The Importance Of Information Security In Organizations

Published Date: 02 Nov 2017

Abstract: Currently information security is crucial to all organization to protect their information and conducts their business. Information security is defined as the protection of information and the system, and hardware that use, keep and transfer that information. Information security performs four important for an organization which is protect the organization’s ability to function, enable the secure operation of applications implemented on the organization’s IT systems, protect the data the organization collect and uses, and lastly is safeguards the technology assets that use in the organization. There are also challenges and risk involves in implemented information security in organization.

Keywords: Information security, challenges of information security, risk management

Introduction

Information is assets that the most important in an organization. For an organization, information is valuable and should be appropriately protected. Security function is to combine systems, operations and internal controls to ensure integrity and confidentiality of data and operation procedures in an organization. Information security history begins with the history of computer security. It started around year 1980. In 1980, the use of computers has concentrated on computer centers, where the implementation of a computer security focuses on securing physical computing infrastructure that is highly effective organization. Although the openness of the Internet allows businesses to quickly adopt the technology ecosystem, it also proved to be a great disadvantage from the perspective of information security. The original purpose of the system as a means of collaboration between a group of friends who trusted no longer practical for use has grown into the millions of consumers who are often anonymous. Many security incidents related to viruses, worms, and other malicious software have taken place since the Morris worm, which is the first and shut down ten percent of the systems on the Internet in 1988. These incidents have become increasingly complex and expensive. However, the information security awareness has been increases. Many organizations have implemented the information security to protect their data.

Methodology

In completing this term paper, the methodology that was used to collect the data is by reading and literature reviews to enable in depth understanding of information security. Literature review of research paper and journal is done to collect the data about the study of information security and to know more depth about the information security. Another approach that has been used in collecting the information about information security is by reviewing the article from internet sources.

Definitions, Concepts and Importance of Information Security to Organizations.

In general, information security can be defined as the protection of data that owned by an organization or individual from threats and or risk. According to Merriam-Webster Dictionary, security in general is the quality or state of being secure, that is, to be free from harm. According to Oxford Students Dictionary Advanced, in a more operational sense, security is also taken steps to ensure the security of the country, people, things of value, etc. Schneier (2003) consider that security is about preventing adverse consequences from the intentional and unwarranted actions of others. Therefore, the objective of security is to build protection against the enemies of those who would do damage, intentional or otherwise. According to Whitman and Mattord (2005), information security is the protection of information and its critical elements, including the systems and hardware that use, store and transmit that information. Information security is the collection of technologies, standards, policies and management practices that are applied to information to keep it secure.

The information security performs four important functions for an organization which is enables the safe operation of application implemented on the organization’s Information Technology (IT) systems, protect the data the organizations collects and use, safeguards the technology assets that use in the organization and lastly is protect the organization’s ability to function.

The information security also enables the safe operation of application implemented on the organization’s Information Technology (IT) systems. This is because to protect the data, the organization will applied or install the appropriate software that will secure the data such as antivirus and others protected applications. So, information security is very important in an organization to protect the applications that implemented in organizations and protect the data store in computer as well. Besides protect the data, the application installed also need to be protect because it can contribute to information lost or damages.

Information security will protect the data the organization collects and used. If the information is left unprotected, the information can be accessed by anyone. If the information falls into the wrong hands, it can destroy lives, dropping business and can also be used to do harm. Information security programs will ensure that appropriate information is protected both business and legal requirements by taken steps to protect the organizations data. In addition, taken steps to protect organizations information is a matter of maintaining privacy and will help prevent identity theft.

In an organization, information is important business assets and essential for the business and thus need appropriate protected. This is especially important in a business environment increasingly interconnected, where information is now exposed to a growing number and a wider variety of threats and vulnerabilities. Threats that cause damage such as malicious code, computer hacking, and denial of service attacks have become more common, more ambitious, and more sophisticated. So, by implemented the information security in an organization, it can protect the technology assets that use in the organization.

In term of protecting the functionality of an organization, both general management and IT management are responsible for implementing information security that protects the organization ability to function. Information is the most important element in organization to do business. Besides that an organization is kept their customers information, so it is crucial for them to protect the information. Without information, the business cannot be run. By secure the information store; it can enable the organization to run business as well. That’s why the information security is important in organizations.

Information Security Related Theory

There are five theories that determine approach to information safety management in organization. Table 1 below showed the related theories that determine the information security management.

Table 1: Information Security Related Theory

Theory

Description

Security policy theory

Aims to create implement and maintain an organization's information security needs through security policies.

Risk management theory

Evaluates and analyze the threats and vulnerabilities in an organization's information assets. It also includes the establishment and implementation of control measures and procedures to minimize risk.

Control and audit theory

Suggest that organization need establish control systems (in form of security strategy and standard) with periodic auditing to measure the performance of control.

Management system theory

Establishes and maintains a documented information security management system. This will include information security policies that combine internal and external factors to the organization that scope to the policy, risk management and implementation process.

Contingency theory

Information security is part of contingency management to prevent, detect and respond to threats and weaknesses capabilities of internal and external to the organization.

Challenges in Information security.

There are several challenges in our constantly changing environment that makes it difficult to adequately protect our resources. There are blending the corporate and personal live, inconsistent enforcement of policies, lack of awareness in information security, information security threats and

Blending the corporate and personal live

Free internets facilities have make employees takes its advantages b used it for personal purposes. For example, employees use company email for some personal communications, and some workers may remove blackberry or mobile phones they use for limited personal use. Many people may not have a computer at home and use their company laptops for everything including conducting personal software, such as their tax software. On the flip side, some employees may bring a personal laptop to the office and try to plug in. This makes employees used organization asset that function to access and kept organization information for personal purposes. The risk of this action is, the information may be can access by other person from external organizations.

Inconsistent enforcement of policies

Many organizations either heir policy was not enforced in the past, or has done so inconsistent depending on the position of the employee. This causes a lot of issues when security functions trying to disable violators. Many organizations have underestimated the important of implement policies and regulation about the information security. This makes many organization writes the information policies but does not applied it.

Lack of awareness in information security

Lacking in information security understanding makes the employees in an organization not secure the information properly. They are lacking in awareness on important of information security makes the information is easier to being attacks. Basically, employees protect the information, but they do not take proper method in secure the information. This may put the confidential information in risk.

Information security threats

New security threats emerge every day from accidental malware program that can be installed on the user's machine, to phishing attempts that deceive employees to provide confidential information, to viruses, worms, and strategic identity theft attempts. Sometimes the threat that attacks the information in organizations is difficult to handles. It is because the protection programs that installed in the computer system to protect the data are not appropriately function or not good enough.

Difficulties in manage information security because of do not the proper qualification in information security.

Sometimes organizations do not take seriously about hiring employees based on their qualification. This is because there are organizations that hiring employees for the information security manager but it is doesn’t match with his qualification or skill that he have about information security. So, it is difficult for that staff to protect the organizations data with proper protection. This will makes other attackers easier to attacks and stole the information if the employees don’t have skill or knowledge on how to protect the confidential data.

Recommendations to address the challenges in information security in the organizations

In response to these challenges, several recommendations are proposed as follows:

Don’t mix the corporate and personal live

Employees should know their boundaries. They should know to differentiate their personal life and their job. They should not taking advantages by used company facilities for their personal. This is because they can encourage the threat attack and makes the organizations’ information is in risk. Organization should explain about this to the staff to let the staff know what they can and cannot. The employees should be explain about the rules and ethics in the workplaces before they start their works.

Follow the policies and stay to the policies

The organization should establish, implement and maintenance the policies about the information security. This is to ensure the employees follow the rules to access to the information. Information security policies are very important in the organization because the information security policy will state the information security requirements. So organizations need to review the policy on a regular basis to meet the security needs of the organization.

Increase the employees’ awareness level on information security.

In order to increase the awareness on security issues among the employees, the organization should take several steps to improve the employees’ awareness and understanding on the important information security. Method that could be taken by the organization is by give education to their employees about the protection of data and gives the training to the staff about the way to protect the data. By implement these methods, the employees can have better understanding about information security and also can protect the information well. Employees must understand and accept the risks that come with using technology and the Internet in particular. By knowing the threats that are present, they can learn to use the luxury of carefully, and not blindly accepting someone will have a solution for the problems they may face.

Install the appropriated protection programs and always secure the data.

The employees and organizations’ personnel must ensure that the organizations computer network is securely configured and actively managed against known threats. IT network professional also should help organization maintains a safe virtual environment by checking all computer assets and determine a plan for preventive maintenance. This includes routine cleanup programs and software that is unnecessary or unsafe, apply security patches as small pieces of software that are designed to improve computer security, and perform routine scan to check intrusion. Organizations also can review the IT professionals access rights and set up an automated procedure that requires employees to change their passwords at regular intervals to continue to protect. Organization also may review access rights and have the IT professional set up an automated procedure that requires the employees to change their passwords at regular intervals to further protect organization information assets. Beside that, the computer system should be install updated and latest protected program such as the updated antivirus to protect the computer from viruses attacks.

Hiring the qualification employees

To protect and secure the confidential information well, the organization should hiring the IT experts and employee that have the right qualification to protect the data. This is to ensure the employee know what to do if problem occurs and to protect the data as well. Besides that, the IT expert or the qualification staff have better understanding of information security and know the steps to ensure the information is always keeping safely.

Conclusion

Information security is crucial in organization. All information stored in the organization should be kept secure. Information security will be defined as the protection of data from any threats of virus. The information security in important in the organization because it can protect the confidential information, enables the organization function, also enables the safe operation of application implemented on the organization’s Information Technology system, and information is an asset for an organization. Even thought the information is important in organization, there are several challenges to protect and manages the information as well. One of challenges faced in an organization is the lack of understanding on important of information security. When employees is lack of information security knowledge in term of keeping their information, the organization is easy to being attacks by hackers or another threats that try to stole or get the organization confidential information. So it is crucial and important to all staff in an organization to have knowledge and understanding about the importance information security practice in an organization to protect the confidential data.