Data Security and Regulations
This paper discusses data security, its importance and implementation. The way threats are posed to information of organizations is also discussed. There are plenty of leakage preventive solutions available in the market. Few of them are listed in the paper. There is a list of regulations governing data security in financial and healthcare sector at the end.
Data Security and Regulations
As we are advancing into information age, more and more data about a people as well as corporations are being recorded and stored in electronic form in order to retrieve and transport easily. The data network technology is also evolving, as a result accessing and transferring of data has become extremely easy. Along with ease comes the issue of security. There are certain kinds of data that are public and there are those that need to be confidential. The problem comes with the confidential data; this data needs access by only those that are supposed to. This is where information security begins. Information security has been around from ages, even during the time of kings, data security was around. But currently, Information security is more important than ever as more data is available and access is also easy. Personally Identifiable Information (PII), confidential information, intellectual property are the types of data assets that needs to be secured (Axelrod, Bayuk, Schutzer, 2009). PII is the data about an individual that can be used to identify the person; this data can be misused by anyone to get access to one’s financial information, medical information, etc. If this is not protected, there could be monetary or privacy damage. There are laws in most countries to protect PII but there are always loopholes and miscreants (Axelrod, Bayuk, Schutzer, 2009). Confidential information is regarded so depending on the context and time. This could be designated by the owner of data or the data sharing parties might come to agreement on what data to be designated confidential (Axelrod, Bayuk, Schutzer, 2009). There would be contracts indicating the confidentiality or the document would be labelled so. The data belonging to corporations which could be used by competitors or other businesses to seize competitive edge of the original company could be classified Intellectual property. These all are data assets as the data could be used in analytics to improve or protect a company’s revenue, reputation or competitive edge.
Nature of Information Security Threats
Threats to a company’s information security could be internal or external (Calder, Watkins, 2012). They could be intentional or accidental. The technology is available world-wide and the network interconnections allow anyone from any part of the world to carry out an attack. Their strategies and technologies are also evolving in different dimensions making it harder than ever to predict or protect from a particular attack (Calder, Watkins, 2012). Information security must be achieved through strategic approaches.
There could be three kinds of attacks an organization with improper information security could face, “Damage to operations” (Calder, Watkins, 2012).
“Damage to reputation” (Calder, Watkins, 2012).
“Legal damage” (Calder, Watkins, 2012).
Information Security for an Organization
Information security is not just a technology aspect like firewall and encryption; it needs to be implemented as an organization wide policy as well (Straub, 2008). This will influence all the activities an organization does in such a way that data assets are protected. This policy or philosophy of a company needs to be reviewed and revived regularly. The changes in the policy must be reflected in the plans, procedures, executions and operations. All the employees must be made aware of the importance of information security so that the accidental breaches are reduced and reported. The...
References: Axelrod, C. W., Bayuk, J., & Schutzer, D. (Eds.). (2009). Enterprise Information Security and Privacy. Norwood, MA, USA: Artech House.
Calder, A., & Watkins, S. (2012). IT Governance : An International Guide to Data Security and ISO27001/ISO27002 (5th Edition). London, GBR: Kogan Page Ltd.
Straub, D. W. (2008). Information Security : Policy, Processes and Practices. Armonk, NY, USA: M.E. Sharpe, Inc.
Please join StudyMode to read the full document