Information Security : An Organization

1368 Words3 Pages
bulb-icon

Recommended: The importance of computer security

Information security (IS) in modern organizations is of vital importance. Modern era of technology brings certain threats to information security but mostly are from internal factors. Enterprises ensures the need of safeguarding information by analysing information security risk for the business. The risk is managed by defining and implementing information security policies. The paper highlights that support from the senior management is essential in almost all decisions for securing information resource. Access controls and privileges assists in information assurance. Investment in information security controls depends upon measuring the business impact of threats. The paper concludes that security culture within an organization is the key factor that influences successful utilization of security measures and policies. All representatives of an enterprise should be made aware of their responsibility in regards to information security that results in framing IS culture within an organization.
1. Introduction
Due to globalization and gains, more and more enterprises are becoming reliant on Internet and information systems. But, it comes with information security risk. Organizations have become aware of security breaches and attacks due to vulnerabilities, technical issues, etc. and are investing in IS measures (Bojanc & Jerman-Blazic, 2013).
As per Glazer (1993, as cited in Doherty & Fulford, 2005), information is a strategic asset for the organizations used in strategic planning, daily process control and judgements.
The paper provides a comprehensive study of existing literature to sketch an unclouded picture of vital fundamentals of protecting enterprise information asset. The paper spotlights the need of ‘gap analysis’ between ...

... middle of paper ...

...d party contracts should have security policies documented when accessing business information (Alexander et al., 2013).
Top management should be involved in and should stay with security decisions. This is critical as most decisions are for outsourcing and partner firms (Johnson & Goetz, 2007).
2.2.5 Information Security Risk management
Risk management means identifications of risks, accessing their probability and then using measures to cut them down. The objective of IS risk management is to specify the relevant controls. The selection of IS controls for risk management depends upon certain factors like initial implementation and maintenance costs, global acceptance of controls for multinational enterprises, etc. (Peltier, 2013).
Risk assessment comes under BIA (Business impact analysis) and gauging the probability and losses by a threat (Alexander et al., 2013).

Show More
Related

  • Homeland Security: The Mission Of Homeland Security

    1035 Words  | 3 Pages

    Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what

    Read More

  • An Introduction to Access Control Mechanisms

    1930 Words  | 4 Pages

    The major threat of the organization is securing its gigabytes of data from the prying eyes of unauthorized outsiders and insiders attempting to exceed their authority. ...

    Read More

  • Penetration Testing

    3197 Words  | 7 Pages

    As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]

    Read More

  • Questions and Answers: Loss Prevention and Loss Reduction

    810 Words  | 2 Pages

    Risk management purpose is to prevent and reduce the frequency and severity of potential losses. Loss prevention programs promote avoidance of losses, measuring the loss frequency. Some examples are safety programs implemented to prevent workplace injuries, fire detectors, burglar alarms, and other protective devices to prevent losses caused by fire and theft. Insurance companies offer discounts to organization or individuals taking loss prevention measures as incentive for their participation.

    Read More

  • HIPAA, CIA, and Safeguards

    1633 Words  | 4 Pages

    Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.

    Read More

  • Security Manager is Essestial to Today's Organizations

    521 Words  | 2 Pages

    A security manager position is one of the most important jobs that you will find in any organization today. Recent events over the past few decades, have called for more re-amped security measures and procedures throughout facilities. The demand for this position was not the same as it was, twenty or thirty years ago. However, not every company operates on the same level and the position of a security manager may differ from company to company.

    Read More

  • Examples Of Operational Security Policy

    1136 Words  | 3 Pages

    A clear, straightforward policy in relation to operational security can often benefit the privacy and security of some businesses (“Understanding Operational Security,” 2016). As a result, Edu Corp constantly analyzes and deploys appropriate solutions to secure every company aspect relating to our operational security. By adhering to Edu Corp’s comprehensive Operational Security Policy, employees may assist in protecting and safeguarding various forms data and critical information, as owned by Edu Corp.

    Read More

  • The Impacts of Cyber Warfare

    1833 Words  | 4 Pages

    The ability to conduct warfare through technological methods has increased information security awareness and the need to protect an entities infrastructure. Subsequently, cyber warfare produces increased risk to security practitioners that employ technology and other methods to mitigate risks to information and the various systems that hold or transmit data. A significant risk to information lies in the conduct of electronic commerce, hereinafter called e-commerce. E-commerce is the purchasing or selling of goods and/or services through the internet or other electronic means (Liu, Chen, Huang, & Yang, 2013). In this article, the researcher will discuss cyber warfare risks, present an evaluation on established security measures, identify potential victims of identity theft, and present an examina...

    Read More

  • The Role Of Security Management In The 21st Century

    1604 Words  | 4 Pages

    Moreover, this critical review is important to the national security of America and abroad. The influence a leader and manager has on the security industry is vital. The positions are so crucial because security professionals across the board need influential leaders. It takes all kinds of security professionals to perform the demanding profession of security without fail. The 21st Century is challenging for any career choice, but for security it is an ever changing environment.

    Read More

  • The Five Steps Of Risk Management In Coca-Cola

    965 Words  | 2 Pages

    As the first step, identify potential risks plays a crucial role in the risk management process. The core purpose of identifying risk is to figure out causes of risk and analyze result caused by the risks and its probability . Hence, risk identification can begin with the source of problem, or with the problem itself. The chosen method of identifying risk may depend on culture, industry practice and compliance. The identification

    Read More

  • Thesis Statement For Risk Management

    2180 Words  | 5 Pages

    Risk mitigation is also the process of controlling actions, which are identified, and selecting the suitable ones to reduce risk according to project objectives (Pa, 2015). Risk mitigation is important in IT organizations in so many ways. According to Ahdieh, Hashemitaba, Ow (2012), mitigation of risk provides a mechanism for managers to handle risk effectively by providing the step wise execution of the risk handling (as cited in Pa, 2015, pg. 49). Some risks, once identified, can readily be eliminated or reduced. However, most risks are much more difficult to mitigate, particularly high-impact, low-probability risks. Therefore, risk mitigation and control need to be long-term efforts by IT project managers throughout the project lifecycle. There are three types of risk mitigation strategies that hold unique to Business Continuity and Disaster

    Read More

  • Effective Physical Security

    2468 Words  | 5 Pages

    Johnson, B. R. (2005). Principles of Security Management. Upper Saddle River, NJ: Pearson Prentice Hall.

    Read More

  • Biometric Technology

    1204 Words  | 3 Pages

    Nowadays, the information is the most treasured asset in an organization, due to it along with the experience represents the input necessary to take appropriate decisions and consequently to have success in the business. Almost all the information and knowledge related with the processes business, goods and services offered by a company, is processed, managed and stored through technology and information systems, thus the security of information has become increasingly important and plays a critical role in the enterprise government.

    Read More

  • Risk Management Strategies

    1713 Words  | 4 Pages

    Risk is the potential loss resulting from the balance of threat, vulnerabilities, countermeasures, and value. ...

    Read More

  • Information Security

    2693 Words  | 6 Pages

    The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.

    Read More

More about Information Security : An Organization

Open Document