Information security is at the heart of online traders. The Internet-based traders implement, review, and manage business operations by legislations and regulations of the industry to avoid the consequences of losing vital business information (Selling on the Internet, 2001). The online businesses use Network Security and Disaster Recovery Management to trim down risks of losing information and increase chances of recovering lost data.
We will write a custom Case Study on Organization-Level Information Security Program specifically for you
301 certified writers online
Network Security Management reduces threats and risks to business information. It identifies risks, assesses risks, and takes steps to put the risk under control. Security management is a proactive and continuous program of identifying and assessing risk then weighing business trade-offs on allowable levels of risk in comparison to the ever-revolutionizing technological developments (Curtin, 1997). Risk assessment is the first process in Network security management.
A small business firm can perform a risk assessment to determine the extent of the potential threat associated with an IT system or overall operation. The scale of assessment in small businesses may be less than in large businesses. The basic steps for reducing risks are identification and evaluation of risks and the impacts of risks, and recommendations of risk-reducing measures (Information Security Program Guide for State Agencies, 2008).
Risk mitigation is the second step in network security management. The process of risk mitigation entails prioritizing, estimating, and executing recommendations from the risk assessment department. The final process of risk management is evaluation. The evaluation provides systems for developing effective risk management procedures within the organization. It also engages changes within the existing system and integrates functions such as the System Development Life Cycle that creates new systems (Information Security Program Guide for State Agencies, 2008).
For a small online insurance company, basic network security is adequate to secure the organization’s data. Best practices in protecting small online businesses include using passwords in accounts, using non-administrative accounts for day to day activities when out of the office, raising awareness for information security to children, and using unified threat management system. Assigning an individual to lead risk assessment department, identifying the organization’s assets and classifying them based on criticality, documenting risk management report and submitting it to the business director for action, and developing effective work plans are other best practices (Curtin, 1997).
According to Curtin (1997), use of firewall facilitates access policies such as the controlling access to the network also enhance network security; however, it may fail to monitor contents such as computer worms that are transmitted over the network. Antivirus software comes in to prevent intrusion of such malware. An intrusion detection system may also help monitor and detect unexpected traffic. Normal intrusion detectors can also make out formalities such as employees accessing office files at odd hours (Business Continuity Disaster Recovery, 2012).
Another component of the Information Security Program is a Business Recovery Plan, also called Disaster Recovery Management. Just like State agencies, small online businesses ensure that Business Recovery Plan is in place and is operational. Critical data in online insurance business need to be kept in safe custody. Recovery of essential information and efficient delivery of services, even when a disaster strikes, is the aim of developing a recovery strategy. The recovery goal depends on the management of the plan’s creation, maintenance, and annual testing. It minimizes the effect of recovery and loss of information assets. Participation of staffs in both the business and IT areas also helps in creating an effective plan (Curtin, 1997).
The analysis of the plan helps to identify the consequences of the disaster, loss of service, and business security failures. It also helps to evaluate the consequences of service availability, advantages of specialization in certain business processes, and the time allocation (Information Security Program Guide for State Agencies, 2008). On the other hand, testing of the plan is useful in validating that the plan meets the recovery needs of the organization. Training of staffs is also part of the Business Recovery Plan. Training prepares staffs for tasks that may be unexpected. The business should maintain and test a disaster recovery plan in time to avoid incurring avoidable losses. In implementing the plan, the organization should adhere to the business’s continuity of operations standards.
For a business to offer services continuously, the trader ought to adhere to business recovery plans at all times. Having an effective plan involves choosing the best method of business continuity. Common methods of lowering the effects of disaster on information include improving operations data backup and gathering business continuity software. Increasing server storage utilization, to reduce hardware cost, also lowers network risks. Other methods of lowering the risks include reduplication, storage leveling, and standardization on a singular business continuity solution. Standardization provides regular recovery methodologies across people (Business Continuity Disaster Recovery, 2012).
Network Security and Disaster Recovery Management prevent costly loss of data. Network security reduces the risks of losing information while Disaster Recovery Management attempts to avert the consequences of data loss. In small online business, the application of the components of an information security plan depends on the level of data sensitivity.
Business Continuity Disaster Recovery | Symantec. (2012). Endpoint, Cloud, Mobile & Virtual Security Solutions | Symantec. Web.
Curtin, M. (1997). Introduction to Network Security. Interhack Research. Web.
Information Security Program Guide For State Agencies. (2008). California Office Of Information Security & Privacy Protection. Web.
Selling on the Internet: Prompt Delivery Rules | BCP Business Center. (2001). Web.