Information Security Measures

Information security measures

Every organization must ensure that information is protected from loss and access by unauthorized parties. The information security measures should consist of physical, technological and administrative safeguards to protect the information (Hill, 2010). Each safeguard is responsible for protecting the organization from unauthorized access by persons from outside and within the company.

Physical safeguards include limiting the physical entry of personal into the organization or into areas information is stored. Physical safeguards include using a badge program that includes information about the employee and their specific access areas. Limiting the entrance of outside parties such as vendors or salespeople from access the network or using personal laptops in the organization is another physical safeguard (Hill, 2010). Physical safeguards would protect the movement of hardware and data storage devices such as flash disks in and out of the organization.

Administrative safeguards are important measures in protecting the information within the organization. Administrative safeguards include setting policies and procedures that guide the activities if the employees within the organization. Information access management is another administrative measure that determine who has access to specific information within the organization (Whitman & Mattord, 2012). Security awareness and training would help to educate the employees on their responsibilities and activities that should undertake to prevent loss of information such as deleting unknown emails to prevent phishing.

Technological measures of protecting information include establishing strong passwords to ensure data cannot be easily accessed. Encryption of data in the organization would prevent authorized parties from understanding the information. Installation of anti-virus and anti-malware would ensure malicious software are detected and destroyed before any sensitive information can be leaked (Whitman & Mattord, 2012). The organization has to put strong firewalls to protect their computer systems from entry. Backing up data constantly would prevent it from the loss when the system is hacked. Updating software periodically to ensure they are up to standards would be another technological measure of protecting information.

References:

1. Hill, D. (2010). Data protection. Boca Raton, FL: Taylor & Francis.
2. Whitman, M., & Mattord, H. (2012). Principles of information security. Boston, MA: Course Technology.

Common Information Security Threats in Business

Threats to information security

Information security threats include malicious software, stolen laptops or mobile devices, unsecured wireless internet networks, phishing and intruder/insider employee threat. Malicious software includes worms, spyware, viruses and Trojan horse. The malicious software is secretly installed in the network or computers in the organization and cause internal damage to information by deleting or corrupting it. The malicious software extracts information such as passwords and other sensitive information from the organization and uses this information for financial gains such as extortion or theft (Sanchez, 2015). Malicious software scan also leads to the breakdown of the entire computer network within the organization.

Stolen mobile devices and laptops are another major threat to information security. Once the laptops or the mobile devices have been stolen the information from them can be accessed. Laptops hold valuable and sensitive information and, therefore, leading to the theft of information (Teixeira, 2007).

Unsecured wireless internet connections provide hackers with an open door to enter the system. Hackers can easily enter the system through the wireless internet network and steal valuable information regarding the organization, its clients or its employees (Teixeira, 2007). The unsecured network gives hackers and easy access the system from outside the organization easily.

Phishing is the process whereby e-mails are sent disguised to seem like those from an authorized party in the attempt to gain confidential information such as administrative passwords from employees in the organization (Sanchez, 2015). Once the employee feeds the password to the link used in the e-mail, the hackers will immediately have the password necessary to enter the system. The employees must, therefore, be educated to understand the importance of protecting information from threats such as spear poising sent through emails.

Outsider or insider threat is also possible within the organization, outside parties may enter the organization steal the mobile devices or load up information in storage devices when not being monitored and walk away with it (Teixeira, 2007). Insider threats include disgruntled employee who is more dangerous than a hacker since they have access to the system and can delete or manipulate information at will causing damage to the organization.

References:

1. Sanchez, M. (2015). The 10 most common security threats explained. blogs@Cisco - Cisco Blogs. Retrieved 25 October 2015, from http://blogs.cisco.com/smallbusiness/the-10-most-common-security-threats-explained
2. Teixeira, R. (2007). Top Five Small Business Internet Security Threats. Small Business Trends. Retrieved 25 October 2015, from http://smallbiztrends.com/2007/06/top-five-small-business-internet-security-threats.html

Some Data Security & Privacy laws used in a Organization.

My organization of chose is the Bank of America. This is among the largest banks in this country and also controls a huge market share compared to smaller competitors. This means that it also has a large number of customers that it hands financial transaction for them, and this puts them in possession of their customer’s financial information that is considered to be personal information. Seeing that this information is well protected is one of the most important tasks of the bank so that they do not face cases in the law court on the giving out of personal information. This is done using several techniques and is assured by the data security measures that the bank has in place. Among the most important are;

 First is the protection of customer’s information. This is always the first and the most important. This is usually achieved by having very secure bank systems. Most of the financial transactions in today’s economy are electronic, and this means that in case that one has access to the data from the bank, they can be able to tell the activities or transactions of a certain customer. In the past, this has been made possible by hacker (Pfleeger and Pfleeger, 2014).  Through this important data, they could use it to manipulate their victims and could even sometimes steal from them hence making sure that the information is inaccessible to any outsider is critical for the organization.

Second is to ensure that records do not tamper with. This is because it is possible for employees of the bank to change records of a certain account and also amend the details inside like the amount of money in the account and this would allow them to steal money from the accounts of customers. This means that it is important to set up policies on who has the right to access the information about the details of a client, and this makes it possible to monitor the funds movement in the organization hence closing down the loopholes that an employee with wrong intentions may use. In other cases, employees can only satisfy their curiosity on how much one has, and this should be limited to make sure that the customers have the privacy they deserve.

The bank has put up systems that require different passwords for the employees to access a particular type of information from the system. The employees are allowed to access information depending on their particular jobs and also the clearance that they have from the organization. This makes sure that all customer details are with the people that they should be with and those that can assure them of their confidentiality. The bank also has laws that are set to punish those that are found to have gone against the set rules and regulations, so that to make sure that the laws are not taken for granted and that the customers information is well taken care of( Collins, 2014).

In conclusion, all the institutions those have their operations run through computers are always a risk of losing information. This is through system collapse or even through harking. It is important to have very strict measures on who regulates your data center, and this helps to monitor the whole organization's activities. Having a secure system also raises your customer confidentiality and so can act as an active tool in pulling in more customers for the business.  The loss of enterprise data can also lead to more adverse problems like the closing down of the company because in the cases of particular industries like the financial sector. It is important to make sure that you operate with only the correct information so that one can avoid losses at the end of a fiscal year. 

References: 

1. Pfleeger, C. P., & Pfleeger, S. L. (2014). Security in computing. Prentice Hall Professional Technical Reference.

2. Robling Denning, D. E. (2012). Cryptography and data security. Addison- Wesley Longman Publishing Co., Inc.

3. Tehan, R. (2008). Data security breaches: Context and incident summaries. New York: Novinkna Books.

Information Security in Work Place

A workplace is any floor that employees of an organization meet to undertake the respective duties depending on what the employer has given them. This is a critical place for any group as it determines the overall productivity of the employee. Another importance of such a place is that it holds information about the organization and about the activities that it undertakes which might be considered as secrets of the company (Tehan, 2008). It is therefore critical to take into consideration the security of this place so as to ensure that crucial information is never stolen from the organization and hence stand to benefit the competitors. Several measures are taken into consideration so as to make sure the information is safe and these are;

The first should be the regulating of people so as to be certain who enters and leaves the building. Several things can be done so as to make sure this happens and these are several security installations that the organization follows and these are listed below. The first should be to post security guards at the entrance of the building. The guards can be the first line of defense as they can notice any an authorized persons who enter the building and stop them. They can be posted both in front of the main building and also in front of some particular offices. These would likely be the principal positions in the organization where the information is stored.

The second would be the installation of both CCTV cameras and also the metal detecting devices. These together would help to monitor everybody that comes into the building and also those that walk out. This would mean that the system can account for the whole movement of people in the organization and state where they go. The metal detectors would also be of importance as they should help in monitoring what the people walk in with and what they come out with. And suspicious device or item can be checked physically by the guards and make sure that no information is stolen from the organization.

The organization should also provide for an under the counter alarm system. This means that in case of any sign of a dangerous customer, the security team should be able to be alerted within seconds through the system, and so the response should be very immediate and hence reduce the risk of losing the information. The employees should also be briefed on the steps that they should take in case of such situations arises where there is the threat of losing information that is delicate to the organization (Roblin, 2012). This would help in avoiding fracas because this is what criminals use to have an upper hand. It is, therefore, important that there are steps that can be followed during an emergency so as to assure every one of their security.

System clearance is the other item. In most cases, organizations store their information in computers, and this means that for one to access the information they need to have access to the computers. This is where the security clearance comes in. Different employees should be given different security clearance depending on how trustworthy they are in character. This means that not all the employees should have the access to all the information. Depending on the rank of the person, different employees should have different clearances to the access of the system hence making sure that only a few at the top can be trusted with the information.

The computers should also have passwords and other security features that need to be bypassed before the person reaches the final information. Other features may include the fingerprint identification and other biometric measures. These characteristics are even more efficient because they can detect the particular person accessing the information in real time. There should also be alerts that are in place so that to inform other people in case the information is obtained. Coding is the last security measure that can be used so as to make sure that even if the information is obtained, they need an extra effort so as to understand it and this means it may not be useful to the thief after all.  

References: 

1. Collins, M. (2014). Network security through data analysis: Building situational awareness, 1 million log records at a time.

Business Security Risks & Information Security Strategy - 2

Additionally, a company should educate employees through seminars to avoid cluelessness and careless that may prove costly. Ultimately, updating of the technological endowment at the disposal of a company could also be used as a fight back mechanism. For instance, the discontinuation of rolling out updates for Windows Server 2003 by Microsoft could expose a company to more risks with its continued use (Schiff, 2015). Therefore, such a company should upgrade its server to a more recent one to avoid exposure to probable cybersecurity attacks.

Business security is a prime concern for both small and large corporations that demands a concrete information security strategy. As such, an information security strategy refers to a plan devised by a company in accordance with legal, contractual, internally-developed and statutory requirements (Fey, Kenyon, Reardon, Rogers, & Ross, 2012). Essentially such a strategy should be devised in line with the goals and mission of a company to ascertain its success when it comes to implementation. With this in mind, such a plan is successfully built through commencement with the identification of control objectives for the plan. Once this is done, approaches to meet such objectives are identified and assessed against established metrics and benchmarks. Finally, implementation together with testing plans are laid out (Fey, Kenyon, Reardon, Rogers, & Ross, 2012).

Information security strategies, therefore, quintessentially provide a business with the apt strategies to ensure that the information and data in the hands of its employees is not exposed to possible compromising situations. Implementation of such strategies is also aimed at ensuring that a company is able to fight back in the event of some sensitive information or data leaking out. Conclusively, it is a strategy that serves to fortify the information and data security of a business from cyber attacks, disgruntled employees and exposure of such information by clueless and careless employees.

  

References:

1.      Fey, M., Kenyon, B., Reardon, K., Rogers, B., & Ross, C. (2012). Developing a Security Strategy- an excerpt from Security Battleground. Retrieved from Security Battleground: www.mcafee.com/us/resources/misc/developing-security-strategy.pdf.

2.      Schiff, J. L. (2015, Jan 20). 6 Biggest Business Security Risks and How You Can Fight Back. Retrieved from CIO: http://www.cio.com/article/2872517/data-breach/6-biggest-business-security-risks-and-how-you-can-fight-back.html. 

Business Security Risks & Information Security Strategy - 1

With technological advancement comes myriad risks that business, small and big alike, have to combat and come up with efficacious mitigation maneuvers. Technological advancements, therefore, culminate in imminent cybersecurity risks that companies constantly struggle to deal with. Nonetheless, cybersecurity is a general term that refers to a whole wide range of probable risks that entail attack to a company’s data and data bases through the internet. Thence, companies face such main security risks as internal attacks from disgruntled employees, uninformed or careless employees and ultimately use of mobile devices and obsolete technology to access company data and information (Schiff, 2015).

                 To begin with, contemporary society heavily relies on technology for the implementation of various tasks. Companies alike also rely on various technological inputs for the transmittance of data, conveyance of information and undertaking of various other business activities. Therefore, to deal with the above mentioned risks especially from former IT employees with access to admin accounts and company networks, it is crucial that a company enacts a policy of password changes every time an employee is let go (Schiff, 2015). Additionally, updating of company security level inputs through such measures as implementation of stronger passwords and encouragement of secrecy at a company could also be used as a mitigation approach. To combat the use mobile devices to convey sensitive company information, a company should ensure that a BYOD policy is enacted spelling out the use of mobile devices at work (Schiff, 2015).

To be Continued in Second Part in Next Week....

References:

Fey, M., Kenyon, B., Reardon, K., Rogers, B., & Ross, C. (2012). Developing a Security Strategy- an excerpt from Security Battleground. Retrieved from Security Battleground: www.mcafee.com/us/resources/misc/developing-security-strategy.pdf.