Information Security Plan and White Paper

Protected by Copyscape Unique Content Check
Published: 24th April 2013
Views: N/A

Information security is concerned with the protection of an organizationís information from unauthorized access. Small businesses have little concerns about the security for their information but this is important to their employees, customers or trading partners. However, since these businesses have to store information regarding all these stakeholders, it becomes very important for them to ensure that information is safe.
Large organizations have been able to invest heavily on information security measures, which have made it difficult for hackers to attack them. This has made small organization an easy target for these hackers to try to attack the small businesses because of the weak information security measures.
A business will suffer several consequences in case of an information security breach. One such consequence is the disruption of business. This will be the case if the attack leads to loss of vital data or if it brings down the ERP system of an organization.
If the attacker is able to obtain confidential information regarding individuals such as employees or customers, it leads to privacy violation. Since each organization is under law required to protect the privacy of each employee and customer, it may lead to legal action.
Breach of information security can also lead to financial losses to the business. This can happen if an attacker accesses credit card details of customers or even the businessí business plan and product designs. There may be some cases where the employees, using computers, can be able to defraud the business. The reputation of the business is also at stake when there is an attacked. When the privacy of the employees and customers is infringed, the image of the business will be dented.
Threats and Vulnerabilities
There are several threats and vulnerabilities that a business can be exposed to. These attacks can either be active or passive attacks. Active attacks are those that are intended to harm the system while passive attacks do not harm the system but the attacker is eavesdropping trying to obtain some information. (Workman, Phelps & Gathegi, 2013, p.335)
Denial-of-service attack is aimed at reducing the capacity of a system hence slowing down the rate of service delivery or even causing the system to fail. The attacker can send network packets to the target network until it overwhelms the system to the point of crashing.
Social engineering is whereby an attacker will pose as someone else and try to gain access the confidential information. The attacker will use the telephone and try to impersonate someone as he tries to gain information.
Viruses are computer programs that are replicating and interfere with computer hardware or software. These attacks can cause loss or corruption of vital information. Trojan horses these are programs containing malicious codes but appear to be harmless.
Key concepts of Information security
Confidentiality is aimed at ensuring that information is only accessible to those people who are authorized to access it. This is very important, as it will help ensure privacy is respected. If information falls in the wrong hands, the attacker can use it in a way such as to harm the business. (Andress, 2011)
Integrity concept is aimed at ensuring that data or information is intact and cannot be modified unless by the authorized parties. Integrity of information is very important in an organization as it will be able to check on fraud because only authorized personnel can modify data.
The availability concept is aimed at ensuring that information is accessible to the authorized persons whenever they require. The system should be able to prevent those attacks that cause denial-of-service and ensuring that the channels used for the retrieval and storage of information are intact.
Non-repudiation concept ensures that the parties that are involved in a transaction do not deny that the transaction did not take place. This measure is very important in business transactions whereby the system is designed in such a way that transactions can be followed up later.
Authentication is the concept that is used to verify that an individual or a computer that is trying to access information is actually the one being presented. This ensures that another machine or person does not impersonate another to obtain information maliciously.
Risk refers to the possibility of an attack occurring in a system. This concept will ensure that a system is properly evaluated and all possible weaknesses properly corrected hence reducing the possibility of attacks.
Prevention against information attacks and vulnerabilities
Data breach and data theft can be prevented by ensuring that passwords are used and that these passwords are selected in such a way as it will be hard for attackers to get. Information that is passed over the network should be encrypted and the key be kept safe.
Denial-of-service (DOS) attacks can be prevented by ensuring installation of proper antivirus and updating it. Installation of firewall and setting it to be able to control the traffic entering and leaving your network is also another method of preventing this attack.
Insider theft of intellectual property can be prevented by ensuring that the place where they are placed is secure and a proper access method is in place. Access methods such as passwords or even biometric can be used.
Deliberate corruption of electronic files including virus/worm infections is prevented by use of antivirus and firewalls. Measures should be taken to ensure that employees are not granted administrative privileges to install programs in computers.
Expected results
Having an effective information protection measures requires resources to maintain. Although money is used in the establishment and maintenance of these measures, the benefit of secure data and information outweighs the costs.
On the other hand, if there is no effective information security measures in a business, the system establishment and maintenance is cheap. If the business experiences an attack and the confidential information may leak or can lead to disruption of service.

This article is copyright

Report this article Ask About This Article

More to Explore