Data Security Policy and Effective W5 Security System - Essay Example

Running head: DATA SECURITY POLICY Data Security Policy The following pages present an analysis of Data Security Policy and comprise detailed analysis and recommendations regarding the improvements to our department’s data security policy. Business and client information security and privacy are the leading concern in any organization, especially in the present day context of e-commerce, where consumers are also concerned about identity theft ( www.whitepapers.znet.co.uk:80). This report deals with the preservation of business and client information as well as other confidential information by improving security measures. Modern technology poses a threat in terms of ease of access to data and information which is exchanged over the Internet, which can compromise the privacy of both individuals as well as confidential information pertaining to business activities (Laudon & Laudon, 1999). Privacy is the freedom individuals have to be left alone both at home and at work, free from observation or intrusion by other individuals or the State, or in the case of organizations, from the State and unauthorized sources. Information technology and systems threaten individual rights to privacy by making the intrusion into privacy inexpensive, cost-effective, and efficient (Laudon & Laudon, 1999). Organizational information security strategies, measures, and standards are entirely significant reflections. An organization must take care to devise and put into practice a successful information safety plan, that can cover every phase of available information. Each category of such information safety serves a diverse function. The W5-Data Security Policy incorporates the following main points regarding the organizational data (W5-data security Policy, 2009) (a) The nature of the data and information (b) Determining who gathers such data and information (c) Determining how the data and information are utilized (d) Ascertaining the parameters and authorization for the sharing of such data (e) Alternatives available concerning data utilization, allocation and gathering (f) Security measures that are implemented to ensure that the confidentiality of the data is preserved (g) Procedures for correction of any mistakes occurring in the collected data and information. Data security risk Security risk: Consumer based applications such as Internet sales and call center programs pose a security risk to data at its collection point, because they can be tapped by unauthorized sources.(www.protegrity.com). The data and information security risk can be illustrated as the intensity of its effect on organization activities (including operational jobs, illustrations, or status), organization assets, or on individual and/or financial information collected during the process of entering into business information arrangements. The security of data may also be compromised during the process of its use, such as for example through actual theft or hacking into data as well as insider theft, all of which pose a hazard (Rebecca, 2007). Possible effects The above section has presented the possible hazards in a business situation. Such situations can lead to potential intrusions into confidential financial and other data. For instance, unauthorized persons gaining access to such information could use it for blackmail purposes or for identity theft in the case of individuals. When the security of data is compromised, customers become reluctant to engage in business activities such as e-commerce. Data Security Procedures Data security procedures illustrate how to put into practice the data security strategy. Organizational policy on data security articulates the series of mandatory procedures that must be fulfilled to effectively ensure the security of data, both at its collection points and during its access. Policies, procedures and/or guidelines for action to be taken provide employees the information essential to do a job, while also providing an assurance to customers and management that the data collection and access jobs are being done in a trustworthy and standard way. These procedures enhance efficiencies in worker jobs as well as help in the avoidance of exploitation and scam (Christine & Wemhard H, 2000). For instance, a data security strategy possibly will require that all confidential information pertaining to business activities be encrypted. Some measures that could be employed for instance include SSL encrypted systems or the utilization of a VPN (virtual private network) also known as virtual private network, in including the software and hardware specifications to be adhered to in order to achieve the desired objectives (Rebecca, 2007). W5-Data Security Devising an effective W-5 strategy to ensure preservation of data security within the organization is a great deal more intricate than merely ensuring the safety/security of the organizational perimeter only. Large size businesses need to implement a modern, state of the art data and information security model to protect client data. Nowadays the mostly used layered information security model foundation is on a "black list” and facing pressure because of (a) scaling troubles as well as (b) working/operational operating costs. A Trusted Enterprise Model is based on confidentiality, trusted dealings, unique and integrity of the client information and data (Rebecca, 2007). As pointed out by Robins and Rakow, the vulnerability of systems is doubling each year, but using “fortress style security and crisis management models” are not effective in protecting against the threat to data security, because they are premised too much upon physical security models. W5-Data Security policy A basic template for a group computer security plan must include the following elements (www.cc.jlab.org): (a) security awareness, i.e, making all employees and users of organizational databases aware of the security risks and threats which exist, so that they exercise care in using it. This could include for example, a notification or warning when information is being exchanged over an unsecured or non encrypted network (b) system integrity, or using a system that comes with built in security features. For instance, Microsoft package systems are a part of the CCU domain, which provide for regular system protection and virus protection updates. This ensures that organizations making use of such systems will have access to patches and regular updates on security or operational defects (c) Data integrity, i.e, backing up the data on a regular basis and storing them on offline devices, so that confidential and sensitive information is not irrevocably lost (d) restricting access to sensitive proprietary data: i.e, sensitive data should not be accessible through the use of standard procedures and authorization should be clearly established, with back up data being stored on unshared systems where access is restricted (e) control of access: i.e, using protective measures such as encrypted networks and passwords at various process levels to ensure that access to data is effectively controlled. This basic template could be used to devise a W-5 security system at any organization and modified to clearly established the points of access and include the use of passwords to demonstrate the right of access. Passwords to access data can also be updated and changed on a regular basis, so that unauthorized persons who gain access to data will be unable to use it unless they have the latest information. The most important aspect of any security plan however will be to clearly spell out under Company policy, the extent of information which can be accessed by which personnel, while also making all employees and management aware of the security risks posed, so that they exercise care in sharing and storing sensitive information such as passwords. An effective W5 security system can be initiated only after undertaking risk analysis. Sensitive information, including the points at which it is generated and the locations on the system where it is stored are the ones most vulnerable to threat must first be identified and valued, so that a monetary assessment can be made of potential losses that would occur if the system was compromised. Identifiable risks should include those arising out of (a) environmental factors such as a power failure, floods, etc (b) sabotage such as the potential activity of hackers and (c) errors arising out of human failures in inputting data or in poor quality control systems(www.niatec.info). Risk analyses are useful because at the outset, they ensure that all possible threats to data are taken into consideration and secondly, it is also useful to management in ensuring that the cost of implementing security does not exceed the value of potential losses arising out of the information being accessed by unauthorized persons or destroyed. References Christine, H., & Wemhard H, M. (2000). Mobile Teleworking: Some Solutions and Information Security Aspects. Siemens AG, Information and Communication Products, Information Security, (pp. 322-325). Wang, F. F. (2008). Mobile WiMAX Systems: Performance and Evolution. IEEE Communication (pp. 41-49). IEEE. Farwell, J. (2008). WiMAX Wireless Technology. Retrieved 04 29, 2009, from http://www.pctoday.com Laudon, K. C., & Laudon, J. P. (1999). Management Information Systems, Sixth Edition. New Jersey: Prentice Hall . Monk, E., & Wagner, B. (2009). Concepts in Enterprise Resource Planning, 3rd.ed. Boston: Course Technology Cengage Learning. Norton, P. (2001). Introduction to Computers. Singapore: McGRAW-HILL. Rebecca, H. (2007). Security Inside the Perimeter. Retrieved 05 05, 2009, from Real Time Publishers: realtimepublishers.com “Security and trust: The backbone of doing business over the Internet”, http://whitepapers.zdnet.co.uk:80/0,1000000651,260646516p,00.htm; Shelly, G. B., Ccashman, T. J., & Vermaat, M. E. (2005). Discovering Computers 2005. Boston: Thomson Course Technology “Template for a group computer security plan”, http://cc.jlab.org/docs/security/procedures/group-security-plan-template.html; W5-data security Policy. (2009). Retrieved from W5-data security Policy: http://www.informit.com/content/images/9780789738226/downloads/0789738228_web05.pdf W5-data security Terms. (2009). Retrieved from W5-data security Terms: www.w5networks.com/terms.php Read More