2nd Source – In this APA citation, the source is cited within a source. They are also referred as secondary source.
Introduction
Recently, an expanding trend of security incidents, like website defacement, leakage of data, hacking of servers, data being stolen by disgruntled employees, has been noticed. In the present world, information is developed, saved, processed and transported so that it can be utilized in the world of IT. In administrations and industries, there isn’t an individual present who can deny the requirement of sufficiently safeguarding their IT domain. Additionally, information gained from other stages of business procedures is required to be sufficiently safeguarded as well. This is the reason why information security has a critical role to play in the protection of data and assets of a company. IT security events like information manipulation or disclosure can have a wide range of adverse effects on the business. Additionally, it can restrict the business from operating properly and as a consequence, operational expenses can be quite high. Also, various small and medium sized organizations believe that firewalls, anti-viruses and anti-spam software can adequately save them for information security events. They have an understanding of the requirement data security, however, they don’t give it the required amount of attention necessary. Cybercrime is increasing gradually and thus, it is quite critical that the entrepreneurs of these industries are well-aware of the security embezzlements that might have to be dealt with on a regular basis. The following paper will provide the importance and need of information security. Additionally, the majority of the paper will encompass the numerous parts of the management of information security like the requirement of physically protecting the organization’s assets, ethical and personal challenges of management of information security, biometric and internet security.
Definition of Information Securitys
(NIST, 2014) The main objective of information security is to safeguard the organization’s information. The information can be saved on a computer, at a local server, at a mobile device and/or even on paper. But, the management of IT information security mainly tackles protection of electronically stored information. The main theory of information security generally deals with availability, confidentiality and integrity and this is the basis of information protection. On top of this, validity, non-deniability, reliability and authenticity are some of the common expressions that can also be integrated into the domain of information security. Information can be affected by illegal activities like computer viruses or intentional theft of data by an employee. However, it can also be affected in the following manner–
- Environmental Mishaps – Information can be scrambled or destroyed by various environmental mishaps like earthquakes, floods and/or fire.
- It systems might fail due to an unsuccessful application update as the application and data might get corrupted.
- The system can also malfunction or the data might get corrupted due to human error.
Need for Information Security
(Dodaro, 1998)Attaining complete harmonization with the laws, guidance, regulations and standards of information security is quite critical for an efficient management of information security. Information and systems of information serve as an essential enabler for federal organizations so that it can accomplish their primary agendas of serving their consumers and members by giving immense importance of confidentiality, integrity and availability in providing its services. Information security should be closely affiliated with business objectives. Another critical factor that should be considered is the expenses of protecting the assets, shouldn’t exceed the assets’ value. To properly associate the business risks with information security, the management needs to facilitate a harmonious discussion amongst the business units and managers of information security. The various benefits of investments in information security are (Nozaki, & Tipton, 2000)–
- Resilience of Business – If there is an effective system of security, the delivery of vital services are ensured in various types of conditions of operations. One of the most critical assets of an organization is informed. Ensuring that asset’s integrity, availability and confidentiality are maintained permits the organization to operate smoothly and is carrying out their objectives.
- Enhanced Trust and Confidence – Overall security and robust security situations, assists in creating a proper public reputation and image. It shows that the company has made a commitment to protect its data and consumers and that it will deliver top notch services.
- Improvements of Performance – Even though implementation of security controls is quite expensive, it is quite cost-effective for the long run as the organization will receive financial, saving and performance enhancements. Additionally, the same is true for situations in which a company might be handling a security event which might result in loss of financial resources and trust.
- Accusation towards Top Level Executives – If proper security procedures are missing, the top level executives might be held accountable in case of any legal proceedings.
- Goals – If proper efforts are there in case of information security, the organization will have a high chance of accomplishing and exceeding consumer expectations and will gain their satisfaction and trust. Additionally, it is necessary to meet consumer service requirements demands.
- Practices of Risk Management – Practices of risk management of the organization matures and additionally, turns into an essential part of the company. The main objective of an organization’s risk management is their own protection and the capability to perform the preset objectives. Thus, the risk management practice is an essential part of the management function as opposed to being a technical operation that is performed externally by system administrators. Management of information security is a critical component of the practices of risk management.
- Decreased Risk – If the organization has an efficient practice of risk management in place, the organization’s total risks are reduced. Risks can happen due to numerous reason and in various cases, infrastructure and service deliverability of the organization might get damaged or destroyed. The above mentioned risks comprises of risks happening from natural calamities and risks happening from cyber-criminals like internet malware, denial of service, etc. eventually, critical information might be lost or damaged and it can have a significantly negative impact on the smooth running of the organization. Due to this reason, investing in efforts of information security management can assist in bringing down the operational risks as the business’ objectives and consumers are dependent on it.
References
Dodaro, G. (1998). Executive Guide Information Security Management. Gao. Retrieved 16 August 2015, from http://www.gao.gov/special.pubs/ai9868.pdf
Kelly, L. (2014). The top five SME security challenges. ComputerWeekly. Retrieved 16 August 2015, from http://www.computerweekly.com/feature/The-top-five-SME-security-challenges
Nozaki, M., & Tipton, H. (2000). Information security management handbook. Boca Raton, FL: Auerbach.