Data security is a growing concern for many enterprises. It is the means of ensuring that data is kept safe from corruption and the access to data is suitably controlled. Hence, it helps to ensure privacy, protecting personal data [1].
Without the good management of data from the aspect of security, the important data may lose. It needs to spend time and effort to collect and reproduce the data. From the aspect of business, financial information like accounts and tax details or employee information like payroll and personnel files could be difficult to replace as well. Besides, it can be very expensive and time-consuming to replace the data that is lost. For the projects in progress like the new product designs could be delayed as the work need to be redone. To make matter worst, the sales, distribution and the reputation of the business could be directly affected [2]. The firms could lose thousands or even millions of dollar.
The virus can also damage the business by making documents stored on computers unusable. It can remain hidden in a computer system, triggered by a date or a certain combination of keys being pressed [3]. A virus can make the lost of data in a customer database such as customer names, contact details and information. Thus, the contact between the suppliers and customers will become more difficult. It delays in making purchase orders and taking customer orders [2]. With the weak security protection for the data, the hacker can easily make the alternations of data in faster way without physically visit the place where the data is stored and shows no clear evidence that changes has been made [3]. Any individual who suffers damage as the result of a hack or virus is entitled to compensation if the company is unable to prove that it had taken appropriate technical and organizational measures to secure the data [4].
Confidential communication like medical information or bank account details could end up being sent to the wrong person. What is more, the information falling into the wrong hands could assist the criminals [3].
In a nutshell, the eradication procedures to prevent the attack of virus and hacker are needed. Data security or information security in general can help in this protection.
How security policy plays an important role in ensuring IT Security.
A security policy is a plan of action for tackling security issues or a set of regulations for maintaining a certain level of security [5]. As a set of rules and practices, it governs how an organization manages and protects its assets which can include facilities, equipment, infrastructure or information. IT security focuses on the protection of computer systems or software, network connectivity and sensitive or confidential information [6].
The IT security policy takes account of common risks to the data. It will allow staff to understand and adopt appropriate security measures, creating a security-conscious culture. The IT security policy covers both external threats such as viruses and internal threats such as the theft of data [2].
To ensure the IT security, the policy provides [2] [6]:
- Secure login identification for using IT systems by defining password requirements and lockout parameters.
- Logical access controls, limiting access to information and restricting access to the level needed for each job.
- Confidentiality rules for customer and business information.
- Plans for business continuity management.
- Prohibit the browsing of websites likely to contain offensive material and virus.
- Prohibit the use of email to send or receive the offensive material, virus and sensitive commercial information.
- Prohibit the use of business email and web facilities for private use.
- Configuration on the use of Internet Protocol Security (IPsec) to encrypt data in transit over the network.
- Standard setting for Windows Firewall for all the computers within a domain.
- Smart cards requirement to be used for logon and multi-factor authentication.
- Trusts between domains.
- Control for disk quotas for users.
References
- http://en.wikipedia.org/wiki/Data_security
- http://www.businesslink.gov.uk/bdotg/action/detail?type=RESOURCES&itemId=1073791301
- http://www.stdavidscollege.co.uk/IT/New%20BusCom%20Website/Theory/Office%20Environment/importance_of_the_security_of_da.htm
- http://www.itsecurity.com/archive/asktecs/mar2502.htm
- http://en.wikipedia.org/wiki/Security_policy
- http://www.windowsecurity.com/articles/Understanding-Roles-Server-2003-Security-Policies.html
No comments:
Post a Comment