Securing and Protecting Information - Coursework Example

Running head: securing and protecting information 16th January Introduction With the increased use of information technology locally and globally, there has been an increased sharing of information among individual users and firms. As a result, information security, which entails the practice of defending information from unauthorized parties, has been a major issue among the organizations. Securing of networks is a process that has continuously been applied by individual and firms. Within the network, vast and evolving collection of threats has been noted to compromise and exploit the weaknesses of organizations. For example, worms and viruses are able to propagate through sharing of networks and e-mails. Another major issue that is being experienced in networks is the phishing attacks that try to lure the users to provide personal information such as credit cards information and bank account details. In any organization be it in the hospitality or business industry, data security is fundamental. New and existing organizations should regularly undertake data security review in order to ensure that data is safe from any loss. The three predominant principles of information protection are confidentiality, integrity and availability. This paper seeks to discuss various issues that are involved in securing and protecting information. Defining classified information One of the main challenges that face a number of firms even before securing the classified information is classification of the information. It is vital to note that despite the importance of the information in the organization, all the information cannot be treated in the same way. Organizations should maintain a sustainable and clear policy of information classification. Some of the major issues that should be included in the policy include identifying the individual who assign the original classification once the data is created, the person responsible to storing the data, and the process for declassifying information among other duties (Pipkin, 2000). Notably, the role of information classification should be limited to Information Technology department but all the managers concerned should be involved. This is based on the fact that information that seems to be vital to a manager for example in the marketing department may not be important to a manager in the maintenance department. This implies that individuals or department that understands the importance of the information should be fully involved in the classification. Information handling policy and methods of maintaining data cannot therefore be overlooked to avoid making the software and hardware less effective. Protecting classified data In an organization, there is major information that should only be accessed by authorized individuals and which should be stored on the internal network only. These include financial projections, information regarding upcoming marketing activities, data touching on employee’s compensation, and source codes for the applications being developed by the firm among others. As a result, there is need for managers to ensure that such information is secured. First, they should ensure that there is restriction in accessing the information through the use of directory rights and permissions. Sensitive and classified data should be locked down thus ensuring that only those who have the need to use that information can access it. Similarly, not everyone in an organization who needs that stored information can have full access. There is need to ensure that some individuals are given the permission by the concerned managers to avoid jeopardizing the organization’s operations. It is worth to note that despite the security that an organization on its information, data can leave the network for example by being copied onto a USB flash drive, sent by email or by being downloaded. Such information should therefore be encrypted. Additional protection of encrypting the information benefits an organization in the sense that unauthorized parties are not able to view the information or to access the data. In the contemporary times, the demand for laptops has gone high. This has resulted to increased cases of stolen or lost laptops. This has resulted to increased security compromises leading to adoption of full disk encryption tools by organizations as a way of guaranteeing maximum security of their data. Apart from restricting information accessibility, firms can use other tool to monitor and protect classified data from inadvertent leakage from the networks. These tools can be in the form of software and hardware, and as the need for more protection becomes stiff, more tools are being developed. In the side of software, firms like Tenable Security, a US based network security, established the Nessus Vulnerability Scanner. The role of the scanner is to detect important data and information that is unprotected in the network an aspect that makes it to be accessible by any one. Thorough the subscription of the Nessus Direct Feed, the users are in a position to establish ways to deal with the information that can be compromised. Notable software that can be used by organizations is Windows Rights Management Services (RMS). Though this solution, clear and specific rights to the data notwithstanding the destination of the information. For example, RMS can be applied to regulate the ability of individuals not only to forward sensitive data, but also to print it. Similarly, in a case where a worker stores the information in a portable media and takes it to some other places, the organization can limit his or her access to the information by the use of RMS thus ensuring that the worker does not access the information. Security for devices One of the major causes of information leakage either though the managers or employees offices is lack of security of the devices they use during their activities. The first method of securing their devices is through the use of security software. This can be done installing firewall, anti-virus software and anti-spyware software. This should be followed by setting their own preferences thus ensuring that protections are updated. The second security issue is to avoid phishing emails. It is recommended that employees should not open download programs from unknown sources (Tony, 2007). In this way, they avoid providing passwords and other corporate information to a spyware or to the computer virus. It is vital for employees and managers to be wise about Wi-Fi. Before the parties send information in an area with public wireless network for instance library, hotel, and coffee shop among others, it is vital to identify whether the information will under protection. In the modern times, individuals and firms have turned to using laptops to transact financial transactions. In this case, individuals should not use automatic login feature that saves their passwords and names and once they are through with their devices, the users should log off. In this way, it will be difficult for a thief to obtain the internal information in case the laptop is stolen. Conclusion Based on the above discussion, it is clear that security and protection of information cannot be overlooked if any firm aims at retaining its competitiveness. During their duties, employees and managers should be guided by the policies of confidentiality, integrity and availability. Before coming up with ways of securing the classified information, organizations should establish the roles and individuals who are involved in information classification depending on the importance of the information to the managers. Some of the notable methods of securing classified information that firms should adopt includes use of directory rights and permissions, encrypting the information, Nessus Vulnerability Scanner, and Windows Rights Management Services. Within the working areas or while outside, managers and employees should ensure maximum security of their devices and information. This involves use of security software, avoiding phishing emails, being wise about Wi-Fi and using passwords. Such security measures will close any loophole that the unauthorized parties and competitors can use to access corporate information. References Pipkin, D. (2000). Information security: Protecting the global enterprise. New York: Hewlett-Packard Company. Tony, B. (2007). Securing Sensitive Information: Protecting Your Network Against Information Leakage. Available from http://technet.microsoft.com/en-us/library/cc512673.aspx Read More