2
Classification of information
Published
3
Content of information
A: Confidential
information
Product cost sheets, human resources information, customer information
B: Information for
internal use only
Marketing information, sales information
C: Published
information
Information published on the Web, product
catalogs
Technology element
Rank of importance
Unpublished
Chapter 9
Information that is handled by an organization can be broadly categorized
into “published information” and “unpublished information.”
Published information refers to information that has been made available
to the public such as product catalogs and information on Web pages, and
information that can be published without issue.
Unpublished information refers to confidential information that is not in
the interest of the organization to publish such as information about new
product development, and personal information such as customer information and address information.
In handling information, it is necessary to rank the importance of the information, taking into account the value of the information and the extent to
which people will use the information. It is also important to decide the
administrator of the information and how the information will be managed.
After determining if information is published information or unpublished
information, it is necessary to take adequate precautions for the handling
of unpublished information in particular.
Information can be ranked as follows.
Threats and vulnerabilities
Information systems and the Internet are widely used today by corporations and other organizations, making it possible for anyone to quickly and
easily use information. At the same time, there is seemingly no end to incidents involving virus infections or unauthorized access of information systems. It is important to grasp the various risks involved, and institute appropriate measures to protect information assets from such risks and ensure safe use of information assets.
(1)Types and characteristics of human threats
In the field of security, “social engineering” refers to the act of manipulating people to obtain important information through physical and personal
means, and use it for fraudulent purposes. Anyone can easily use information for fraudulent purposes by preying on the psychological vulnerabilities of people, even without possessing technical knowledge. For this reason, due caution is necessary.
The typical methods of social engineering are summarized below.
●Spoofing
“Spoofing” is a technique that is used to masquerade as someone such as
a superior, person from an information systems department, or customer.
Once the person has asked and obtained information for the purpose of
gaining unauthorized access, the person masquerades as the normal user
using the stolen ID or password, and proceeds to use a computer for fraudulent purposes.
280