StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

How Can Organisations Ensure that Information Held within their Information Systems is Secure - Essay Example

Cite this document
Summary
This research evaluates how organizations can ensure that information held within their information systems is secure. The conclusion states that companies should continue to change their passwords, adopt new software, and change authorization codes to the information in their databases…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.7% of users find it useful
How Can Organisations Ensure that Information Held within their Information Systems is Secure
Read Text Preview

Extract of sample "How Can Organisations Ensure that Information Held within their Information Systems is Secure"

Information in Organizations Introduction The business environment is highly competitive in the 21st century as free market economies, which run by the principles of supply and demand, are becoming more prevalent. While no economy is completely a free market economy without any government intervention, most economies are at least partially free market. This intensifies competition as businesses seek to attract customers based on prices, quality, and other unique selling propositions. An essential part of the business process is the processing and dissemination of information. Businesses rely upon accurate and quickly gathered information regarding markets, products, customers, ideas, and other aspects concerning the business, in order to properly plan and implement their future strategies. Businesses must also keep accurate records of their past, current, and future plans in order to function in an organized manner (Martin, pg. 256, 1973). As businesses must take due care of their possessions and assets to prevent damage or theft, businesses must also protect their information from being stolen or misused. While assets may be quite expensive and valuable for the firm, information is worth much more and has a higher risk involved. Cyber crime is at large in today’s technologically advanced world, in which thieves do not attempt to take physical assets from people, but directly aim to access intangible information, which is regarded as more valuable. Corporations keep their information safe on computers that are locked with passwords and only staff is permitted to access the information. However, often there are instances of information leaks or access to restricted records by competitors, which causes the business immense damage. Hackers and other cyber thieves access important information to commit frauds or to manipulate the business’s financial records. Many times, large amounts of cash are transferred from the business account to other accounts and they become irretrievable (Kankanhalli, Teo, Tan, & Wei, pg. 145-147, 2003). There are thousands of ways that businesses can suffer harm through the access of their personal information. Account numbers, financial information, customer records, meeting plans, and new business strategies are all recorded on computers and it is regarded as a safer place to put such information rather than in paper form where it is easily accessible to all. Unfortunately, while computers may be the safer place to put such information, saving it from ordinary people and ordinary thieves, yet it is still considerably unsafe from technologically perceptive cyber thieves and hackers. Hence, businesses must take several measures to protect themselves from cyber crimes and keep their information safe (Conway, Maxwell, & Morgan, pg. 220, 1972). Discussion Before the electronic means of controlling the access to data is discussed, it must also be noted that information may also be disseminated through employees and through simple discussion conducted by employees with outsiders. Businesses also take measures to protect themselves from such situations as they are perhaps more likely to occur than even cyber crime (Conway, Maxwell, & Morgan, pg. 218, 1972). As mentioned above, employees are a primary source of information about a company and are the people who are given access to a company’s databases. The first and foremost method a company uses to protect its information from being openly disclosed or discussed is through a confidentiality agreement between a company and its employees. This legal document binds the employee within a secrecy agreement and ensures that the employee agrees to keep all the information regarding the company and its strategies confidential. In the case that such information is dispersed by the employee, the employee will be liable for losses and legal action can be taken against the employee. Information is also protected from employees by restricting confidential and highly important information to a certain level of staff. Lower level staff and managers may not be given information regarding the strategies or operations of the company that do not have any role in the employee’s department. Lower level employees may also not be given data regarding important information about the company’s past, present, and future prospects and may have restricted access to company records. Such information may only be available to higher-level staff that are trusted and carry a higher degree of responsibility (Tipton & Krause, pg. 75, 2004). In the same way, the company must also restrict its information from consultants, lawyers, and other parties through confidentiality agreements. Auditors and government staff are also subjected to secrecy agreements, which prohibit them from disclosing information to third parties. Hence, in the instance of information leaking out or being disclosed to third parties, legal action can be taken against the party that disclosed the information in compensation for losses incurred (Martin, pg. 345, 1973). While some employees may disclose information verbally, it is also possible to pass information online or electronically. Hence, information and activities online or on electronic systems are monitored on a central system. Information is controlled through the usage of passwords and codes, which enables only the employees and staff who have these passwords to access the information. Some information that is restricted requires special permission to access from the highest authorities in a company. Hence, the company only reveals this information to employees with special and signed permission from higher-level managers (Tipton & Krause, pg. 34, 2004). Businesses also use several technological inventions to control information and keep it safe. Technology such as firewalls is used to prevent unknown users and computers from accessing databases and information in the company’s main system. There is also other software, which prevents hackers from accessing important information, which are known as anti-hacking software. This software prevents other computers and hackers from accessing information or breaking into the companies’ accounts. If attempts are made to access a company’s accounts or databases, the hacker or computer from which such activity is initiated is tracked easily. This makes it easy for the company and the authorities to track such behavior (Peng, Cui, & Tan, pg. 238-239, 2002). Companies use such measures to protect their data from being dispersed or used in an inappropriate way. Unfortunately, despite using such measures as firewalls and passwords, many data and company files are being broken into and a large amount of information is leaked through the company system. Hence, firewalls and passwords nor the highest level of anti-hacking software is preventing such break-ins. Companies are currently adopting further ways to properly secure their data from theft and misuse (Peltier, pg. 75, 2005). Another method of protecting a company’s data from theft and misuse is encryption. Companies may encrypt important files and set permission-based entry into those files. Only people who have permission to access these files can open the files and read them. To anyone else who tries to open the files, the files will not be readable as they will be encrypted and in an indecipherable language. Encryption is one of the basic methods used in protecting information from unauthorized access. However, even encryption is not an unbreakable method of protecting data. High tech hackers can break into the encrypted code to read the data and information stored. Hence, even further measures are needed to properly protect data from theft and unauthorized access (Peltier, pg. 82, 2005). Since it is highly expensive to put security codes on all data and properly protect all data, it is essential to choose the data that is most confidential and requires high levels of security. It is now possible to put security locks into the data itself. To enforce digital rights management on data means controlling the way the data is permitted to be used. Highly confidential data is then marked with “metatags” which permit certain users to access the data and limit the way the data can be used. For example, people in the marketing department may only be allowed to read the data while people in the sales department may only be allowed to print the data (Peng, Cui, & Tan, pg. 240-242, 2002). While data needs to be protected from theft, it must also be protected from manipulation as some employees or third parties may do in order to change the information enclosed in a favorable manner. Hence, companies use metatags to limit the way in which data can be utilized. Only some employees who belong to that department may have the authority to it the data. The data may only be readable to other employees but they may not be allowed to edit it or make any changes in it (Anderson, pg. 400, 2001). Companies must also protect their information from getting lost as company records are highly important and their loss can mean great problems and obstacles for the company. To prevent data from getting lost, companies create back-up files on CD or on the computer itself. However, data is also stored in other locations besides the company’s computers to prevent the data from being irretrievable in the case of fire or technical faults in the computer system. Backup files are essential for the company as once data is lost; it results in a halt in operations. However, care must be exercised when protecting back-up files from unauthorized access as well (Winkler & Dealy, pg.3-4, 1995). No matter how many strict measures or controls a company applies upon its databases and information, some information is always leaked out. Moreover, most software and security measures can be broken some way or the other by highly professional technicians, hence making the data insecure. There is no proper or fire way to protect data from all sorts of leakages and unauthorized access. Hence, a company must be prepared for its personal information to reach others in due time and must continue to change its strategies and protect its data from break-ins as often as possible (Winkler & Dealy, pg. 3-5, 1995). Conclusion Conclusively, companies should continue to change their passwords, adopt new software, and change authorization codes to the information in their databases. An example of a company who has done quite well in keeping its formula safe is the Coca-Cola Company, which only reveals the full formula for creating the unique taste of Coca-Cola to its highly trusted and top-level employees. All other employees in the production process are only aware of what they are personally adding to the production process but are not aware of the steps that have been taken before or after their own task. Hence, no other company has ever been able to completely copy the formula for Coca-Cola and the company maintains its competitive advantage. However, there have been attempts to access Coca Cola’s data and to discover the complete formula for Coca-Cola. The company maintains its secret quite well, which is the reason that such information has not been leaked out for such a long period of time (Anderson, pg. 362, 2001). Finally, other large companies such as Nestle, Proctor & Gamble, and Apple maintain their secrecy through several security measures maintained upon their databases and information. However, it is again stressed that not all information may be protected indefinitely. Hence, companies may require stricter controls and more reliable software and methods to protect their information in the future. As noted, technology has its advantages and disadvantages in the realm of information storage, availability, and access. Any condition, no matter how safe it promises to be, must also be backed up with extra cautionary measures and care (Martin, pg. 456, 1973). References Anderson, R. 2001. “Why information Security is Hard- An Economic Perspective.” Computer Security Applications Conference. Volume 17, pp. 360-400. Conway, R., Maxwell, W., & Morgan, H. 1972. “On the Implementation of Security Measures in Information Systems.” Magazine Communications of the ACM. Volume 15, Issue 4. Kankellali, A., Teo, H. Tan, B., & Wei-K. 2003. “An Integrative Study of Information Systems Security Effectiveness.” International Journal of Information Management. Volume 23, Issue 2. Martin, J. 1973. Security, Accuracy, and Privacy in Computer Systems. Prentice Hall Peltier, T. 2005. Information Security Risk Analysis. Taylor & Francis Group Peng, X. Cui, Z., & Tan, T. 2002. “Information Encryption with Virtual Optics Imaging System”. Optics Communications. Volume 212, Issue 4-6. Tipton, H. & Krause, M. 2004. Information Security Management Handbook. Auerbach Winkler, I. & Dealy, B. 1995. “Information Security Technology: Don’t rely on it: a Case Study in Social Engineering.” Fifth UNIX Security Symposium. UNIX Press. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“How Can Organisations Ensure that Information Held within their Essay”, n.d.)
How Can Organisations Ensure that Information Held within their Essay. Retrieved from https://studentshare.org/business/1440971-how-can-organisations-ensure-that-information-held
(How Can Organisations Ensure That Information Held Within Their Essay)
How Can Organisations Ensure That Information Held Within Their Essay. https://studentshare.org/business/1440971-how-can-organisations-ensure-that-information-held.
“How Can Organisations Ensure That Information Held Within Their Essay”, n.d. https://studentshare.org/business/1440971-how-can-organisations-ensure-that-information-held.
  • Cited: 0 times

CHECK THESE SAMPLES OF How Can Organisations Ensure that Information Held within their Information Systems is Secure

Security and Integrity of Health Care Information Systems

The systems is built on a number of compatible information technology tools, whose corruption or hacking is a lead to healthcare IS breaches.... Security and Integrity of HIS (Health Care information systems) Author's Name Institutional Affiliation Abstract In the recent past, different fields have evolved with the evolution in technology.... This has prompted the introduction of health information systems in healthcare.... Health information systems deal with a lot of operations involved in managing sensitive medical information for different patients....
17 Pages (4250 words) Term Paper

Importance of Information Security and Privacy

As organizations around the world rely heavily on computers for all their information storage and processing, unprotected computers and networks can be an easy means for anyone to obtain this information.... hellip; Despite the security problems the internet posses, businesses need to be connected to be able to compete as the use f the internet offer many advantages such as internet mail, file transfers and homepages for business. As organizations need to be connected to the internet, protection and security is required to prevent unauthorised users from accessing resources on an organizations private network and to secure data transmission over the internet....
6 Pages (1500 words) Essay

Information securtiy

First part deals with a general discussion about information security.... An introduction is given as to what information security… Then, the importance of designing an information security policy has been discussed.... information security in different fields has been considered.... Legislatures like Canadian Law and HIPAA have been Some lines have dedicated to explain the ISO/IEC 17799:2005 standard of information security policy....
12 Pages (3000 words) Essay

Information Security Management of BS 7799

nbsp;… Today, in the age of extreme professionalism, there is a need for assurance that information will be safeguarded and handled properly.... enefits of using ISO/IEC 17799: 2000 :Benefits of using ISO/IEC 17799: 2000: 1) Increased business efficiencies2) Reduced operational risks3) Gives assurance that information security is being rationally appliedThese benefits are achieved by ensuring that1) Security controls are justified2) Policies and procedures are appropriate3) Security awareness is good among staff and managers4) All security-relevant information processing and supporting activities are auditable and are being audited5) Internal audit, incident reporting/management mechanisms are being treated appropriately6) Management actively focus on information security and its effectiveness....
6 Pages (1500 words) Case Study

Management and Implementation of Secure Information Systems

This assignment "Management and Implementation of Secure information systems" discusses principles of a public key encryption system, comparing them with those of asymmetrical cryptosystem....  Therefore, controlling the access to such resources has become a problem that needs a balance between access to free information and those that are of value to the content of that information.... omputers originally are made to ease the exchange of information....
9 Pages (2250 words) Assignment

Risk Assessment

atrick Michaels, Hewlett Packard senior IT technician that uses the information risk management to ensure that the operation of the company runs smoothly and providing additional information on what needs to be improved within the firm (Loughman et al.... nbsp;James Williams, Hewlett Packard systems administrator who provided information on how secure the system was for use online.... nbsp;Control objectives needed to secure an organization.... The essay describes the various risks include that will be assessed in this report include: safety of operating systems; impacts and risks within the environment; threats; vulnerabilities of the systems implemented....
30 Pages (7500 words) Essay

How Hackers Conduct Cybercrime, Methods to Secure Systems

Although various approaches to guarantee online security are available, there is evidence that cybercrime is still a challenge that information systems have to address.... The paper "How Hackers Conduct Cybercrime, Methods to secure Systems" highlights that cyber terrorism is an issue that has become costly for the world within modern times.... High intensity of network attacks has pushed organizations to invest in more secure systems that can resist external attacks and limit access to organization resources....
11 Pages (2750 words) Research Paper

How Is Information Made Secure and Why Is This Necessary

Importance of information securityThe main reason we give a lot of care on the information systems is that there are some of the information we need to protect from unauthorized disclosure for competitive or legal reasons.... Specialized means of ensuring that data is secure include the use of databases, securing the applications, and aligning the infrastructures so that they give the best results.... Organizations should aim to ensure that the data they deal with is secure for their own benefit and to the people or customers to whom they have been entrusted responsibilities....
7 Pages (1750 words) Literature review
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us