The increasing use of technology is the business sector has created the need for information security (IS) training. Training end-users on information security related items assists in the reduction of information risks that organizations encounter in the conduct of business operations. Furthermore, the absence of end-users training in information security will inevitably subject an entity to increased vulnerabilities that can render organizational security technologies and/or measures inept (Chen, Shaw, & Yang, 2006; Siponen, Mahmood, & Pahnila, 2009).
A security risk is the likelihood that an incident will occur and organizations commit various resources to mitigate security risks and vulnerabilities (Fenz, Ekelhart, & Neubauer, 2011). However, organizational commitment of resources does not alleviate responsibilities to constantly develop, purchase, or modify systems that assist in reducing security risks. The first section of this article will identify instructions that contribute to improving advance information security techniques. These various security techniques support organizational strategies that reduce information risks. Furthermore, this article will evaluate and compare knowledge-based systems used to reduce information risks. Lastly, the article will present a comparison on systems that are capable of managing information and subsequently provide ways to reduce information risks.
Improving Information Security Techniques
End-users are the weakest link regarding information security related items (Spears & Barki, 2010). Contrary to the aforementioned belief, Chen et al. (2006) stated the humans are more important than the technology used to reduce risks associated with information security. Arguably, a c...
... middle of paper ...
...iciency. Region Formation & Development Studies(8), 167-176. Retrieved from http://journals.ku.lt/index.php/RFDS
Senft, S., Gallegos, F., & Davis, A. (2012). Information Technology Control and Audit (4th ed.). Boston, MA, USA: Auerbach Publishers, Incorporated.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2009). Are employees putting your company at risk by not following information security policies? Communications of the ACM, 52(12), 145-147. doi:10.1145/1610252.1610289
Spears, J. L., & Barki, H. (2010). User participation in information systems security risk management. MIS Quarterly, 34(3), 503-A5. Retrieved from http://www.misq.org/
Wangwe, C. K., Eloff, M. M., & Venter, L. (2012). A sustainable information security framework for e-government – case of Tanzania. Technological & Economic Development of Economy, 18(1), 117-131. doi:10.3846/20294913.2012.661196
National Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems. Special Publication 800-30, 2002.
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
The way forward lays in a security risk management (SRM) approach that protects your company from the most severe threats to critical IT systems and operational processes. SRM helps your organization understand its assets and analyze the vulnerabilities it must address. Security risk management also facilitates internal and external compliance initiatives. It enables your organization to enforce policies that relate to the integrity of customer data, the configuration of corporate applications and databases, and the accuracy of financial reports. Companies that take a systematic approach to SRM reap additional benefits: operational efficiencies that lead to better management of resources and reduced costs. It's up to all the parties involved in the IT operations and security mission to demonstrate that they can take on the demands of this new challenge.
Data breaches have gone up significantly and hackers are coming up with innovative techniques of breaching the data security network. There are several challenges associated with cybersecurity management as there are a multitude of threats arising from various sources. Cybersecurity threat can have different levels of impact on an organization or a business and varies based on the industry type. According to the Securitas USA survey, manufacturing, healthcare and insurance, finance, information, and utilities saw cybersecurity as the topmost threat for their businesses (Securitas USA,
Yoon, C., Hwang, J., & Kim, R. (2012). Exploring Factors That Influence Students’ Behaviors in Information Security. Journal of Information Systems Education
Every organization, big or small, should have some level of security policy to protect their proprietary information. While the intensity and depth of an organization's security policy depends heavily on the nature of their business, common guidelines are mentioned in this paper that apply to all policies. One of the most important things to remember is that employees are a critical component to a successful security policy. It is the organization's job to ensure that their security policy is widely distributed and understood.
First, business practices required a computer incident response team (CIRT) to ensure that there is a capability to provide help to users when a security ...
Create a team with the following areas of expertise: Human Resources (HR), Legal, Technology, and other key business lines. The HR, Legal, and Technology team members will have a good understanding of the current policies related to information security. Moreover, such a team will be a fair representation of each area of the organization. Information Security Awareness needs to be an organizational-wide effort and must be presented in the same manner. (Wilson, M. & Hash, J,2003)
Today process and technology alone can’t assure a secure organizational atmosphere. To compromise a satisfactorily secure organization, cybersecurity polices and procedures are inaugurated and expertise within an
According to the information security governance, success is often less, due to inability to value the the organisation 's information and data. This creates the discussion on the needs for security and the resources to be assigned to this.
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
People want the freedom and empowerment to use technology, while being protected against malicious actions. Protection starts with awareness and education, the government needs to begin empirical goals around previous campaign successes. President Obama noted, “The government is bringing about unprecedented transparency and liability for Americans to take part in their democracy.” (Obama, 2009).
This report aim to explain how is achieved risk control through strategies and through security management of information.
the risk of security incidents and breaches is reduced by encouraging employees to think and act in more security conscious ways;