Last 25 years saw a tremendous rise in volume of information as compared to previous 5000 years. Probably a standard weekday newspaper edition contains more information than the average individual encountered in the lifetime during 17th-18th Century.
Information is an asset to all of us and needs to be protected at any cost. Information can exist in many different forms. It can be stored electronically, printed or written on paper, transmitted via post or electronically or spoken in conversation. Whatever be the form or means, it should always be appropriately protected.
From
business perspective, whether individual or organization, information protection has become more relevant in running the business smoothly, profitably, ensuring business continuity, minimize risk and maximize returns. This has become more important in this competitive world with increasing interconnectivity. This has exposed information to a wider variety of
threats and vulnerabilities.
Over the years many big
security conscious businesses have probably experienced serious security data breach of 100’s of thousands of vital data disappearing. What does this mean? If it can happen to any large security conscious entity it can happen to anyone!
Then how important is our information? Our work is based on
records and we spend hours in a day managing our records. To be honest, we cannot work without records. So records are not expendable. Unlike almost anything else, we cannot just neglect our records. If we loose our precious information, we are almost lost. Consequences of security lapse can place anyone in an unmanageable position. It can lead to damage in business and reputation, system downtime, loss of productivity and serious financial losses due to lost revenue.
How then we protect our information? To protect information we should
ensure Confidentiality, Integrity and Availability of information. Security can be ensured by implementing a proper set of controls, which normally includes policies, processes and procedures. Such controls need to be
established,
implemented,
monitored,
reviewed and improved, where necessary, to ensure information security.
Assessing security requirements are identified by proper and methodical
assessment of security risks. This would help to guide an individual or an organization to determine the appropriate plan of actions and implementing the necessary controls in place. Assessment should to done on a regular interval to address any change in security requirements.
Who is the threat? In this computerization scenario statistics indicate that `almost 80% of system security breaches are internal. There exists number of reasons for malicious activity and is motivated by an individual’s attitude and purpose. The individual could be a
disgruntled friend,
a relative or an employee. These are internal threats. External threats also arises from individuals whose main purpose is to disrupt, steal or damage information in static or transport mode. Types of attack can be, for instance:
denial-of-service,
website defacement, computer viruses and worms, sniffing (intercepting information in transit) and spoofing (act on behalf of another person or entity),
Trojans (backdoor entry), unauthorized access and probing.
How do we protect ourselves and out business? The countermeasures could be in terms of tested security policy and procedures, training and awareness and attention to physical security. Technology wise it can be
intrusion detection, computer virus protection, authentication and authorization, encryption, auditing and assessment, information backup and computer firewalls.
To ensure a secured environment one can follow some simple do’s and don’ts : -Never discuss confidential information over the phone or in a public place.
-Set password for voice mailbox. Don’t leave confidential messages in them.
-Know the identity of all the people present in case of a teleconference.
-Do not leave printouts lying near the print tray.
-Disconnect machine from network in case of virus infection.
-Never download any software from unfamiliar sites.
-Always verify the addresses before sending an e-mail.
-Do not forward e-mails to discussion groups and common without consent.
-Do not reveal any information to any unknown callers on the phone.
So, with right awareness and small investment in information security can ensure that the goals are met and pay rich rewards for an individual or an organization.
More reviews about the www.shvoong.com