May 17, 2016 Comments 0 Rashi Kapur

A Primer on Information Security

Nowadays, the value of a business is determined by the nature of data it handles, the data its customers entrust it with.

It could be product information, launch plans, patent applications, source code, and designs, all of which are top-secret. It could also be the organization’s financial information such as its market assessment, estimated turnover, and profits. Confidential customer data such as their credit card information, credit rating, loans, and investments falls in the category of sensitive data.

The confidentiality and integrity of such data must be preserved by organizations and its availability, controlled. When it comes to sensitive data, the consequences of data breach may include but are not limited to business losses, legal liabilities, and loss of company credibility.

As is famously said, data is the new gold.

It is for these reasons guarding sensitive data against breach becomes critical to every organization, no matter how large or small. Organizations need to have a plan to secure critical data and mitigate security threats. Information security professionals responsible for rolling out and maintaining such plans in organizations usually refer to them as security programs.

Before we go any further, let’s examine the explanation for information security – “Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g.electronic, physical).”

Studies indicate that internal breaches are usually less than 2% which can include:

Sending information to the wrong recipient
Poor understanding of security procedures
Disregard of company protocols

Protecting Data

A security program in place indicates that the organization recognizes that the threat is serious and has, therefore, taken steps to mitigate the risk of losing data. A well-defined process also minimizes the risk of business loss resulting from a security incident. If you do face a security incident that has legal consequences, the written information security program can be used as evidence to show the organization was following industry best practices.

Here are some of the common measures taken to protect data from security threats:

Encryption of devices
Keeping of devices in secure locations
Regular backups
Lock-down of devices when not in use
Role-based access rights

Maintenance of audit trails and record of data

A Career in Information Security

Information Security being an advanced discipline a good candidate would be one with proficiency in of the areas of tech. While this isn’t mandatory, it is certainly common and also sought. Organizations look to hire people who have experience in more than just policy writing. Information security professionals normally have a background in one of the following areas: