Business Management Technology: IT Security Management - Essay Example

Introduction: In this era of technological advancement, IT security management is very important for any business or organization. Now almost all companies use IT and IT system for storing, retrieving and processing of business data and customer’s information. They do many simple transactions, business to business transactions and customer to business transitions through IT system. Some of them can be of confidential nature. Any type of the IT system failure will badly affect both the functioning and the goodwill of the company. Thus IT Security Management becomes very important for a company. Even computers and its software are very costly. And the data stored in the computer is more important and costly compared to the computer cost. So management and the employees who are working in the IT system should have a clear awareness about the importance if IT security management in business. The purpose of IT security management is “protect the company’s information assets from all threats, whether internal or external, deliberate or accidental, to ensure business continuity, minimize business damage, and maximize return on investments and business opportunities.” (Information Security Policy Statement: Objective. 2004, p.13). Review of literature: Review of literature on this topic is given here: Broad objectives of IT Security Management: CEO of the company gives approval for the Information Security Policy of a company. This policy includes confidentiality, honesty, and accessibility of the information. Information assets should meet all the needs of the regulatory authorities. Information security should be provided to all the staffs. There is an information security manager in a business or organization. Specific objectives of the IT Security Management: There should be physical security, and other types of security like Internet security must be provided. IT security management should include organizations, risk management, ownership, policy standards, procedures, support and action with due care. (Importance of Information Security Management). Organization:-IT security management should be applicable to all persons in the company. Every one should take the responsibility of their actions. They should understand and support the company’s requirements and sincerely work to full fill those requirements. Risk Management: - Risk means uncertainty or a loss. Most important type of risk is operational risk. It is occurred due to internal or external events. Main reason for this type of risk is either fraud or error. Operational risks from IT effect credit, strategic, reputation, market risk etc. To avoid these risks top management must measure, control and monitor the technology. In risk analysis all the difficulties and events faced by the company should be analyzed. These threats and events will badly affect the company’s strategic and operational environment. Some examples of events that could effect the business institution are security breaches, system failure, external events, technology investment mistake, system development and implementation problems and capacity shortage. Different types of security breaches are virus attack, hackers, unauthorized access etc. System failure includes hardware and software failure, internet problems, communication failure etc. External events are different types of calamities happening on in the earth like earthquake, flood, terrorist attack, fire, cyber attack etc. Technology investment mistake includes lack of proper platform, unclear requirement definition, mismatch with the current system etc. Development Implementation mistakes include misleading of management, shortage of time and manpower, programming errors and inefficiency of the system etc. Capacity shortage occurs mainly due to the lack of proper planning. After identifying the risk the organization immediately estimates the after effects of the risk. (Risk Identification and Assessment). Ownership: - Storing and retrieving of data, any modification or process in the data and the transferring of the data should be done by the controlling authority of the organization. Otherwise there is a possibility for loosing the data. So the authority has the responsibility for these activities. Policy standards and procedure:-A company must have its own policies, standards and procedure. It helps to improve the IT security. For example, many companies have website and almost all companies have E-mail address. To give maximum IT security, implement some rules for the company that its password is never too short and it must include numerical letters. There must be at least eight characters. Password for the E- mail ID should be changed every month. To enter into the company’s website a user name and password are essential. So a person who knows the user name and password can enter into the website. Others cannot login into the site. It also helps to improve the IT security of the business. Business should have a procedure to do any work especially works which are of confidential nature. Support:-For the support and monitoring of the day to day activities of the entire systems, there is a need for IT security management. It enriches the security of the business. Action with due care: - Every major activities and major decision making are done by the knowledge of the manager. Otherwise each and every department creates their own IT policies and it leads to a collision between each department and the management. (Importance of Information Security Management). Development of the core arguments Information is the core of a business. Information is stored in the IT system that is mainly in computers. So the security of the IT systems is very important for a business. Any type of breach in IT security may not be affordable by the firm. Loss of the critical data will badly affect the financial security and goodwill of the company. Some times its aftereffects cannot be recovered. Many companies share their data and information with other companies. For this they use Internet instead of paper documents. Major advantages of using Internet is that it is faster than any other methods and can send large volume of data at one time. But Internet also has some security problems. Hackers are the major problem. They may access the data and change the given details like catalog of the company, item list, price list, etc. Sometime they may destroy these details. In some cases they edit or demolish the company’s website. By this way hackers can redirect the company’s customer. They also collect the financial details of the company and use this information for committing frauds. So company should implement effective IT security management. Major security breaches occurred in almost all companies are the misuse of the login details. It is mainly done by the employees or by the cooperation of the employees. By this way unauthorized access of the confidential data is occurred. Another factor that affects the IT security is computer virus. They can alter the software used in the business. Some viruses delete the existing files. Some others slow down the working of the system or lead to the system crash. Many viruses spread rapidly. It affects the proper functioning of the business. To avoid this type of data loss, keep a hard copy back up daily and load anti virus software and update that as regularly as possible. To avoid the misuse of the login details by the staff, promote a policy of the company. The breaches by the staff occur mainly due to the lack on knowledge about the importance of IT security in the business. So give proper training to the employees about the importance of IT security in the business and how to react when any virus attack is identified. And give more training to the people who do the IT based job in the company. Set a limited number of people like network operator and administrator to access the system. Check their background and working experience thoroughly. (IT Security: The Basics). Some important IT security methods: According to Richard W. Boss some of the important IT security methods are Server:-An organization having more than one server must allocate a server room for keeping the servers. Arrange high security for this server room. The windows in that room should be barred. Check the electric circuit in the room strictly. Fire protection system is essential for this room. Excess heat will lead to the server downtime and sometime it may damage the system. So provide air conditioning system in this room and every cabinet should have cooling fan. There should be an alarming system which operates when the working of the cooling fan is disturbed and the room temperature is increased. Precaution against water damage is also essential. Do not allow any pipes on the ceiling of the server room. Abnormality in power supply is another reason for the server damage. The server room must have a UPS (Uninterrupted Power Supply) which supplies power to the servers when the power supply breaks down. Provide firewall protection to the server. Firewall will help to deter attackers. Keep back up every day. Network:-In Local Area Network (LAN) use hybrid topologies like star bus topology. It is a combination of different types of topologies. Many computers are connected to a hub. And more than one hub is connected to another hub. For the connecting, different machines use unshielded twisted pair or twisted pair fiber optic cable. It provides high security and speed. Clients:-Try to regularly update the antivirus software. Mainly E-mail attachments act as the carriers of the viruses. So employees in the organization should be careful in opening the E-mail attachments. Avoid the opening of unknown E-mail attachment. Also give proper guidance to the staffs about the usage of E-mail and the way how virus attacks the computer. (Boss 2002). According to Dr. Rossouw von Solms “Today, business partners need to link their computer systems for business reasons, but first want to receive some sort of proof that the other partner has got an adequate level of information security in place.” (Solms 1996, p.281-288). Otherwise they can’t transfer their business data and information smoothly. Now many organizations have a single or group of persons assigned to the IT security management. A business firm has many business partners. So they should confirm their IT security. Conclusion: From the above mentioned points it is clear that IT security management is very important for a business. Information is the key part of the business. IT security management means keeping the confidentiality, integrity and availability of the data. Confidentiality means to protect the secrete information from unauthorized access. Integrity means to protect the accuracy and completeness of the data. Availability means to ensure the accessibility of the data as required. For the proper IT security management, organization should apply some policies and procedure. IT security management has both internal and external importance. Its internal importance is that IT security is essential for the proper working of the business. That means for the proper working, business need accurate and complete data at the correct time. External importance of the IT security is that company’s products and services are established in the market and any unsatisfactory information supply leads to inefficient service. It is not good for a business. For these every people in the organization should have a clear awareness about the importance of the IT security management. (Cazemier, Overbeek and Louk 1999, p.9). According to Chris Mitchell “Information system security is the application of managerial and administrative procedures and technical and physical safeguards to ensure not only the confidentiality, integrity, and availability of information that is processed by an information system but also information system itself , together with its environment as well.” (Mitchell 2004, p.407). For providing IT security for a business there must have efficient security for the servers, network and clients. Moreover the business must have proper risk management. Risk management is very important in IT security management. For solving major risks like virus attack, install most efficient anti soft wares like Norton and MacAfee and up grade them properly. To avoid unauthorized access give guidelines to the staff and implement proper IT rules, regulations and policies in the company. Bibliography BOSS, Richard. W. (2002). Disaster Planning for Computer and Networks. [online]. Last accessed 04 March 2009 at: http://www.ala.org/ala/mgrps/divs/pla/plapublications/platechnotes/disasterplanning.cfm CAZEMIER, Jacques A., OVERBEEK, Paul L., and LOUK, M C. (1999). Security Management: Fundamentals of Information Security. [online]. The Stationery Office. P.9. Last accessed 04 March 2009 at: http://books.google.co.in/books?id=1ANBY4CEQ0cC&pg=PA1&dq=Importance+of+IT+security+in+business+management#PPA9,M1 Importance of Information Security Management. [online]. KeyItSolutions. Last accessed 04 March 2009 at: http://www.keyitsolutions.com/information_security_management.htm Information Security Policy Statement: Objective. (2004). [online]. Dti. P.13. Last accessed 04 March 2009 at: http://www.berr.gov.uk/files/file9981.pdf IT Security: The Basics. [online]. Business Link. Last accessed 04 March 2009 at: http://www.businesslink.gov.uk/bdotg/action/detail?type=RESOURCES&itemId=1075423269 MITCHELL, Chris. (2004). Security for Mobility: There is More than Just Security and Privacy Measures. [online]. IET. P.407. Last accessed 04 March 2009 at: http://books.google.co.in/books?id=Zw5l0YAWq68C&pg=PA406&dq=Importance+of+IT+security+in+business+management#PPA407,M1 Risk Identification and Assessment. [online]. Management. Last accessed 04 March 2009 at: http://www.ffiec.gov/ffiecinfobase/booklets/mang/07.html SOLMS, Rossouw. (1996). Information Security Management: The Second Generation. Computers and Security, 145 (4), 281-288. [online]. Science Direct. Last accessed 04 March 2009 at: http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6V8G-3VV42CF-1&_user=10&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=b1310e1abdda2c98434d09fc2d178032   Read More