Information Security as an Important Process - Case Study Example

DATA AND INFORMATION SECURITY Introduction Information technology is an area that has received much prominence in recent times, following the need for businesses to globalise and exploit opportunities existing beyond the borders of the country (Tipton 2005, 12). One of the most important ways of understanding and exploiting these opportunities is relying on important information sources to research and identify key aspects of prime importance. Realising the importance that information and technology plays in businesses, organisations have started making strategies that can ensure that they secure their sources of information. This underlies the fact that information is the main ingredient towards the success of businesses and various systems that are created to achieve certain goals and objectives. The idea of businesses relying on information in order to create competitive advantages for their success has come along with various unethical practices that other people have began engaging in. Emergence of Cyber Crime Cyber crime has emerged as an area of major concern for most businesses and individuals who want to protect their information as much as possible. Some people often hack into people’s secured systems of information in order to make away with this information, which may be essential for their owners in various ways (Bradley 2007, 72). Hackers have identified ways in which they can their way into company websites and other secured information systems in order to steal information not meant for their use. This practice is very dangerous because they can make away with information that may be detrimental to the security of a country. This paper examines the concept of data security as well as how individuals and companies can be proactive in the process of searching information to secure their information systems in the modern business environment. The need for Information security In business, data refers to the information, which is essential in the growth and success of business organisations and other important systems as created by people for various reasons (Salomon 2003, 24). Information is important to people in the process of having an understanding of their environmental and self-awareness. Searching for information is an important process that people and organisations often invest in heavily. The amount of investments set in this process depends on the importance that the information has on them. When this information is found, people and organisations are supposed to ensure that they create mechanisms by which they can secure this information so that it does not get into the hands of unauthorized persons. The need for data protection has caused the emergence of an important field in information technology, which is information security. Currently, many people and companies have been showing a great interest in the process of creating technologies and systems that can help in the process of securing their information and databases online and in other ways that they store their information. Definition Information security, also referred to as data security is the process by which people and organisations defend their information from the access of unauthorized persons (McCann 2002, 13). The process ensures that people and other parties that are not authorized by the business or particular persons prevent their information from the process of disclosure, use, modification, disruption, inspection, perusal or any form of destruction and recording. Information security is a general terminology that is used irrespective of the type that the data is stored. In most cases, data can be stored electronically, where it is secured in online sources like websites, emails and other online directories. Alternatively, the data can be kept in physical storage sources like compact disks, USB storage devices among others. All this information, as required by businesses has to be kept safe, away from the reach of unauthorized persons. This is because, the information could be comprising of business secrets that are tightly guarded by the business so that they can compete effectively in the market. Alternatively, the information kept away from public access and other unauthorized persons could be involving serious security concerns to the country, in this case, by securing this information, the organisation can effectively manage it and use it in the right manner. Informational Security at the Infrastructure Level Threats in computer systems often happen in various forms. Currently companies and organisations are exposed to different kinds of threats on the information they store. Businesses are continuously facing threats from people that want to make away with their information (Byrnes & Kutnick, 2002, 41). Some are motivated by the sheer aim of knowing their trading and business secrets so that they can counter their competitive strategies, while others just want to ensure that these businesses do not become successful in the market. Some of the most common computer threats include, software attacks, identity theft, stealing of intellectual property, sabotage, theft of information and computer equipment as well as extortion of information. Many people and companies have been experiencing various problems and challenges relating to attacks on their information and software they use for various problems. Some of the attacks that these parties have been experiencing on their software and other sources of information include viruses, phishing attacks, worms and Trojan horses, which have been making it impossible for them to use their information and other software in the most effective way. Stealing of intellectual property has been common in the recent past for m most businesses and the general IT field. Businesses have been finding it hard to protect their innovations so that rivals do not get it and master their competitive strengths (Laudon & Laudon 2007, 31). Intellectual property refers to the ownership of properties that consist of some kinds of special protection. Stealing and imitation of software in businesses is common today, businesses have been developing various software tools to aid them in storing information about their business secrets and other important aspects of their businesses. Identity theft, which is also another important aspect of computer threats in businesses today, refers to the act of stealing information that relates to another person and using it as if it were your own. The person that obtains this information can use it in order to steal money and other things in the name of the owner of the particular details. This kind of theft can also happen to businesses when their information gets in the hands of unauthorized persons. From the foregone information, it is evident that in the contemporary world, theft of information and equipment is very prevalent. This is perhaps due to the fact that advancements in technology has developed many devices that are portable and convenient to use by all people. Currently, cell phones are said to be highly prone to theft and other related issues, nevertheless, they are still important in the transfer and exchange of information, which is vital for the success of businesses and people in their social and economic dimensions (Alexander 2008, 19). Some businesses that do not have ethical considerations in the operations often take part in sabotage, of other businesses, in this case, they destroy other businesses’ websites so that customers can lose their confidence in the businesses, opting for other business that can provide an assurance for their information and the details they give when transacting with the company. Extortion of information relating to businesses as practiced by these unethical businesses and people involves stealing information and other kinds of property with the aim of getting some kind of payment in exchange of giving back the particular property or information to the particular owners. Programmers and other professionals have been active in the process of developing techniques of securing information and other important properties in businesses. Minimizing data threats in business organisations In as much as efforts are underway to develop other reliable systems and strategies of protecting business information, it is important that people and business organisation take precaution in ensuring that their vita information is safely stored (Pinson 2008, 25). This involves restricting access and use of certain kinds of information, except to people trusted by the business owners beyond reasonable doubts. Currently, financial institutions, hospitals, military, government and private businesses have been amassing great deals of private and confidential information about their products and services, employees, research and finance relating to their businesses. Most of the data being collected is being processed and stored safely in various kinds of electronic computers, which are then transmitted across various networks, away from the reach of unauthorized persons. When vital information like finances and customers relating a business reaches into the hands of rival businesses, the business and its esteemed customers can suffer from broad irreparable financial damages that can affect its performance and reputation in the business environment. For this reason, protecting their information that is held privately and confidential is an important requirement that accepted legally and is ethical. Business are supposed to invest in protecting their most confidential and private information so that they do not have to struggle with court cases over people that have hacked into their systems and stole their information. One of the most important concerns for businesses is knowing how much to put aside towards investing in systems that can protect their information and other equipment. It is important that business owners and managers understand that security is very critical on privacy. This concept is viewed and regarded differently by people from one culture to another. However, depending on the kinds of products and services that the business is involved, it can create its own systems and strategies that it can use in the process of securing their information and other important equipment. Vulnerability of data in business Organisations Securing information has become an important concern for most businesses. This has been prompted by the fact that the business environment has become very competitive in this era of globalisation (Furnell 2008, 21). Businesses are striving at developing strategies that they can use in the process of understanding their markets and producing goods and services that correspond to these needs in the market. In this process, the information they are coming up with is very vital and essential for their growth and success, prompting the need to secure it and keep it away from the reach of unauthorized persons. The field of data security has rapidly grown and expanded in the recent past, with software and information technology companies looking for ways in which they can produce efficient and reliable technologies that can achieve this important goal. In this case, the field has expanded, offering various careers for people interested in providing solutions to businesses and people towards data storage and security challenges. In this regard, businesses have a range of ways in which they can be advised on how to secure their information in the best way possible. Creating an information security culture in the business The need for securing information is supposed to be the continuous and normal routine in business. For this reason, business managers are expected to be proactive when it comes to creating an organisational culture that emphasizing on the value for securing information in the businesses. The kind of efforts and influence that business owners put in their businesses is important in ensuring that their information is kept safe. Employees’ actions and behaviors are very essential towards information security in their particular businesses. Cultural concepts are essential towards defining the path that businesses take towards securing their information. Businesses managers, in their proactively, are supposed to have a firm understanding of the association between information security and organisational culture. Information security culture can be defined as the overall of diverse patterns of behaviors and actions in a business organisation, which play a role towards protecting the business’ information and related aspects for their various reasons. An information culture in businesses needs to be created and improved on a continuous basis (Dingledine 2009, 64). Many research and information security experts have often explained that this process is never ending. Just as businesses keep on changing their tactics and strategies in management and development of products and services, so is the case for information management and protection. Business owners have to understand that technology is one of the resources that are obsolete in the sense that they keep changing on a daily basis. Programmers and software developers have to keep developing new products to many of the challenges affecting business in various ways. in the same way, data storage and protection keep on changing, prompting the need for businesses to keep investing in this important process. This makes businesses that follow this concept to maintain and improve on their trading secrets through securing of their competitive advantages. Managing data storage and security maintenance In managing their information and other confidential matters, business can adopt a four-step approach. In this case, they are expected to ensure that they develop and keep their information safety so that they can take advantage of the ever-increasing opportunities in the business environment (Pohlmann 2010, 34). The first step involves a pre-evaluation of their environment. This process involves identifying a firm awareness of their data security within kits employees and making an important analysis of the contemporary security policies facing the business. The legal environment in every country provides policies and regulations that are to be followed by businesses in the process of carrying out their activities. In this case, businesses should ensure that they evaluate the legal provisions for data storage and protection in the process of creating their information systems. In this case, the business is better placed to launch legal complaints against people that breach these policies. The second step involves strategic planning, in this case, businesses are supposed to establish an effective and reliable awareness program for all its employees and other important stakeholders. In this step, the business establishes clear targets and expectations for people in the process of interacting with its technology and other vital information. Employees are told on the boundaries with which they should go in handling information related to the business’ various practices. In this case, the business can effectively ensure that sensitive information remains with people entrusted in handling that information. The third step towards creating reliable information systems in the businesses is referred to as the operative stage. In this stage, the business explores all ways and their alternatives towards creating a reliable security culture in the businesses. In most cases, this depends on the internal communications that the business develops in its environment. The business has to create various training programs in which it trains its employees on various ways of handling information and other essential issues of management and use of technology. After this has been done, the business can hold employees accountable for information leakages in the course of their work, especially which is not meant to be leaked and reach the hands of unauthorized people. The final step towards storing and securing business data is the implementation of the information disseminated to business employees and other stakeholders. Employees are expected to show their total commitment towards valuing and protecting the information of their businesses. The business develops a communication channel that employees use in the process of interacting with different kinds of information in the businesses. Employees are expected to give first priority to businesses matters especially when dealing with social media. They are supposed to communicate to clients their personal views about company practices unless they have been given the official capacity to do on behalf of the businesses. The use of social media in business practices has become common in modern businesses, in as much as it is essential towards the marketing function in businesses, it is supposed to be done under the laid down procedures. The business does not have to allow anyone to communicate on its official social media platforms. This is because, some people can use that opportunity to pass communications that may not be the official statements by the company, thus sending away some of the most reliable clients in the business. At the implementation stage, the businesses has to keep monitoring all that is posted on its websites and other social media sites in order to control its communication and other forms of information given out to the public. The importance of creating controls to information Crating proper and reliable systems for protecting its information is essential for businesses in the process of keeping their trading secrets, thus creating and maintaining their competitive advantages. Control to vital information in the business because it enables the business reduce the risks it is abound to face when dealing with competitors and its clients to manageable levels. The amount of controls placed on business information has to be done depending on the kind of risks that the business is exposed to, including the kinds of goods and services that the business produces, as well as the nature of the industry that the business exists (Axelrod 2004, 31). It is important to note controls in business’ information and other related equipment varies from one business to another. For this reason, business owners are supposed to be proactive in establishing the best information storage approaches that can suit the business (Tipton 2005, 10). In all this activities, the bottom line in the business should be ensuring confidentiality and integrity in the activities the business engages in. Organisations are at liberty to create their preferred controls over their businesses, which is in line with their practices and their industry and financial ability. However, it should be noted that creating effective data storage systems does not have to be complex; instead, the business can opt to establish simple and effective strategies that can secure their information and other related equipment. Administrative controls are the simplest forms of data storage that businesses can use in the process of preserving their information, and keeping it safe from unauthorized persons. Administrative controls involve specially written policies and regulations, standards, procedures and guidelines that govern the use of information in the business. Generally, administrative controls are the most commonly used frameworks in the process of running business ad people management. They often play an important role in informing people about various ways of how businesses are managed in the modern business environment. Administrative controls are the foundation for the process of selecting and implementing of physical and logical strategies, not only for securing information in businesses, but also for the general management, which is important in the success of businesses. Physical and logical controls are often essential manifestations towards administrative controls, which are of prime importance to businesses (Matwyshyn 2009, 15). Conclusion Information security remains one of the important competitive advantages that business can have. Information is an essential ingredient that determines the success or failure of businesses in their activities. In this case, security for this information has to be guaranteed so that businesses can manage their products and services in the most effective way. Information security is an important process that has to be done on a continuous basis in the process of exercising care and diligence towards protecting their information and information systems from the access by unauthorized persons (MacKinnon 2012, 54). The process has to involve training employees consistently on the emerging issues in business practices as far as information security is concerned. In this case, data security has risen to become an indispensable practice in business that want to create and maintain competitive advantages and market position. Bibliography Axelrod, C. 2004. Outsourcing information security. Artech House, Boston. Alexander, P. 2008. Information security a managers guide to thwarting data thieves and hackers. Praeger Security International, Westport, Conn. Bradley, T. 2007. PCI compliance implementing effective PCI data security standards. Syngress, Burlington, Mass. Byrnes, F., & Kutnick, D. 2002. Securing business information: Strategies to protect the enterprise and its network. Intel Press, Hillsboro, Or. Dingledine, R. 2009. Financial cryptography and data security 13th International Conference, FC 2009, Accra Beach, Barbados, February 23-26, 2009 : Revised selected papers. Springer-Verlag, Berlin Furnell, S. 2008. Securing information and communications systems principles, technologies, and applications. Artech House, Boston. Laudon, K., & Laudon, J. 2007. Essentials of business information systems (7th ed.). Pearson Prentice Hall, Upper Saddle River, N.J. McCann, T. 2002. Information security keeping data safe. FEI Research Foundation, Morristown, NJ. MacKinnon, L. 2012. Data security and security data 27th British National Conference on Databases, BNCOD 27, Dundee, UK, June 29-July 1, 2010. Revised selected papers. Springer, Berlin. Matwyshyn, A. 2009. Harboring data: Information security, law, and the corporation. Stanford Law Books, Stanford, Calif. Pinson, L. 2008. Anatomy of a business plan the step-by-step guide to building your business and securing your companys future (7th ed.). Pearson Prentice Hall, Upper Saddle River, N.J. Tipton, H. 2005. Information security management handbook (5th ed.). Taylor & Francis e-Library, London. Pohlmann, N. 2010. ISSE 2009 Securing Electronic Business Processes highlights of the Information Security Solutions Europe 2009 Conference. Vieweg Teubner Verlag, Wiesbaden. Salomon, D. 2003. Data privacy and security. Springer, New York. Tipton, H. 2005. Information security management handbook (5th ed.). Taylor & Francis e-Library, London. Read More