Information security

Posted: August 6th, 2013

Information security

Name:

Course:

Institution:

Instructor:

Date:

Information security

Information security can be defined as the inclusive, planned compilation of documented objects and processes that are used to deliver information security across the company. Information security requires the protection of information systems from trespass, abuse, modification and destruction. Major organizations amass a lot of confidential information on their customers, research and employees. The loss, destruction or breach of information within an organization may fall into the hands of a competitor that may lead to negative results for the company. Privacy is one of the sensitive components that can be interfered with when information security is insufficient.

The largest threat to any information system’s security and the organization’s information is the unauthorized user, or in this case, the employee. The technical methods of ensuring information security are limited and should be supported by management producers. The move to downsize employees in most companies has been executed in a way that has left the firms vulnerable to theft of information by discharged workers. The firm should provide comprehensive strategies to restructure and various information systems for the departments after reorganization of staff has taken place. This will deter employees from engaging in illegal usage of the IT resources. By learning the management of the new information security systems, employees can understand the possible security implications that accompany the installation of the program (Peltier et al, 2005).

Organizations can engage the employee workforce in scheduled training on different aspects of information security that will help the company to develop a strong sense of security. The employees should be introduced to the basics of computing, the importance of administering passwords and other restrictions, as well as the operation of the security hardware. The employees also need to learn the importance of integrity, availability and confidentiality within the workplace. The administering of these courses to the employees will increase their knowledge and ability to implement the security policies. The organization can administer these courses to the employees on a part time basis or enroll them full time.

The relationship between the employees and management is also crucial in increasing the employee participation in the information security program. The employees should be involved in the development and design of the security system. In the design, the employees should be consulted on the best way to administer the information security program. In this way, the final program will be easy to implement as the employees played a crucial role in its establishment. The implementation of the policies and regulations should be administered to contractors and employees to inform them of their responsibilities. Employees are provided with their expected responsibilities such as the maintenance of the security forms and tracking of equipment through signed equipment checkout forms. When employees are briefed of what the firm expects of them in terms of the information security program, they are better placed to enforce the organization’s security policies.

The organization can also engage in an awareness program that will enable the employees to know about the information security program, standards and the existing practices. The awareness program should target all the groups within the organization that will ensure that the supervisor, managers, employees and contractors are all aware of their roles. The material in the awareness program should include aspects such as Internet usage, email, antivirus management and access control. The top-level employees would also stand to benefit from the awareness program through the risk management, information security and patch management administration (Raggad, 2010).

References

Peltier, T. R., Peltier, J., & Blackley, J. A. (2005). Information security fundamentals. Boca Raton, Fla: Auerbach Publications.

Raggad, B. G. (2010). Information security management: Concepts and practice. Boca Raton, FL: CRC Press/Taylor & Francis.