance (IA) Glossary, CNSS Instruction No. 4009, 26 April 2010.</ref>
# "Ensures that only authorized users (confidentiality) have access to accurate and complete information (integrity) when required (availability)." ([[ISACA]], 2008)<ref>ISACA. (2008). Glossary of terms, 2008. Retrieved from http://www.isaca.org/Knowledge-Center/Documents/Glossary/glossary.pdf</ref>
# "Information Security is the process of protecting the intellectual property of an organisation." (Pipkin, 2000)<ref>Pipkin, D. (2000). ''Information security: Protecting the global enterprise''. New York: Hewlett-Packard Company.</ref>
# "...information security is a risk management discipline, whose job is to manage the cost of information risk to the business." (McDermott and Geer, 2001)<ref>B., McDermott, E., & Geer, D. (2001). Information security is information risk management. In Proceedings of the 2001 Workshop on New Security Paradigms NSPW ‘01, (pp. 97 – 104). ACM. {{doi|10.1145/508171.508187}}</ref>
# "A well-informed sense of assurance that information risks and controls are in balance." (Anderson, J., 2003)<ref>{{cite journal | last1 = Anderson | first1 = J. M. | year = 2003 | title = Why we need a new definition of information security | journal = Computers & Security | volume = 22 | issue = 4| pages = 308–313 | doi = 10.1016/S0167-4048(03)00407-3 }}</ref>
# "Information security is the protection of information and minimizes the risk of exposing information to unauthorized parties." (Venter and Eloff, 2003)<ref>{{cite journal | last1 = Venter | first1 = H. S. | last2 = Eloff | first2 = J. H. P. | year = 2003 | title = A taxonomy for information security technologies | journal = Computers & Security | volume = 22 | issue = 4| pages = 299–307 | doi = 10.1016/S0167-4048(03)00406-1 }}</ref>
# "Information Security is a multidisciplinary area of study and professional activity which is concerned with the development and implementation of security mechanisms of all available types (technical, organizational, human-oriented and legal) in order to keep information in all its locations (within and outside the organization's perimeter) and, consequently, information systems, where information is created, processed, stored, transmitted and destroyed, free from threats.<ref>{{Cite journal|last=Gold|first=S|date=December 2004|title=Threats looming beyond the perimeter|url=http://dx.doi.org/10.1016/s1363-4127(04)00047-0|journal=Information Security Technical Report|volume=9|issue=4|pages=12–14|doi=10.1016/s1363-4127(04)00047-0|issn=1363-4127}}</ref> Threats to information and information systems may be categorized and a corresponding security goal may be defined for each category of threats.<ref>{{Cite journal|last=Parker|first=Donn B.|date=January 1993|title=A Comprehensive List of Threats To Information|url=http://dx.doi.org/10.1080/19393559308551348|journal=Information Systems Security|volume=2|issue=2|pages=10–14|doi=10.1080/19393559308551348|issn=1065-898X}}</ref> A set of security goals, identified as a result of a threat analysis, should be revised periodically to ensure its adequacy and conformance with the evolving environment.<ref>{{Citation|last=Sullivant|first=John|title=The Evolving Threat Environment|date=2016|url=http://dx.doi.org/10.1016/b978-0-12-802019-7.00004-3|work=Building a Corporate Culture of Security|pages=33–50|publisher=Elsevier|doi=10.1016/b978-0-12-802019-7.00004-3|isbn=978-0-12-802019-7|access-date=2021-05-28}}</ref> The currently relevant set of security goals may include: ''confidentiality, integrity, availability, privacy, authenticity & trustworthiness, non-repudiation, accountability and auditability.''" (Cherdantseva and Hilton, 2013)<ref name="Cherdantseva Y 2013" />
#Information and information resource security using telecommunication system or devices means protecting information, information systems or books from unauthorized access, damage, theft, or destruction (Kurose and Ross, 2010).<ref>{{Cite journal|last1=Бучик|first1=С. С.|last2=Юдін|first2=О. К.|last3=Нетребко|first3=Р. В.|date=2016-12-21|title=The analysis of methods of determination of functional types of security of the information-telecommunication system from an unauthorized access|journal=Problems of Informatization and Management|volume=4|issue=56|doi=10.18372/2073-4751.4.13135|issn=2073-4751|doi-access=free}}</ref>


== Pregled ==
== Pregled ==

Верзија на датум 31. октобар 2022. у 02:51

Ovaj članak je deo serije članaka o
Informatičkoj bezbednosti
Slične kategorije bezbednosti
Pretnje
Odbrana

Bezbednost informacija, ponekad skraćena na infosec,[1] jeste praksa zaštite informacija ublažavanjem informacionih rizika.[2][3] To je deo informacionog upravljanja rizikom. Time je obično obuhvaćeno sprečavanje ili barem smanjenje verovatnoće neovlašćenog/neprikladnog pristupa, upotrebe, otkrivanja, ometanja, brisanja/uništavanja, korupcije, modifikacije, inspekcije, evidentiranja ili devalvacije, mada to može uključivati i smanjenje štetnih uticaja incidenata.[4][5][6]

Informacije mogu poprimiti bilo koji oblik, npr. elektronski ili fizički,[7] opipljivi (npr. papirni dokumenti) ili nematerijalni (npr. znanje). Osnovni fokus informacione bezbednosti je na balansiranoj zaštiti poverljivosti, integriteta i dostupnosti podataka (što je poznato i kao CIA trijada), uz istovremeno održvanje fokusa na efikasnoj implementaciji smernica, bez ometanja produktivnosti organizacije.[8][9] To se uglavnom postiže strukturiranim procesom upravljanja rizikom koji obuhvata:

  • Identifikacija informacija i srodnih sredstava, plus potencijalne pretnje, ranjivosti i uticaji;
  • Procena rizika;
  • Donošenje odluka o načinu tretiranja rizika, tj. njihovog izbegavanja, ublažavanja, raspodele ili prihvatanja;
  • Ako je neophodno ublažavanje rizika, vrši se izbor ili dizajn odgovarajućih bezbednosnih kontrola i njihovo sprovođenje;
  • Nadgledanje aktivnosti, i prema potrebi prilagođavanje radi rešavanja problematičnih situacija, prilagođavanja promenama i sprovođenja mogućih poboljšanja.[10]

Da bi standardizovali ovu disciplinu, akademici i profesionalci sarađuju na izradi smernica, preporuka i industrijskih standarda vezanih za lozinke, antivirusni softver, zaštitne zidove, softver za šifrovanje, pravnu odgovornost, sigurnosnu svest i obuku itd.[11][12] Ovoj standardizaciji mogu da doprinesu razni zakoni i propisi koji utiču na pristup podacima, obradi, skladištenju, prenosu i uništavanju podataka.[13] Međutim, primena kakvih standarda i smernica unutar datog entiteta može imati ograničen efekat ako se ne usvoji kultura procesa kontinuiranog unapređivanja.[14][15]

Definicija

vectorial version
Information Security Attributes: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are composed in three main portions, hardware, software and communications with the purpose to help identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers: physical, personal and organizational. Essentially, procedures or policies are implemented to tell administrators, users and operators how to use products to ensure information security within the organizations.[16]

Various definitions of information security are suggested below, summarized from different sources:

  1. "Preservation of confidentiality, integrity and availability of information. Note: In addition, other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved." (ISO/IEC 27000:2009)[17]
  2. "The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability." (CNSS, 2010)[18]
  3. "Ensures that only authorized users (confidentiality) have access to accurate and complete information (integrity) when required (availability)." (ISACA, 2008)[19]
  4. "Information Security is the process of protecting the intellectual property of an organisation." (Pipkin, 2000)[20]
  5. "...information security is a risk management discipline, whose job is to manage the cost of information risk to the business." (McDermott and Geer, 2001)[21]
  6. "A well-informed sense of assurance that information risks and controls are in balance." (Anderson, J., 2003)[22]
  7. "Information security is the protection of information and minimizes the risk of exposing information to unauthorized parties." (Venter and Eloff, 2003)[23]
  8. "Information Security is a multidisciplinary area of study and professional activity which is concerned with the development and implementation of security mechanisms of all available types (technical, organizational, human-oriented and legal) in order to keep information in all its locations (within and outside the organization's perimeter) and, consequently, information systems, where information is created, processed, stored, transmitted and destroyed, free from threats.[24] Threats to information and information systems may be categorized and a corresponding security goal may be defined for each category of threats.[25] A set of security goals, identified as a result of a threat analysis, should be revised periodically to ensure its adequacy and conformance with the evolving environment.[26] The currently relevant set of security goals may include: confidentiality, integrity, availability, privacy, authenticity & trustworthiness, non-repudiation, accountability and auditability." (Cherdantseva and Hilton, 2013)[16]
  9. Information and information resource security using telecommunication system or devices means protecting information, information systems or books from unauthorized access, damage, theft, or destruction (Kurose and Ross, 2010).[27]

Pregled

U osnovi informacione sigurnosti je osiguranje informacija, čin održavanja poverljivosti, integriteta i dostupnosti informacija (engl. confidentiality, integrity and availability - CIA), čime se osigurava da informacije ne budu ugrožene na bilo koji način kada se pojave kritična pitanja.[28] Ovi problemi uključuju, ali nisu ograničeni na prirodne katastrofe, neispravnost računara/servera i fizičke krađe. Iako je poslovanje na papiru još uvek preovlađujuće i zahteva svoj sopstveni skup bezbednosnih praksi, digitalne inicijative preduzeća postaju sve naglašenije,[29][30] pri čemu se sa sigurnošću informacija obično bave stručnjaci za bezbednost informacionih tehnologija (IT). Ovi stručnjaci primenjuju informatičku sigurnost na tehnologiju (najčešće neki oblik računarskog sistema). Vredi napomenuti da računar nužno ne podrazumeva kućni desktop. Računar je bilo koji uređaj sa procesorom i nešto memorije. Takvi uređaji mogu biti u rasponu od samostalnih uređaja kao što su jednostavni kalkulatori, do umreženih računarskih uređaja poput pametnih telefona i tablet računara. Stručnjaci za IT sigurnost gotovo se uvek nalaze u velikim preduzećima/ustanovama zbog prirode i vrednosti podataka unutar većih biznisa. Oni su odgovorni su za čuvanje celokupne tehnologije unutar kompanije od zlonamernih sajber napada koji često pokušavaju da steknu kritične privatne informacije ili dobiju kontrolu nad unutrašnjim sistemima.

Reference

  1. ^ Curry, Michael; Marshall, Byron; Crossler, Robert E.; Correia, John (2018-04-25). „InfoSec Process Action Model (IPAM): Systematically Addressing Individual Security Behavior”. ACM SIGMIS Database: The DATABASE for Advances in Information Systems (на језику: енглески). 49 (SI): 49—66. ISSN 0095-0033. S2CID 14003960. doi:10.1145/3210530.3210535. 
  2. ^ Joshi, Chanchala; Singh, Umesh Kumar (август 2017). „Information security risks management framework – A step towards mitigating security risks in university network”. Journal of Information Security and Applications. 35: 128—137. ISSN 2214-2126. doi:10.1016/j.jisa.2017.06.006. 
  3. ^ Fletcher, Martin (14. 12. 2016). „An introduction to information risk”. The National Archives. Приступљено 23. 2. 2022. 
  4. ^ „SANS Institute: Information Security Resources”. www.sans.org (на језику: енглески). Приступљено 2020-10-31. Шаблон:Circular
  5. ^ Daniel, Kent D.; Titman, Sheridan (2001). „Market Reactions to Tangible and Intangible Information”. SSRN Electronic Journal. ISSN 1556-5068. S2CID 154366253. doi:10.2139/ssrn.274204. 
  6. ^ Fink, Kerstin (2004). Knowledge Potential Measurement and Uncertainty. Deutscher Universitätsverlag. ISBN 978-3-322-81240-7. OCLC 851734708. 
  7. ^ 44 U.S.C. § 3542(b)(1)
  8. ^ Andress, J. (2014). The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice. Syngress. стр. 240. ISBN 9780128008126. 
  9. ^ Keyser, Tobias (2018-04-19), „Security policy”, The Information Governance Toolkit, CRC Press, стр. 57—62, ISBN 978-1-315-38548-8, doi:10.1201/9781315385488-13, Приступљено 2021-05-28 
  10. ^ Danzig, Richard (1995-06-01). „The Big Three: Our Greatest Security Risks and How to Address Them”. Fort Belvoir, VA. Архивирано из оригинала 19. 1. 2022. г. Приступљено 18. 1. 2022. 
  11. ^ Lyu, M.R.; Lau, L.K.Y. (2000). „Firewall security: policies, testing and performance evaluation”. Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000. IEEE Comput. Soc: 116—121. ISBN 0-7695-0792-1. S2CID 11202223. doi:10.1109/cmpsac.2000.884700. 
  12. ^ „What is Information Security? (with pictures)”. wiseGEEK. Приступљено 6. 10. 2017. 
  13. ^ „How the Lack of Data Standardization Impedes Data-Driven Healthcare”, Data-Driven Healthcare, Hoboken, NJ, USA: John Wiley & Sons, Inc., стр. 29, 2015-10-17, ISBN 978-1-119-20501-2, doi:10.1002/9781119205012.ch3, Приступљено 2021-05-28 
  14. ^ Schlienger, Thomas; Teufel, Stephanie (decembar 2003). „Information security culture - from analysis to change”. South African Computer Society (SAICSIT). 2003 (31): 46—52. hdl:10520/EJC27949. 
  15. ^ Lent, Tom; Walsh, Bill (2009), „Rethinking Green Building Standards for Comprehensive Continuous Improvement”, Common Ground, Consensus Building and Continual Improvement: International Standards and Sustainable Building, West Conshohocken, PA: ASTM International, стр. 1—1—10, ISBN 978-0-8031-4507-8, doi:10.1520/stp47516s, Приступљено 2021-05-28 
  16. ^ а б Cherdantseva Y. and Hilton J.: "Information Security and Information Assurance. The Discussion about the Meaning, Scope and Goals". In: Organizational, Legal, and Technological Dimensions of Information System Administrator. Almeida F., Portela, I. (eds.). IGI Global Publishing. (2013)
  17. ^ ISO/IEC 27000:2009 (E). (2009). Information technology – Security techniques – Information security management systems – Overview and vocabulary. ISO/IEC.
  18. ^ Committee on National Security Systems: National Information Assurance (IA) Glossary, CNSS Instruction No. 4009, 26 April 2010.
  19. ^ ISACA. (2008). Glossary of terms, 2008. Retrieved from http://www.isaca.org/Knowledge-Center/Documents/Glossary/glossary.pdf
  20. ^ Pipkin, D. (2000). Information security: Protecting the global enterprise. New York: Hewlett-Packard Company.
  21. ^ B., McDermott, E., & Geer, D. (2001). Information security is information risk management. In Proceedings of the 2001 Workshop on New Security Paradigms NSPW ‘01, (pp. 97 – 104). ACM. doi:10.1145/508171.508187
  22. ^ Anderson, J. M. (2003). „Why we need a new definition of information security”. Computers & Security. 22 (4): 308—313. doi:10.1016/S0167-4048(03)00407-3. 
  23. ^ Venter, H. S.; Eloff, J. H. P. (2003). „A taxonomy for information security technologies”. Computers & Security. 22 (4): 299—307. doi:10.1016/S0167-4048(03)00406-1. 
  24. ^ Gold, S (децембар 2004). „Threats looming beyond the perimeter”. Information Security Technical Report. 9 (4): 12—14. ISSN 1363-4127. doi:10.1016/s1363-4127(04)00047-0. 
  25. ^ Parker, Donn B. (јануар 1993). „A Comprehensive List of Threats To Information”. Information Systems Security. 2 (2): 10—14. ISSN 1065-898X. doi:10.1080/19393559308551348. 
  26. ^ Sullivant, John (2016), „The Evolving Threat Environment”, Building a Corporate Culture of Security, Elsevier, стр. 33—50, ISBN 978-0-12-802019-7, doi:10.1016/b978-0-12-802019-7.00004-3, Приступљено 2021-05-28 
  27. ^ Бучик, С. С.; Юдін, О. К.; Нетребко, Р. В. (2016-12-21). „The analysis of methods of determination of functional types of security of the information-telecommunication system from an unauthorized access”. Problems of Informatization and Management. 4 (56). ISSN 2073-4751. doi:10.18372/2073-4751.4.13135Слободан приступ. 
  28. ^ Samonas, S.; Coss, D. (2014). „The CIA Strikes Back: Redefining Confidentiality, Integrity and Availability in Security”. Journal of Information System Security. 10 (3): 21—45. Архивирано из оригинала 22. 09. 2018. г. Приступљено 10. 11. 2019. 
  29. ^ „Gartner Says Digital Disruptors Are Impacting All Industries; Digital KPIs Are Crucial to Measuring Success”. Gartner. 2. 10. 2017. Приступљено 25. 1. 2018. 
  30. ^ „Gartner Survey Shows 42 Percent of CEOs Have Begun Digital Business Transformation”. Gartner. 24. 4. 2017. Приступљено 25. 1. 2018. 

Literatura

Spoljašnje veze

Bezbednost informacija на Викимедијиној остави.
Преузето из „https://sr.wikipedia.org/w/index.php?title=Bezbednost_informacija&oldid=25318850