Introduction
Security management in an organization refers to activities undertaken by organizations to protect their computer systems from unauthorized access and data loss. Computer systems in organizations handle data most of which is confidential. Good security management is an attribute of a good information system. Poor information management can bring about disastrous repercussions in any organization irrespective of size. A good example is the recent wiki leaks which have caused turmoil of unimaginable magnitude across the globe. This came as a result of hacking of America’s government information systems by unauthorized persons revealing diplomatic secrets. This unauthorized system hacking has caused irreparable damage to diplomatic relations the country enjoyed. The aforesaid scenario ought to have been prevented by having all security measures in place. These measures include prevention of access to information systems by un-trusted officials through good recruitment practices and thorough staff training, employment of technologically savvy information security experts to fight cyber wars and crimes, and building of good information system infrastructure.
Common threats to protecting information
There are many ways through which confidential data may get illegally accessed by unauthorized individuals or even get lost. These include physical theft of computers or computer hard disks, unauthorized access of unprotected computer data files, hacking of computer networks and passwords, loss of data files through system breakdown, distortion, and deletion of computer files by computer viruses, and even human error (Grass, 2008).
Whose duty is it to protect computer systems?
Security management in an information system calls for prevention of the aforesaid from happening and entails setting up of necessary security measures. This is the responsibility of computer manufacturers, software developers, network managers, and computer users. It is the responsibility of computer manufacturers to make computers that meet all the expected security measures and entails provisions on the hardware that enables the user to lock out all unauthorized physical tampering with computer parts. It is the responsibility of a computer manufacturer to produce computers that are easy to burglar-proof to prevent physical theft. Computer manufacturers may also incorporate security hardware in the computer systems to make it difficult for intruders to gain access.
An example of such security hardware is the integration of a fingerprint scanner or other biometrics in a computer system. On the other hand, software developers should ensure that their software is secure from any kind of attacks. Software developers should ensure that their products have safety measures like login screens that cannot be easily hacked to ensure that the information that the software processes/store is secure (Stine, 2009). Similarly, network managers should ensure that their networks are secure since most hacking is aided by the internet. Measures like firewalls should be used to protect users who use the internet. It is the responsibility of computer users to activate all provided security measures to prevent data loss and unauthorized access. This includes activation of passwords, firewalls, installing anti-viruses, bugler proofing, and tamper-proofing by padlocking computer hardware. The user should also keep passwords well lest they be accessed by malicious people.
Example of an organization
An example of an organization that has been a victim of information insecurity is the U.K’s News Corporation that has been hit by a hacking scandal. It is ironic that the News of the World newspaper, whose function was to expose the rot in the society, was actually among the organizations that needed to be exposed. The information that leaked to other media houses was the fact that the newspaper was being involved in hacking. The newspaper could have avoided this by putting in place physical controls by ensuring that only one or two people were privy to the hacking information and that people who knew about it did not get laid off. Better still the organization could have abstained from the vice.
Relationship between information security and information technology risk management
Information technology risk management is the process in which specific threats posed by technology are carefully analyzed, and measures to ensure that such threats are controlled are devised. Thus information security risk management helps an organization to make its systems more secure. It is thus one of the channels that can be used to achieve more secure systems (Reed, 2011).
Conclusion
As evidenced in the discussion above, securing information systems is a matter that should be taken with great seriousness if organizations want to succeed. This is loss of data or even the loss of data privacy can have serious consequences. Organizations have lost millions of dollars due to insecure systems. An example of how expensive it can be to run unprotected computer systems is a situation in which hackers intrude on banking systems and defraud banks of huge sums of money. Another example is in a healthcare setup where hospitals handle data of high confidentiality about patients. Unauthorized access here can lead to detrimental repercussions to both the patient and hospital management.
Reference List
Grass, G. (2008). Information about computer threats. Web.
Reed, E. (2011). Small Businesses: Importance of Information Security Management. Web.
Stine, K. (2009). Security Considerations in the Systems Development Life Cycle. Web.