In today’s technology environment, companies are becoming more and more dependent on the development of their information system security. A close look at the data indicates that the public is increasingly concerned about the accurate usage of information, especially personal data. Furthermore, the threats to information systems from hackers and criminals are increasing. Thus, it is important for organization to identify information as a specific area of their operation, which needs to be protected.
Firstly, it is important to provide confidentiality, availability, and integrity of information. Evidently, confidentiality is roughly equivalent to privacy (Kaufman, 2002). It means that measures undertaken to ensure confidentiality are specially designed to prevent sensitive information from the access of the wrong people. Thus, access must be permitted only to those, who authorized to view the data. The integrity involves maintaining the accuracy, consistency, and trustworthiness of data over its life cycle. Thus, data must not be changed in transit, and various steps must be taken to ensure that the information could not be altered by unauthorized people. These measures include user access controls and file permissions. Finally, availability is best ensured by maintaining all hardware, performing necessary repairs immediately when needed. Furthermore, it is important to maintain a correctly functioning operating system environment, which is free of software conflicts. It is also important to provide all necessary system upgrades. Furthermore, preventing the occurrence of bottlenecks and providing adequate communication bandwidth are equally important.
It is also important to provide authenticity of the information in the company. Evidently, “authenticated” usually meant that the administrator of the network could reasonably be certain that some message is created by its real author (Pfleeger, 2002). It is important that some other party could not analyze this message. Authenticity implies the fact that if the crime has taken place, it could happen without the involvement of the author. It is essential to develop an accurate and clear system of authentication in the company in order to prevent wrong logins and the theft of information.
It is necessary to mention that accountability is an essential security concept. It means that every individual working with information systems must have specific responsibilities for data assurance. Thus, the tasks for which some individual is responsible are the part of the overall security plan and are measurable by a person who has specific managerial responsibility for assurance of information (Tipton, 2004). For example, it is possible to make a policy statement that all employees should avoid installing outside software on information infrastructure. Needless to say that the person in charge of information security must perform periodic checks to be sure that the policy is being followed.
The threats from malicious software also represent a significant danger for the security of the company’s information. Thus, some programs could steal information and send it to some other computers or break the work of the network. It means that the work of entire organization depends on the accuracy of the installation of the software.
The latest problems of the global network show that it is also potentially dangerous to use clouding in the data storage. Thus, there is a big amount of hackers who break the protection system and steal all the data from outside sources. Therefore, the politics of data clouding must be carefully developed. It is also essential to make the copies of the important files. Obviously, this problem is closely connected to the problem of cyber terrorism. The external connections of the company must be protected by specific software. It is important to have a special staff working with the safety of information in storage.
Kaufman, Charlie. (2002).Network Security: Private Communication in a Public World. Prentice Hall Publishing. 752.
Pfleeger, Charles. (2002).Security in Computing. Prentic Hall Publishing. 746.
Tipton, Harold. (2004).Information Security Management Handbook. Auerbach Publications. 2036.