Introduction:
Business today retains a variety of problems, a major one of these problems are breaches in information and consequently society has come up with Information security to help secure peoples privacy. In order to understand why we have information security, one has to first apprehend the value of information. Typical information stored by different businesses and individuals will consist of an assortment of hypersensitive information that revolves around their employees, financial status, earnings, plans for the future, personal information etc. Naturally the more information we store and process in cyber space, the more of the risk of unauthorised entry occurs. Thus, protecting our information has become a number one priority, as information security helps protect lives and businesses.
In today’s day and age it is vital for various companies and institutions throughout the world, to practise information security. Various collections of information need to be securitized in order to help protect the privacy of both clients and customers. Information security refers to the act of protecting information and information systems from unauthorized access, use, disclosure, disruption modification or destruction (Laura Schneider, 2012). Data held on various IT systems could be of value and critical to the business, thus it is essential to maintain that the information security is most up-to-date. The three main goals or in other words the main purposes of information security is to help preserve companies’ confidentiality, integrity and the availability of information.
The Practise of information security differs from country to country as different countries prioritise their needs dissimilarly. In this paper, whilst...
... middle of paper ...
...rity/gramm-leach-bliley-act
4. http://college.cengage.com/business/modules/sox_module_secure.pdf
5. Whitman/Mattord Principles of Information Security, International Edition (Check email for more info)
6. http://technet.microsoft.com/enus/magazine/2006.09.businessofit.aspx
7. http://itlaw.wikia.com/wiki/Gramm-Leach-Bliley_Act
Section 2:
1st in-text citation:
https://www.msb.se/Upload/Produkter_tjanster/Publikationer/KBM/Information%20Security%20in%20Sweden.pdf
2nd in-text citation:
http://itlaw.wikia.com/wiki/Data_Act_1973
3rd in-text citation:
http://www.scandinavianlaw.se/pdf/47-18.pdf
4th in-text citation:
http://www.regeringen.se/content/1/c6/07/43/63/0ea2c0eb.pdf
5th in-text citation:
http://www.regeringen.se/content/1/c6/07/43/63/0ea2c0eb.pdf
6th in-text citation:
http://www.government.se/sb/d/2707/a/15195
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
The intensity and depth of an organization's security policy depends heavily on the nature of their business. A large company compared to a small company would require a different approach to their security policy. Also, the type of information that the company dea...
The idea behind information security is that data, either personal or commercial, will only be viewed by those for whom it was intended and keeping unwanted eyes away. One of the most popular methods to secure data is the use of passwords and/or PIN numbers that only designated persons know. This type of securing information worked well when the password and/or PIN numbers follow a secure policy, but this method quickly fails when the designated persons that use the secure information mistreat the password and/or PIN numbers.5 The user may write down the key needed to access the information or simply tell it to someone who does not have access; then the information is no longer secure and problems arise. In the case of an organization, they may notice that information is being leaked to a rival and would need to find the source of the leak to prevent it from occurring again.
ISO 27001: Information Security Management System: This standard helps organizations implement security as a system versus numerous controls put in place to solve seemingly isolated issues. The standard includes handling of electronic information as well as paper-based information. From the management perspective, this standard, main contribution is to formalize the concept of risk assessments and organize information security as a quality improvement activity. The standard includes the plan-do-check-act (PDCA) concept as well as the principle of continually assessing the organization, not just episodically (Murphy, 2015).
Information security is made up of three main attributes: Availability is the prevention of loss of access to resources and data. Integrity is the prevention of unauthorized modification of data, and Confidentiality is the prevention
The computer is considered one of the most important technological advances of the twentieth century. Security and privacy issues have been in existence long before the computer became a vital component of organizations' operations. Nevertheless, the operating features of a computer make it a double-edged sword. Computer technologies with reliable error detection and recording capabilities, permit the invasion of a supposedly secure environment to occur on a grand scale and go undetected. Furthermore, computer and communications technology permit the invasion of a persons' privacy and likewise go undetected. Two forces threaten privacy: one, the growth of information technology with its enhanced capacity for surveillance, communication, computation, storage and retrieval and two, the more insidious threat, the increased value of information in decision making. Information has become more vital in the competitive environment, thus, decision makers covet it even if it viol!
The evolution and understanding of the importance of information security and risk management originates from the awareness for the potential of IT in business functions and as a business enabler. This was then followed by the realization that the risks brought about by this boundless facilitator must be appropriately understood and addressed. The essence of information security and risk management is to identify low vs. high-risk systems and processes, followed by appropriately addressing those risks.
The phrase ‘cyber risk’ means jeopardizing an organization’s financial status and revenue due to the advancement in technology (IRM, 2014). The concern with the increase growth in technology, it causes a high risk in security and privacy. Cyber risk may not only occur in big or small organizations, but also data breach in high-profile personnel’s or release of government documents. While businesses and society continue to engage in the use of technology, the potential cyber threat is really underestimated. Cyber risk management will help prevent the release of confidential and personal information to the attackers. Some examples of recent cyber attacks are the massive data breach at Target and the leak of confidential information in Panama.
Data Security is critical in the computerized world we live in today. Cyber Security is a big part of data security in the United States and all parts of the world that rely on networked computers in a business and personal environment. The business and personal environment is more difficult to separate with all computers touching the Internet. Businesses have more responsibility to keep their data safe than someone working personally on the Internet.
According to the information security governance, success is often less, due to inability to value the the organisation 's information and data. This creates the discussion on the needs for security and the resources to be assigned to this.
A major challenging impacting organizations, is having a comprehensive security plan that will safeguard the personal information of their clients and employees. While at the same time, it must be able to streamline the different administrative and technical functions. The result is that firms must develop and update their strategies to deal with the changing nature of the threats they are facing. This is because as technology improves, more are increasingly vulnerable to a host of ever changing tactics. The result is that the issue of cyber espionage is becoming a problem. It is utilized to: give competitors, criminal elements and governmental entities access to sensitive information. (Mackie, 2015)
Cyber security is an important part of our growing world. More business is conducted through the internet than ever before. Therefore, it is important to keep our information secure, because currently information is a commodity.
Nowadays, the information is the most treasured asset in an organization, due to it along with the experience represents the input necessary to take appropriate decisions and consequently to have success in the business. Almost all the information and knowledge related with the processes business, goods and services offered by a company, is processed, managed and stored through technology and information systems, thus the security of information has become increasingly important and plays a critical role in the enterprise government.
Privacy exist wherever personal information or other sensitive information is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. The challenge of data privacy is to use data while safe-guarding individual's privacy preferences and their personally identifiable information. The fields of computer security, data security, and information security design and utilize software, hardware, and human resources to address this issue.