Wait a second!
More handpicked essays just for you.
More handpicked essays just for you.
The importance of computer security
Advantage of information and computer security
Advantage of information and computer security
Don’t take our word for it - see why 10 million students trust us with their essay needs.
Recommended: The importance of computer security
Why do we need management’s support for information security? Doesn’t IT own information security? The technical side is important, but management’s role cannot be overlooked. Thornton states that management has to drive information security. Why does management need to drive this policy? The management team is legally responsible for any breaches that occur. Plus, senior management has a fiduciary responsibility to the company’s assets. Our management can provide the necessary resources, including finances and personnel, needed to implement policy. Senior management can provide clear direction when stakeholders disagree. Finally, when senior management places importance on information security, it creates a culture where employees recognize the importance as well.
So how do we get executive support for our information security initiatives? First we need to start the discussion with senior management. Our goal is to get their attention on the importance of good information security policy. We can do this by communicating the need for compliance, the consequences of noncompliance, and finally the company’s responsibilities to the customer. These are all factors meant to entice management’s support of our security policy.
Compliance issues that affect our corporation should be expressed to our management. These can arise from laws at the state, federal, and international level. The Sarbanes-Oxley ACT, the Electronic Fund Transfer Act (EFTA), Massachusetts 201 CMR 17, and the Fair and Accurate Credit Transaction Act (FACTA), are just some of these laws that require a well-supported information security policy. Regulations including the Payment Card Industry Data Security Standard (PCI DSS) or the Red Flags Rule can drive the need for compliance. Industry specific guidelines including the Federal Information Security Management Act (FISMA), the Health Insurance Portability Act (HIPAA), and Title 21 CFR part 11 Electronic Records also impact our compliance policies.
The fear of what noncompliance brings can also entice management’s support. At the very least noncompliance can damage a company’s reputation. Data breaches continue to haunt Target, Sony, and TJ Maxx to name a few. An effective information security policy can limit the damage to our reputation by laying out a course of action to take if a breach occurs. Poor security controls can also incur monetary damages through fines and remediation costs.
What concerns the government of the United States most is the security of the critical infrastructure from the cyber threats. The nation is depending heavily on the technology in most of its critical sectors to keep it up and running. Thus, this makes its more vulnerable to cyber-attacks from outsiders and insiders. Therefore, its protection must be a priority.
About 15 million United States residents have their identities and information used fraudulently each year. Along the use of their identities, they also had a combined financial loss totaling up to almost $50 billion. Major companies such as Apple, Verizon, Target, Sony, and many more have been victims of consumer information hacking. In each of the cases, millions of consumers’ personal information has been breached. In the article “Home Depot 's 56 Million Card Breach Bigger Than Target 's” on September 18, 2014, 56 million cards were breached due to cyber attackers. Before the Home Depot attack, Target had 40 million cards breached. Company’s information is constantly being breached and the consumers’ are the ones who end up having to pay the price. If a company cannot protect the information it takes, then it should not collect the information.
...ed on how to respond to information security breaches. Regardless of an organization size, there is always the risk of information breaches.
For instance, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), “standardizes the use of electronic health information and mandates the development of security standards and safeguards for the use of electronic health information” (Akowuah, Yuan, Xu, Wang, 2012, pg. 41). Although, HIPPA is federal mandated, in some cases state laws take precedence over federal privacy and security laws. For example, in states where there is child abuse, death, or injury state laws override HIPPA laws (Akowuah, Yuan, Xu, Wang, 2012, pg. 43). State laws also override federal laws when the state laws protect patient’s information more than federal laws, and during financial audits (Akowuah, Yuan, Xu, Wang, 2012, pg. 43). Therefore, managers must understand and thoroughly educate their healthcare personnel on the on all privacy and security laws, to know how to properly address cyber-attack and prevent
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
In this case, a large health services organization (HSO) in Florida, that has a world-renowned AIDS treatment center had information breach of 4,000 HIV+ patient records, and the list was sent to newspapers, magazines, and the internet. Consequently, this issue was featured in every media vehicle in the world and as CEO, you are requested by the board of trustees to come up a better management information system (MIS) to resolve all information security issues or you will face termination. After hiring an undercover computer security consultant to help determine where the security leak came from, she quickly identifies numerous breaches in computer security and provides a report with the issues identified. The report furnished by the consultant revealed that facility had major problems with the MIS and the staff. In order to determine how to address the issues, the CEO must first answer the following questions: what law is being violated by the employees, why was this law enacted, what are the penalties for such violations, what are the penalties for sharing celebrity information, and should he be updating his resume and looking for another job (Buchbinder, 378).
Coca-Cola Security Breach Put Personal Information Of 74,000 Employees at risk. Failure here appears to be processes surrounding disposal of old equipment without doing any encryption causing data to be breached. Also some times, a criminal can act as an employee
for example, Sony was fined because of their data which was not up to date and hackers got hold of people’s personal data, this ruined Sony’s reputation because the customers will not be able to trust the company anymore and they will have a massive fall in market sale. Organisations should take this into consideration and always stay up to date because competition is a massive distraction for the companies. (TheDrum,
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
Business must ensure that they are up to date with the current laws and that they
Compliance has been a big challenge for the organization; however, there are numerous factors that have contributed to compliance issues. These factors include the fact that there are a lot of rules and regulations that the organization needs to comply with such as HIPAA among others (Vaidya, 2013). All these policies require fully trained and qualified personnel, and the organization is lacking the right personnel to spearhead the compliance. Therefore، it has been very hard to comply with the set rules.
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
Johnson, B. R. (2005). Principles of Security Management. Upper Saddle River, NJ: Pearson Prentice Hall.
computer security safe guards the computer in three ways by failure of availibility, intengrity and confideliaty or privacy. Failure of availbility is the denial of service for which is a serious threat to life and society as now more are more dependent on computers. Integrity is the returning of programs exactly as what they are. Any modifications to programs must be made only by an authorized person to maintain the accuracy, quality and precisoin of the data. The third one is the privacy which is an inappropriate disclouser of data. A security policy is the one that defines the actions to be authorized, access to resources and what to be protected against what threat in order to achieve the ...
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.