Maintaining the security and privacy of business files and employee records.
U06a1
Karen Lloyd klloyd@capellauniversity.edu IT 3006
Communication Strategies for the IT Professional
June 12, 2011
Introduction
In today’s business world the security and privacy of employee files, business trade secrets and proprietary information has became an increased problem. The information is being compromised and/or stolen from within the business environment itself. The files are not protected from unauthorized individuals. These files can be protected using various methods, such as individual user accounts or profiles, storing paper files in a secured area as well as, improved electronic data storage.
New employees will fill
…show more content…
There needs to be procedures in place for all departments and employees to follow. The security measures need to be monitored to ensure that everyone is following protocol. If a business experiences information theft at any level they could have prevented it by implementing and enforcing security measures.
Conclusion
All employees and businesses need to be aware of the potential danger to information security and privacy. It needs to be top priority within a company’s daily operation. Employees need to be more concerned of the safe keeping of their information. With all the advancements in technology there are many ways to ensure security and confidentiality of all employee and company information. Data storage options, limiting personnel access and enforcing processes and procedures are just a few. All individuals need to be concerned about the security of their own personal information. It is everyone’s right to ask how a company secures their information when it is acquired. Everyone has the right to ask who has authorization or access to their information. Do not be afraid to ask and if you are denied an answer reconsider accepting employment.
References
Gueldenzoph, L. E., & Snyder, M. J. (2006). In Kaliski B. S. (Ed.), Encyclopedia of business and finance; privacy and security (2nd ed.). Detroit: Macmillan Reference USA. Retrieved from
Confidentiality is the protection of information from unauthorized access. This is the assurance that information provided has not been made known to unauthorized persons, processes or devices. The application of this security service suggests information labeling and need-to-know imperatives are core aspects of the system security policy. Information, in today’s world, has value and everyone has information they wish to keep secret. Information such as credit card details, trade secrets, personal information, government documents, and many more. It was stated (Securitas Operandi™, 2008) that, we are bound to keep many secrets – corporate, staff, and personal secrets. We must keep this confidential information under wraps and earn the trust of employers, colleagues, and regulators every day. Mechanisms to enforce this include cryptography, which is, encrypting and decrypting data, access controls such as
The departments of a company that are holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).
The consumer expects that when using a public computer for a specified task such as printing through a service, that the data or material is protected from other users including employees. When using a public computer for internet surfing, tax filing banking, etc. the general public user does not always think about the threats to security of their own personal information. It is important for the company to protect the users in addition to the users understanding the potential threats that exist when entering personal information.
Company must also develop a clear structure for granting employees access to sensitive information. Not all employees need such data in order to fulfill their everyday job responsibilities. For those who need admission to sensitive information, a strong authentication mechanism must be developed, which cannot be bypassed. This will ensure that only authorized users are accessing compromising data.
In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.
Confidentiality is very important when in the workplace, in order for to maintain confidentiality there needs to be some set rules and regulations that all service users must adhere to. This includes putting passwords on computers/laptops that have confidential information on, information kept in files or filling cabinets should be locked away and secure, never leaving offices unlocked for long periods of time
Employees who have electronic or physical access to critical assets should know how to handle sensitive data securely and how to report and respond to cyber security incidents. Ensuring that access privileges would revoked at termination or transfer and that all equipment and data are returned to the
Every organization must have adequate control mechanisms in place to help protect sensitive information from the distribution or transmission outside the organization, inappropriate disclosure, and control of how the information accessed is used. Companies should have policies in place that outline the course of action to take should inappropriate usage or disclosure of data be
The safeguards applied will be based on the sensitivity of the information, with the highest level of security given to the most sensitive personal information. We utilize user IDs, passwords and encryption innovation, and limit the workers and contractual workers who have access to personal information to those having a "need to know" and who are bound by confidentiality obligations in order to guarantee that information is taken care of and stored in a secret and secure way. While destroying personal information, we delete electronically stored personal information and shred any physical materials containing personal information, you acknowledge that deleted information may continue to exist on backup media but will not be used unless permitted by
Restricting access to sensitive information plays a vital role in the success of any organization. Information is deemed sensitive when it needs protection from unauthorized access. Protecting this information is essential in safeguarding security and privacy of an organization. Thus, an organization such as Bank of America has taken measures geared towards protecting its sensitive information from unauthorized access. Just like other organizations, Bank of America has two types of sensitive information. The first type of sensitive information is personal information. This is data that may affect an individual if
As technology grows and information has become a critical asset companies currently are devoted their resource and money to protect their data as important as their finance and human resource assets.
While all of these technologies have enabled exciting changes and opportunities for businesses, they have also created a unique set of challenges for business managers. Chief among all concerns about technology is the issue of information security. It seems to be almost a weekly occurrence to see a news article about yet another breach of security and loss of sensitive data. Many people will remember high profile data breaches from companies such as T.J Maxx, Boston Market, Sports Authority, and OfficeMax. In the case of T.J. Maxx, a data breach resulted in the loss of more than 45 million credit and debit card numbers. In many of these incidents, the root cause is a lack of adequate security practices within the company. The same technologies that enable managers can also be used against them. Because of this, businesses must take appropriate steps to ensure their data remains secure and their communications remain
Because of these unawareness, tech companies should enforce “informed consent” into their business practices. They should provide all information relate to the specific service in a way that consumer can understand and have access to that information. According to the Nolo’s Plain-English Law Dictionary (Cornell Law School), informed consent is “an agreement to do something or to allow something to happen, made with complete knowledge of all relevant facts, such as the risks involved or any available alternatives.” The key phrase here is “complete knowledge”. The users should able to comprehend the implication involved with the services that tech companies provide. Hence, they can make a viable judgement with all the facts present in front of them.
a significant amount of data security breaches are due to either employee oversight or poor business process. This presents a challenge for businesses as the solution to these problems will be far greater than simply deploying a secure content management system. Business processes will need to be examined, and probably re-engineered; personnel will need to be retrained, and a cultural change may be required within the organization. These alone are significant challenges for a business. A recent example of what is probably unintentional featured an Australian employment agency’s web site publishing “Confidential data including names, email addresses and passwords of clients” from its database on the public web site. An additional
Database security is vital for any and every organization which uses databases. Without proper security, the databases can be breached and the breaches can lead to confidential information being released. This has happened to many organizations whether they are large or small; for example, in the past few years Target and Sony both fell victim to database breaches. To make matters worse both Target and Sony were actually warned about the flaws in their security, but neither took any action to resolve the flaws. Looking into these breaches and how they were handled could lead to designing better databases. Organizations should also look within themselves to assure all employees know good security practices. Simply following regular procedures such as installing antivirus software and firewalls can help create more secure databases. An organization should look at all of their databases to ensure the same top level security is established for all of their databases.