Information Privacy: Corporate Management - Essay Example

Management and Information Systems Introduction Any organized human activity, which is done in-group, will be most times constituted into an organization. So, organization is a structure with a ‘collage’ of humans doing their allocated work under the management of a leader, for the benefit of the organization as well as them. These employees will normally be apportioned or “structurized” into different departments for better arrangement and streamlining of work. Normally employees will be assigned different roles by the management, according to their educational qualifications, experience, skill, knowledge, etc. And when the management team and the employees work together, they will be aided by various tools, including technological tools Role of Technology in organisations Through out the 20th century, many technological products including Information Technology products were developed around the world, which had and is still having applications in all spheres of human lives. Out of the many technological products developed, a good number are being used in organisations, particularly Information Technology products. That is, organisation of today have used or integrated technology in every aspect of their functioning. From opening a simple door to carrying out advanced operations, technology has become an omnipresent entity in organisations, with their entire operations hinging on the support provided by technology, particularly Information Technology. Threats The employees working in organisation will use the technological tools in various ways to complete their works effectively, easily and quickly. But, at the same time, the same employees could use the technological tools, specifically Information Technology products negatively to gain undue advantages or profits for themselves, and thereby cause damages to the organizations. This could happen when the employees’ thought process due to the certain negative situations and intentions, starts functioning in the negative direction. Negative direction in the sense, the employees instead of positively contributing his/hers skills, knowledge and experience to the organization, will try to damage their employers in all aspects using Information Technology. The employees could wreck the organisations in which they are working, by using Information Technology in both ways, that is, they could alter or break down the Information Technology products found and functioning in the organisations, and also they could bring in or use other external Information Technology products from outside to disable the technologies used in the organisation. Apart from those harmful and disgruntled organisation employees, external elements in the form of competitors, thieves, hackers, etc, could also attack or intrude or rob the organisations using Information Technology. “…usually crimes are carried out by disgruntled employees who feel the company has treated them unfairly. Employees lower down in the hierarchy may take advantage of loopholes that they see in the system. Data theft can often occur by employees leaving to set up a rival company or data is stolen to sell on to rival companies.” (CY4OR). That is, with ulterior motives, they could wreck and cause immense losses to the organisations ranging, from loss of money, data, contracts, etc. “If the perpetrators aren’t caught, companies are at a huge financial risk, not to mention the risk to company image and reputation once a breach occurs” (CY4OR). So, organisations need to review and test their security status, to prevent the losses. Every organisation will have what they call Critical Information Assets. Information securities should be primarily concerned with the data/information confidentiality, integrity and availability of data in all its forms, electronic, print, etc (Hill 1995).These assets will only work as the crucial components, which will aid the functioning of the organisations. So, because of its crucial value, these Critical information assets form the main target for attacks, from the employees and other external elements. The attack or breach into the organisation’s technology corridor could be mainly in the form of Virus attacks. With more complicated and virulent Viruses created every day, using advanced computer programs, the technology of organisations are exposed to constant threats. That is, organisations normally use servers, workstations, desktops, networking components, etc, as part of their Information technology system. Also, in organisations, the information technology systems will be integrated with other automatic or mechanical machineries. Apart from these hardwares, the system will also be connected and also interconnected, using virtual networks in the form of internet or intranet. So, organisations will be dependent on an entire Information technology system for their day to day functioning and also for many specialized and important functions. But, if a Virus infiltrates into this system through loopholes, then it will crash the entire system or a part of the system, bringing down the functioning of the organisation. That is, when the information technology system of an organization is under Virus attack, all the information technology related hardwares will stop functioning. The Virus could also corrupt all or the main files of the softwares that are running those hardwares. When this happens, apart from the stoppage or crash of the information technology components, there will also be loss or stealing of data through the affected system. That is, by infiltrating the systems through Viruses, the culprits could steal the critical information assets. This loss of assets will put the organisation and its customers in a lot of peril. So, the main problem with these Virus attacks on the information technology systems of organisations is that, it will crash the system and also could lead to loss of very important data. “Security professionals in both the private and public sectors have been victims of a chain of attacks that start with one kind of VIRUS attack that sets up a subsequent denial of service (DoS) attack or phishing scam designed to capture confidential information (such as personal data that can be used for identity theft) (CRA Reports). So, these Virus attacks are one of the main security threats that organization needs to beware of. Ways to review and test their security status Information security is a complex issues in there is no single “off the shelf” solution for these issues, organisations usually consider the security issues as technical issue which is major perception of top management (Solms 2005).One of the first ways in which organisations can review and test their security status is by monitoring their employees. That is, as discussed above in detail, employees or ex-employees of the organisations due to one reason or other will try to breach the information technology system of the organisations. To eliminate this possibility, the organisations should have certain strong policies or set standards. The employees could be prevented from committing violations in the information technology systems, by blocking their access to sensitive installations. That is, they should be given sanctions to enter or access those secure installations through previously formulated protocols, which should be developed on the basis of employees’ conduct over a long period. Also, access should be given after fool proofing the security apparatus of the installations. That is, security measures like Closed Circuit TV Camera systems, authorized entry mechanisms, trackers, etc should be installed in all the sensitive installations of the information technology department, to monitor the employees and prevent them from becoming security threats. “Agencies shall develop, document, and implement policies and procedures for the selection, orientation, and supervision of employees and contractors who have access to agency IT resources. The objective is maintained and to promote an awareness of security matters” (Washington State Department of Information Services) The main problem of Virus infiltration and other infiltrations can be solved, if a fail-safe Anti-Virus Protection system is implemented. In some cases they tend to rather concentrate on the processes required for successfully implementing the information security policy (Milberg 2000). The Anti-Virus Protection system should be able to address the three processes of Virus prevention, detection and removal, including signature currency. These all three interconnected processes can only help the organisations to function without any crashes and damages. Care should be taken to ensure that the Viruses are totally removed because some anti-Virus programs could only detect the Virus, and will be unable to remove it. Then using that system, the organisations should also "ensure that all file transfers, e-mail of all types, and web browser based traffic are examined for known viruses" (Washington State Department of Information Services). As internet and email are the rich source of viruses, the protection system should be able to block the entry of any viruses, from these sources. With new viruses being created every day, the protection system should be upgraded often to neutralize the challenge from the new viruses. Apart from these measures, steps should be taken to ensure that all the softwares, used to access or transmit through the Internet are approved by an authorized agency authority, inside the organisation (Washington State Department of Information Services). Then, the softwares related to the anti-Virus Protection system and other usable softwares of the organisations has to be upgraded or incorporated with all the provided security patches that are appropriate to the environment in which it is operating in accordance with the patch management standards (Washington State Department of Information Services). Along with the patches, the computers, which are part of the information technology systems should be updated with all the critical and security updates, in a timely manner. In most of the organisations, the Networking system will be used to maintain constant communication and to enable safe transfers. And the measure that can be implemented to ensure that these two necessities are met is to have a secure network session, with appropriate network breach detection and incident response processes. These processes will have a very positive effect on the functioning of the organisations because any breach or infiltration by hackers using viruses and other tools can be detected and eliminated. These two processes can also secure wireless devices, available throughout the Local Area Networks of the organisations. From technical solutions and contractual regulations to organizational awareness of current risks, threats and vulnerabilities, these control and measures cover a broader range but for sure the information security policy is certain the most vital in the range (Kaplan and Norton 2001). The next step through which the organisations can test and review their security status is by having a fool proof and safe data protection and sharing mechanism. That is, while sharing the companys data including critical information assets, the involved parties should sign a service level agreement (SLA). In that agreement, all the intricate and in-depth details about the ways in which the data should be protected and shared has to be spelled out. Firstly, steps should be taken by the organisation to protect its data in its original form and also the authorized changed data. "Secure data storage is defined as the protection of data content and changes in data state from its original storage on electronic media by using encryption processes" (Washington State Department of Information Services). The first step to protect the data is by using a strong encryption process. That is, the data should be encrypted in a strong way, so that the intended receiver only accesses the data, with third persons having no chance to access the data, illegally. The intended receiver should also be able to un-encrypt the sent data through a authorized process. Even the used data should be protected using safe and encrypted devices. Then, when the data is shared through E-mail or network pathways, it should be made virus infection free. It can be done as discussed above through a strong encryption mechanism. Also steps should be taken to ensure that exchange of information occurs only between secure endpoints. When bigger files, softwares, etc are transferred as attachments through E-mail, then those attachments should also be encrypted, to prevent infecting them with Virus. Security of these information systems have to be given great importance and can be considered challenging since there is ever growing need to be managed and controlled properly (Smith 1989). Conclusion The organized human activity under the structure of organization has to be carried out with precision, for it to succeed. But, precision in organizing or planning cannot be done without the initiatives and the fullest co-operation of the motivated and hard working employees. This unison of many employees a under single organization to reach a target can always be aided by technology, importantly information technology. The information technology and its related products can be used optimally, if there is no security threat to it. So, to nullify the security threats, organisations can no longer ignore the importance of information security (CXO). That is, if corporations use more automated and proactive management strategies that correlate and integrate information from a wide array of security solution, it will translate to higher productivity and growth (CRA Reports). And, if all the parts of an organization conduct this way, they can be fully utilized to have ubiquitous presence all over the world for the organization. References CRA Reports, Security Threat Management (STM), viewed on April 30, 2010 http://www.high-tower.com/docs/Security_Threat_Management.pdf. CXO, ‘Data Security Breach’ – Don’t let your company be named in the next data security breach headline, viewed on April 30, 2010 http://www.cxoamerica.com/pastissue/article.asp?art=270120&issue=202 CY4OR, Computer Forensics Companies Can Help with Security Breach, viewed on April 30, 2010 http://www.cy4or.co.uk/pr-computer-forensics-security-breach.htm Hill, LB, Pemberton, M 1995, Information security: an overview and resource guide for information managers, Records Management Quarterly, vol.14. Milberg, SJ, Smith, HJ and Burke, SJ 2000, Information privacy: corporate management and national regulation, Organization Science, vol.11, no.1, pp.35-57. Kaplan, RS and Norton, DP 2001, The Strategy-Focused Organization, Harvard Business School Press. Solms, B 2005, Information Security governance: COBIT or ISO 17799 or both? Academy for Information Technology, University of Johannesburg, Johannesburg. Smith, MR 1989, Commonsense computer security, McGraw-Hill, London. Washington State Department of Information Services. Information Technology Security Standards, viewed on April 30, 2010 http://isb.wa.gov/policies/portfolio/401S.doc Read More