Some lines have dedicated to explain the ISO/IEC 17799:2005 standard of information security policy. The second part of the report deals with a field-specific discussion. In this part, information security in the field of computers and internet has been explained. Threats posed to the sensitive information stored on computers have been discussed along with procedures for their determent. Some laws and Acts have been explained that ensure the information security in the new technological world.
Information security is generally defined as the protection of information from a wide variety of threats, such as, getting accessed by unauthorized persons, disclosed, sold or destroyed, without the consent of the owner of the information. Thus, the primary objectives of information security are to ensure the privacy, reliability and accessibility of information.
Information security is becoming one of the most important concerns in almost every profession and every field of life. Information security is a business issue, not just a technology issue (Symantec Corporation 2009). Sensitive information about the consumers and employees, finances, inventories, payments, research work, is being maintained by governments, organizations, companies, banks, armed forces, healthcare sectors, so on and so forth. This corporate information is the most crucial asset of a company and is at stake if proper measures are not taken to deter the security attacks. The information may have been stored in any form. For example, it may be in printed form; stored in files and documents; saved on the computers’ hard disks; shown on video tapes; and, transmitted by post, email or any other physical or electronic means. Breaches in information security can result in great losses and damages to the overall business and may lead to business discontinuity, high risks and low output. Most of