The business need information security
Small businesses are becoming more at risk of information security threats as a result of their increasing adoption of complex information technology infrastructures. They are not fully aware of the information security risks as well as their resulting economic repercussions. Information security risks may cause losses even to small businesses, and these could include identity theft, loss of privacy, damage or loss of confidential information as well as data, financial loss and loss of profit. It can also cause damage to an organization’s reputation leading to poor customer relations. According to Beydoun, Cook and Peiro (2005), the most significant risks occur in areas concerning personal productivity like email insecurity, slow networks, corrupted or lost files among others. These problems create serious challenges to small businesses since they are to quantify the financial impact of such productivity losses. Vulnerability to information security risks and threats could make the company lose its sensitive data; and besides, the organization is likely to use large sums of money to detect and neutralize malicious applications, and lose money through fraud.
Information security threats and vulnerabilities
Small business owners, who while experts in their own business areas, have limited knowledge of computers; networks and software face some information security threats and risks. These threats include malicious applications and viruses that corrupt electronic data, cause backup data to be unrecoverable, and destroy boot systems. The information system could be hijacked by malicious code which executes computer instructions that have not been authorized. They are also vulnerable to connection hijackings or message interceptions, as well as, the capture of data being channeled to another location. Hackers are likely to take advantage of such vulnerable information security systems by cracking into the end users’ information such as trade secrets, financial data, product plans, as well as, market plans and customer data. They can also block the organization’s websites and network. Such business owners are also likely to face the threat of impersonation where a hacker intercepts an authenticated communication between parties and modifies the content so that he or she or a rogue site presents the modified content as legitimate (March 2010).
Our core principles include:
Confidentiality: Our company prevents any form of breach of confidentiality. Confidentiality, in this case, refers to preventing access to or leak of private information to unauthorized systems, as well as individuals. Our system ensures confidentiality by the adoption of a strong encryption system which eliminates any breach of the system of any firm’s private and confidential information.
Integrity: Integrity in information security means a firm’s private information can not be altered or modified without being detected. We offer an information security system that guarantees message integrity, as well as, data confidentiality.
Availability: It means that the electronic information systems that are used to store, as well as, to process the data; the channels of communication used for accessing the data; in addition to the information security controls put in place have to function properly. We always ensure that information is available throughout, prevent services disruptions, and ensure system upgrades.
Non-reputation: It means ensuring proof of a business deal so that all the parties involved in the contract cannot refute having sent or received the transaction. Our company maintains digital signatures and adopts encryption that enables an organization or individual to establish non-reputation, as well as, authenticity.
Authenticity: This means that the information security system of an organization should be able to validate data, communications, as well as, transactions and the parties involved so as to ensure that they are genuine.
Authorization: This refers to specifying access rights to computer systems or networks by implementing access control rules. Our company maintains an access control system that determines whether to authorize a request from an authenticated user or to deny access.
Solution for data theft/breach of confidential client information
The solution is to adopt an all-inclusive data loss prevention application that can monitor, detect and protect confidential client information. To achieve this, the organization needs to implement a fingerprinting technology that accurately identifies, and develops a digital fingerprint for every bit of confidential client information managed throughout the organization’s information systems. This will help monitor data and detect any manipulations including in the destinations where the confidential client information has been sent.
Mitigation of theft and breach of confidential client information should also involve developing and adopting of protection policy. One such policy should be to accurately and consistently determine whether an action applied in every business process of the organization as regards client information is legitimate or not (Bennett, 2009).
Costs and benefits of effective protection measures
The cost of effective protection measures is related to personnel for implementing and managing security functions of the application or technology, as well as, the process of technology implementation. However, the benefits are numerous and ensure that technology does not become a burden and a risk. Such benefits include the ability to detect and prevent fraud, protection of confidential information, ability to prevent network hijacking, impersonation and blockage. In addition, it helps improve customer relations and hence improves profitability.
Costs and penalties of ineffective or nonexistent protection measures
The costs that an organization pays for ineffective or non-existent security control include security breaches such as theft of confidential information, loss of billions of dollars through fraud and disruptions of its IT systems activities. This could lead to loss of confidence by customers causing a significant reduction in revenue. Such a company also faces legal risks through lawsuits by its customers for not protecting their confidential information.
Reference List
Bennett, A. (2009). Reliance capital protects against confidential data leaks and meets corporate compliance with Websense. San Diego: Websense, Inc.
Beydoun, H, Cook, P, & Peiro, A. (2005). Small business information security readiness. San Jose: Small Business Technology Institute.
Kiountouzis, E. A.; Kokolakis, S. A. Information systems security: facing the information society of the 21st century. London: Chapman & Hall, Ltd
Mar, W. (2010). Information security threats and vulnerabilities. Web.