Introduction
Information is critical to the functioning of every organization. It defines its operations and activities. The concept of security management is thus elusive and focuses on organizational security. Organizations have remained active in terms of acquisition of information management systems.
These systems are meant to aid organizations in securing their information. This paper discusses the concept of information security basing on the case.
The paper looks into the practice of information management and security taking into account the ethical and legal matters which surround information security and management.
At the initial stages of operation, most information is saved within an organization. This is backed by the argument that there are fewer transactions at this period. As firms expand their operations to include many external players, the concept of preserving and securing information becomes elusive.
The issue of information security management in Stratified Custom Manufacturing began to be addressed when the company entered and successfully implemented an initial public offer. This denoted that the firm was officially entering the public trading environment, hence exposing itself to competitors.
Most current organizations have information management departments which help in preserving and controlling the flow of information within and without the organization.
Companies embracing the use of information and communication technology in discharging organizational functions are often prone to security risks. Information security is thus a great concern for these companies.
Information security is critical in safeguarding company data. Information security entails the safeguarding of company information from the external environment as well as technological faults or threats.
A substantial number of legal and ethical issues touch the implementation of information security by companies (Whitman &Mattord, 2011).
According to Information Systems Audit and Control Association (2010), information security is a detailed management issue that calls for managerial attention. Stratified Custom Manufacturing established a broader information management security department.
The security team of the company is focused on several aspects of information security. This is reflected in the top security management team positions. The company has other security managers under control of the senior.
There are a manager in charge of administrative security, a technical security manager and a security and compliance manager, among the others.
In addition to this, the company has a broad policy framework for information management. This forms the ground on which department draws the guidance on information security management.
Policies in security management in organizations seek to guide and set limitation to the level of information sharing in an organization. Information belonging to organizations is secured and limited to viewing only by accredited entities.
Policies on information security stipulate on the way information is shared within and without the organization.
A violation regarding the access and the use of company information is easily identified, so the necessary steps will be taken to deal with it. Those identified breachings of the information security rules are punished in different ways.
One of the means used to punish information security offenders is by denying them privileges to access and use the information belonging to the organization. This takes place in different ways, for example, by barring such people from accessing information devices.
The other way of punishment is deactivation of access details of the individual to retrieve or view the company information.
In some cases, information security offenders are prosecuted and forced to pay fines or compensation for the damage caused to the company (Whitman & Mattord, 2011). In most cases, assessment of the risk caused is done before the users are punished.
Information security management is complicated by the growing patterns and trends of management that encourage the sharing of information between different organizations.
With the prevailing trends and use of information technology, it is difficult to secure organizational information. Piece of legislation on information security management also varies making it difficult for organizations to formulate policies on information security (Straub, 2008).
Ethical issues also touch the managerial practice of security management. The main issue in information security management is the level to which organizations conceal their information. Companies are encouraged to share information and access more external sources (Whitman &Mattord, 2011).
The information helps organizations in improving strategic management practices. They get to know the tactics of management that are used by other organizations performing well in the market. Competition between organizations is open.
They are encouraged to practice positive competition as they work on improving the service delivery to their customers. Therefore, the open release and sharing of information is one of the methods of open competition.
The other point on ethics and information security is that firms are required to improve their relations with employees. Building healthy relationships and motivating work environment enhance information security in organizations. This step has proved to be more effective than other methods (Whitman &Mattord, 2012).
Conclusion
The responsibility for information security has become an organizational matter more than a concern of legislative bodies. Organizations need to actively participate in and work on improving their systems by making them less prone to information leakage.
The model of information security management taken by Stratified Custom Manufacturing is a desired step in ensuring that the company information is secure.
References
Information Systems Audit and Control Association.(2010). Certified Information Security Manager review manual 2011. Rolling Meadows, IL: ISACA.
Straub, D. W. (2008). Information security: Policy, processes and practices. Armonk, NY [u.a.: Sharpe.
Whitman, M. E., & Mattord, H. J. (2011). Readings and cases in information security: Law and ethics. Boston, MA: Course Technology, Cengage Learning.
Whitman, M. E., & Mattord, H. J. (2012). Principles of information security. Boston, MA: Course Technology.