Creating IT security Awareness

Given that the service sector is growing more quickly than the manufacturing sector

data and information possessed by a business are seen as important assets. As a result, a crucial first step in protecting firm information is being able to recognize and manage risks and system vulnerabilities. Security policies are characterized as high-level expressions of organizational principles, goals, and objectives, as well as the broad strategies for achieving them in relation to safeguarding the assets of the business. On the other hand, organizations that regulate certain industries and professions are known as regulatory organizations. They consist of the NIST, AEAA, NRC, etc.

Potential risks to organization security

include loss of data, corruption of data and having incompetent IT staff while potential threats include viruses, malicious software, and theft from employees. The Software Development Life Cycle currently incorporates security in S-SDLC (Secure Software Development Life Cycle) to enable developers to build more protected software and report security compliance while minimizing costs of development. Organizations are seen to fear adopting the cloud due to privacy issues, security issues, and high bandwidth costs. Four methods to secure information assets include: Use of Strong passwords, encryption of information, installation of intrusion detection systems to alert owners about the information, and use of biometric systems to avoid unauthorized access.

Elements of a security policy include:

purpose of the policy, scope, information security objectives, authority and access control policy, data classification, data support and operations etc. Encryption works by using a complex algorithm called a cipher to turn normalized data (plaintext) into a series of seemingly random characters (ciphertext) that is unreadable by those without a special key to decrypt it.

Some important certifications to have in security include:

CompTIA Security+, Certified Ethical Hacker, and Certified Information Security Manager.

References

Merkow, M., & Briethaupt, J. (2014). Information security: Principles and practices (2nd ed.). Pearson Education.

How Does Encryption Work, and Is It Really Safe?. (2017). MakeUseOf. Retrieved 3 June 2017, from http://www.makeuseof.com/tag/encryption-care/

Key Elements of an Information Security Policy. (2017). InfoSec Resources. Retrieved 3 June 2017, from http://resources.infosecinstitute.com/key-elements-information-security-policy/#gref

Peltier, T. (2004). Information security policies and procedures (1st ed.). Boca Raton, FL: Auerbach Publications.

Rivard, F., Harb, G., & Meret, P. (2009). Transverse Information Systems (1st ed.). Hoboken: John Wiley & Sons.

Category:Vulnerability - OWASP. (2017). Owasp.org. Retrieved 3 June 2017, from https://www.owasp.org/index.php/Category:Vulnerability

Whitman, M., & Mattord, H. (2014). Principles of information security (5th ed.). Boston: MA: Cengage Learning.