A Primer on Information Security

A Primer on Information Security

Nowadays, the value of a business is determined by the nature of data it handles, the data its customers entrust it with.

It could be product information, launch plans, patent applications, source code, and designs, all of which are top-secret. It could also be the organization’s financial information such as its market assessment, estimated turnover, and profits. Confidential customer data such as their credit card information, credit rating, loans, and investments falls in the category of sensitive data.

The confidentiality and integrity of such data must be preserved by organizations and its availability, controlled. When it comes to sensitive data, the consequences of data breach may include but are not limited to business losses, legal liabilities, and loss of company credibility.

As is famously said, data is the new gold.

It is for these reasons guarding sensitive data against breach becomes critical to every organization, no matter how large or small. Organizations need to have a plan to secure critical data and mitigate security threats. Information security professionals responsible for rolling out and maintaining such plans in organizations usually refer to them as security programs.

Before we go any further, let’s examine the explanation for information security – “Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g.electronic, physical).”

Studies indicate that internal breaches are usually less than 2% which can include:

  • Sending information to the wrong recipient
  • Poor understanding of security procedures
  • Disregard of company protocols

Protecting Data

A security program in place indicates that the organization recognizes that the threat is serious and has, therefore, taken steps to mitigate the risk of losing data. A well-defined process also minimizes the risk of business loss resulting from a security incident. If you do face a security incident that has legal consequences, the written information security program can be used as evidence to show the organization was following industry best practices.

Here are some of the common measures taken to protect data from security threats:

  • Encryption of devices
  • Keeping of devices in secure locations
  • Regular backups
  • Lock-down of devices when not in use
  • Role-based access rights

Maintenance of audit trails and record of data

A Career in Information Security

Information Security being an advanced discipline a good candidate would be one with proficiency in of the areas of tech. While this isn’t mandatory, it is certainly common and also sought. Organizations look to hire people who have experience in more than just policy writing. Information security professionals normally have a background in one of the following areas:

  • System Administration
  • Networking
  • Development

Experience in more than one technology in areas such as database, networks, and operating systems is desirable.

Rashi Kapur

About author

You might also like

Featured Posts 0 Comments

“Accelerate growth and expand margin” – Isn’t a buzz word statement anymore

Businesses love the statement “Accelerate growth and expand margin.”

Featured Posts 0 Comments

KPIs and Data Sciences!

Key Performance Indicators (KPIs) are so common place in measuring business performance. 

A primer on Speech to Text technology

You can use your voice to control your computer. You can utter commands that the computer will respond to using the speech to text functionality.


No Comments Yet!

You can be first to comment this post!

Leave a Reply

+ 32 = 38