Information Security

Introduction

The current issues that are facing information security are grouped into two categories; there is technical and technology which may involve hardware, software, data and the communications network and there is also the business and non-technical side which is composed of the business protection, privacy and confidentiality as well as the human factors like features of employment. The said issues are of concern when one considers the threat which is posed as a result of human failure, poor intellect, deliberate actions, nature, varied forms of quality of service and technological failures.

This hence calls for the strict implementation of the national private policies to the organizations so as to keep tabs with the protection of data (Government of South Australia 2009). A privacy policy is normally a document that some or all of the methods that an individual or group applies and operates a client’s data or information. The components of a privacy policy will more or less be reliant upon the applicable law of the country, in this case Australia. There is similarly guidance for the Australian privacy content policy for the several organizations.

Data collection

Data collection assists organizations to examine their well-being. It involves planning for and acquiring relevant information on the important features produced several processes. Organizations are involved in the operation of large amounts of a data, essential methods are supposed to be put into place in the collection of data. Organizations use the collected data as a foundation to making decisions, a team is able to formulate and test the procedures it has in place so as to elevate the features of the goods and services (Ethical Advisory Committee 2006). The process involved in the collection of data has to be definite that’s why a relevant plan is needed.

An organization in the transaction of its business should not collect inaccurate information; postdated, irrelevant or incomplete. According to the national privacy policy guidelines, it is objectified to hinder the effects of an organization from collecting and using inaccurate information. Relevant steps are put into place to maintain accuracy as they collect and use data.

Personal Data Security

Personal information is a form of information that is not intended for public use. This brings forth the aspect of data security which involves the protection of information from unnecessary changes, destruction or availing to people not supposed to be availed to. Several steps have advanced to try and solve this issue of personal security. As this issue continues to be a concern to many organizations, the involvement of the government has elevated the responsibilities to the companies.

There are several things that that may result from the violation of information security. There is an elevated level of risk the ease to access information or data no matter how legitimate it may be; there is a high chance of acquisition of identity otherwise known as identity theft (Identity theft 2010). This would create a situation where it would leave all important documents at the intruder’s disposal as he can access the data. There other reason is the availing of necessary data to other people not authorized to be in possession of it. This hence calls for the protection of data provided to unauthorized persons and hindering identity theft. This is prevented by knowing the person who is requesting the information. Identity thieves will attempt to acquire ones identity using whatever means like conning among others.

According to the access to records of personal information, it states that an organization should be in control of their own personal information. A person has to be able to access his or her records in reference to the Freedom of Information Act 1991.

According to the guidelines of the national privacy policy number 4 on data security, it speaks of the protection of personal information (Office of the Federal Privacy Commissioner 2001,). It aims to prevent mishandling and access by unauthorized persons and also from changing it. Security of information involves; physical security which is composed of systems to detect unauthorized persons. Computer and network security aims to apply protection of the computer systems and networks for keeping, processing and transmitting data from unauthorized access and alteration.

Data Storage

In reference to the national privacy policy, data storage is the prime duty for the organization to ensure that data does not fall into the wrong hands. It is necessary for an organization to securely store data, for the protection of its clients and the management team. Information should be securely stored to avoid any attempts of loss, mishandling, access and application by people by persons who are not licensed to do so (Corrections Government 2011). This may be done through safely storing information and avoiding carelessness, keeping track of the whereabouts of the documents, being responsible for ones actions, securely locking the premises the documents are kept and providing a safe verification of identity when retrieving any data from the organization as well as destroying any documents that are not needed as stated in the data security guidelines of the national privacy policy.

Use of personal information

It is worldly known privacy policy that the use of personal information should be done accordingly and in a secure manner. The principle states that personal data must not be used or even disclosed for purposes which it is not intended for unless it is according to the purpose it is intended for. Use of any data should be done according to the laid out law as well as the owner’s consent. In reference to the national privacy policy guidelines, the use of personal information should be for the main purpose of collection, any other purpose that is not considered is avoided known as secondary use (Treasury Board of Canada Secretariat 1993). The sensitivity of information has to be related to the main purpose it is collected, this otherwise means that there is a correlation between the use and the collection of the data.

Disclosure of personal information

Disclosure means the availing of information through any method to the individual(s) intended important information belonging to an organization should be availed to the necessary groups to avoid its mishandling. Privacy policy states that any disclosure to a third individual is avoided unless; one receives consent to do so, if the disclosure will minimize an impending or an already present threat, and if it is required by law (Thornton 2011). The guidelines further goes to state that the disclosure of information to individuals will be done according to accepted business desires. An organization will minimize its risks whence it ensures that the members of the organization are well informed of the reasons as well as its proposed disclosure. The disclosure of information whether for primary or secondary purpose should be done with consent from an authorized source.

Part two

Information security is a set of procedures which involves the protection of availability, secrecy and integrity of information. The data kept by organizations are confidential and should not be placed available for public access. Organizations keep most of the information in computers in databases. An effective system of information security involves a wide range of policies, technologies and protocols. A coherent application of both the hardware and software are necessarily used like firewalls, antivirus and computers are used. These are all necessary for the protection information access. As mentioned above the central issues on security to an organization are technical & technology and business & nontechnical. For one to be able to protect information there are normally some level of probability or occurrence of an event that one is involved in, attempts to avoid such risks may prove futile as well as costly to the organization (Enterprise Security Lecture 2011). In the event of trying to get rid of the available threats to a company’s information, there are normally a series of things to be accomplished;

There is the identification of certain sectors that will lead to information security; the identification of the information that is worth protecting, this may be based on important information that the company may not want to be made available to others, the identification of the sources of the important threats and the picking out the weak points. This is then followed by an analysis of the areas considered as a threat consequently causing a loss of company information. The analysis may vary according to the desire of the organizations like the nominal scales. Strategies are then sort and put into place to hinder any further risk happening as well as reducing the effect caused by loss. The strategies may involve avoidance which is ensuring that all factors are handled so as that the risks can’t happen and there is also abstinence. Transference is another aspect which involves shifting roles so as to protect others. Mitigation is another which involves the minimizing the effect of an act, recovery of plans and backups. Consequently, there is acceptance which aims to accept the effect of a risk and may even go ahead to doing nothing.

The security of an organization is divided into several compositions; physical, operational, communication, network and information security. An ideal security measures involves security policies, practices, awareness, and implementation. This will all come to play in a well-structured security model composed several attributes like confidentiality, integrity and availability.

Conclusion

Information security to an organization is necessary to advance ones goals and visions. An organization that does not put into place the necessary measures to protect its information will suffer market wise as well as in the management. With the latest information technology systems in place, it becomes necessary that enterprises advance their security systems. This will become possible with the structuring and the implementation of necessary strategies.

 

 

 

 

References

Corrections Government, 2011, Storage and Security of Personal Information, viewed on 17^th June 2011 from http://www.corrections.govt.nz/policy-and-legislation/cpps-operations-manual/volume-4/part-1—management-of-risk/chapter-8—privacy/section-8d—collecting-and-storing-personal-information/storage-and-security-of-personal-information.html

Government of South Australia, 2009, Cabinet Administrative Instruction 1/89, viewed on 17^th June 2011 from http://www.archives.sa.gov.au/privacy/principles.html

Identity theft, 2010, Personal Theft, viewed on 17^th June 2011 from http://www.identitytheft.info/personalsecurity.aspx

Ethical Advisory Committee, 2006, Guidance Notes for Investigators Data Collection and Storage, Loughbrough University, viewed on 17^th June 2011 from http://www.lboro.ac.uk/admin/committees/ethical/gn/dcas.htm

Office of the Federal Privacy Commissioner, 2001, Guidelines to the National Privacy Principles, viewed on 17^th June 2011 from http://www.privacy.gov.au/materials/types/guidelines/view/6582

Thornton, G. R 2011, Disclosure of personal information, viewed on 17^th June 2011 from http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1305838/

Treasury Board of Canada Secretariat, 1993, Use and Disclosure of Personal Information, viewed on 17^th June 2011 from http://www.tbs-sct.gc.ca/pubs_pol/gospubs/TBM_128/CHAP2_4-1-eng.asp

Enterprise Security Lecture, 2011 viewed on 17^th June 2011