Importance Of An Information Security Of Softsolutions †Samples

Question: Discuss about the Importance Of An Information Security Of Softsolutions. Answer: Introduction As a company grows, the need for establishing a formal information security plan becomes a must, especially when the business is expanding. The more the employees, threat of data theft becomes more probable. Earlier the Company could easily manage the security of their information simply because of the less number of employees, hence tracking their movements were easy. But as an entity expands, need for a formal and more structured approach for security of the information becomes a necessity (Garrett). I being appointed as the information security manager of the Company, would detail out a formal report wherein I would be highlighting about the methodology that would be undertaken for managing the security of the data of the Company. The report would be designed in a manner wherein first and foremost the need and the role a formal structure would play for the organization. Further the various weaknesses which it would address will be discussed and what would be the implications in ca se of any theft of information which this said formal structure would help to manage and mitigate to some extent. I would also detail about the reasons behind having a formal policy and the benefits a company would derive out of such a policy. Last but not the least, to convince the readers further about the viability of my job, I would like to state a glimpse of therisk management plan that I have in mind with regards, managing the employment of the 20 people post acquisition of TransAct. Role Of An Information Security Manager In The It Governance Of A Company As an information security manager, I totally respect the fact that till date SoftSolutions have been successfully been able to manage the security of their data via installing various adhoc and unstructured methods. However the same was feasible until and unless the number of employees were small as when the business is small then it is easy for the owners to keep a strict vigilance personally. But the same demands for a more formalised structure when the number of employees shoots up above twenty five (Ansanelli,2005). Security is the most important factor for all entities. Outside hackers are not always a matter of concern, but also protection of internal hardware from leaking the confidential data is of equal concern. If a single customers data also gets disclosed, then the company ends up compromising on its reputation as well as trust. The job being done by SoftSoutions entails a huge amount of customer database as its job creation of websites for them, setting up of small crucial database containing critical information, which when revealed to the competition can lead to a financial loss to the client. As the business expands, need to protect the same becomes more critical as the employees are shifting from desktop operations to laptops and tablets, hence have a continuous access of information anywhere anytime. If there can be a leakage of data in Target wherein the security system was too tight, then happening of the same in a small company is not a difficult task. Thus the main role of an information security manager is to maintain a balance between the risks that are already present as well as those that are anticipated for the future. A companys level of risks undergoes change every month and it is the duty of an information security manager to be able to gauge such a change well in advance, thus we as security managers are proactive in dealing with such leakages and security threats (Brothy, 2008). Apart from managing the basic security hacks and risks, an information security managers job is also in managing the IT governance of any company. With acquisitions, the company would have more people on the board and due to the same, IT governance plays an integral role. IT governance comprises of guidance, organizational structures and the procedures that help to secure the data. IT security governance have five essential results. Firstly, it enables coalition of the safety of data with the business so that the aims of the entity are met. Secondly, it helps to manage risk by implementing suitable methods to direct and lessen risks and decrease possible implications on the information resources to a state which is acceptable by all. Thirdly,management of resources by making use of the information security knowledge and the infrastructure effectively. Fourthly, IT governance helps to measure, check upon and report information security governance metrics so as to conform achievement o f the goals of an entity. Lastly, value delivery by optimising information security investments in support of organisational objectives. Threats That A Formal Secuity Plan Would Deal With As is discussed above, being an information security manager, one of the main function is to ensure that the various weaknesses and threats to the data security is dealt with on time and in a more structured manner. On studying the working of the company, one of the biggest threat that the formal structure would deal with is keeping a track of the various applications being downloaded by the employees on their device. Since they have the liberty to download to any such software or hardware or datamanagement processes, hence their IP address should be tracked whenever a suspicion is felt. Further, the employees should not be allowed to work on road or within other businesses as this would lead to theft of their programming solutions due to which the company may end up losing various clients as well. Apart from that, the employees also have an access to the customers data which can be misused by them and SoftSolutions would not be aware also. Further the Wi-fi being used at various loc ations is also not reliable enough as various hackers create such false networks via which they steal the personal information of the customers. If the same is not managed then the company would be at a reputational as well as financial loss. I would also suggest that since the employees are using their devices mobile, hence VPN should be adopted which helps to protect the information since it encrypts all the things that are being sent thereby ensuring better protection (Cobb, 2015). Thus by installing all these protection and ensuring that the Wi-fis are avoided to be used at unknown places can help to deal with the issue in a better manner. Further the company should lock some of the websites which the employees cannot access even if the internet connection is an outside one. There systems should be thoroughly checked often and the access of the entire system should be made available at a host system whose access should only be with Tim and Catherine (Kochetkova, 2015). By doing so the employees would also be aware that any theft, they would be caught easily. Methodology For The Devlopment Of An Informtaion Security Policy The main aim behind the said methodology is that it would act as the main source and will provide a universal direction for the development, execution and preservation of an efficient and developing information security policy. The methodology is divided into five phases. The first is that of the assessment of the security required with regards the information which includes analysing the areas of threats and how the same should be safeguarded. Second is the construction of a policy which mainly concentrates upon development of the contents of the policy, who are the target audiences at whom the policy aims, its scope, the rules and regulations laid down for the employees and how the security of data would be managed. Third is the implementation of the policy, prior to which a thorough analysis oft he policy is done again so that any ambiguity is cleared and the same is valid enough to be rolled out formally within the organization. Fourth, maintenance of the existing policy as the t echnology changes, the ways of stealing the data improves too, hence the policy needs to be reviewed on a timely basis so that adequate changes as per the needs of the company is made. Lastly is the support of the employees which is one of the crucial as well. One of the most striking factor for the success of any policy document is the support from the employees, else it would be difficult to maintain the security and safety of information within the organization (Ramdeyal Eloff, 2010). Reasons For Developing A Formal Information Security Policy First and foremost, in a Company wherein no formal policy exists, the employees tend to behave in a notorious manner. As soon as the entire policy of information security is written in black and white and a consent of the employees are undertaken to abide with the same, theft lessens considerably. In such a manner, SoftSolution would be able to charge the employees with adequate punishments in case of any hacks and thefts (Brdiczka, 2014). Thereby a formal information security policy is a must specifically for companies which are growing because it safeguards the entities via upbeat strategy stands, develops laid down rules and regulations with regards how a user is required or expected to behave which covers the IT personnel as well, spell out clearly what be the outcomes in case of any such violations, formulate and develop baseline stance on security and protection so as to lessen the risk for the company and lastly makes it clear to people both outside as well as inside the organ ization that information is one of the most crucial assets of the entity and thereby it is a must that the same should be protected else it would lead to legal consequences (Chapple et.al. 2002). One of the main benefits that SoftSolution would derive by implementing or having such a policy in place is that employees would be self-disciplined. Thus the Company would be able to secure more orders and customers as well since they would be aware that their company data is secured at its best (Lord, 2017). Risk Management Plan Post Acquisition Of Transact To make themanagement understand in a better manner the importance of my role in the company, I would like to detail out a formal risk management plan in short that is their within my mind with regards taking over the employees of TransAct. A risk management plan along with a cost-benefit analysis are an integral part of the continuity plans for any business. By foreseeing the probable risks and hence trying to mitigate them will ensure that the business is able to recover the same if any such mishap happens. In this scenario, the company is going to have people on board by compulsion i.e. due to the acquisition of TransAct and thereby have no way to interview them. Thereby simply basis the management being happy with them, they had to be taken up. Thus the information security policy which is there in place should be signed by all so that they are aware of the consequences of any unscrupulous acts. Secondly, formal training is also a must highlighting the integral parts of the policy documents. Further, if there has been a hack in the past then the same should be made aware to them so that they come to know about the punishments and its severity. This way the company will be able to ensure that the data is protected and at the same time also gain the benefit of the customers who are already working with TransAct and the employees who have rapport with them. Thus by ensuring that the risk management plan and policy is communicated and providing them timely training would ensure that the c ompany is benefitting more. They get a whole database of fresh customers and those employees as well who are well-versed with their requirements. In this manner they would be able to continue relationships with them and the trust factor would also be better. Last but not the least, these employees also know how to provide after sales services which is very crucial for the success of any company in todays competitive scenario. Further the present employees of SoftSolutions would also find it easy to communicate with the new clients via the employees of the new company thereby if any new employee misuses the information of the entity, even then the company would not loose out on the client. Thus the overall benefit of getting new business and support service trained employees is much more than the cost that would be incurred in implementing a risk management plan. Thus the said plan would work as a contingency plan as well that if any of the new employee tries to betray the company, then also they have the option of retaining the client by the services they provide and also employing another reliable employee. This way they would not loose a customer and also secure their data well (Lee, 2001). Conclusion Thereby, the said reading defines the importance of my job profile and further to this, it is not a one time affair, rather an ongoing one since the requirements of the safety of the information changes. Businesses are becoming so competitive and globalised, that the importance of safety of data specifically of clients is a priority which needs to be addressed continuously. The employees keep on changing, some may leave, new may join and the frauds conducted by any may give a lesson to the company to improvise upon the existing security policy and systems. With the system of improving periodically, so will the confidence and trust of the customers both new as well as prospective ones. The mind of the hackers and the insider fraudsters keeps on thinking upon newer ways to hurt the organization and thereby the need for the information security officer ensures that there is an ongoing improvisation upon the already placed security system. Therefore my position as an information security manager would benefit the organization both in safeguarding their data and reputation as well as gaining them financially as well. References: Ansanelli,J., (2005), Employees the biggest threat to network security, Available at https://www.networkworld.com/article/2318535/lan-wan/employees-the-biggest-threat-to-network-security.html (Accessed 11th October 2017) Brdiczka,O., (2014), Insider Threats How they affect US Companies, Available at https://www.computerworld.com/article/2691620/security0/insider-threats-how-they-affect-us-companies.html (Accessed 11th October 2017) Brothy,W.K., (2008), Information Security Governance Guidance for Information Security Managers, Available at https://www.csun.edu/~yz73352/657/sent-0710/InfoSec-Guidance-for-Mgrs-Research-21May08.pdf (Accessed 11th October 2017) Cobb,M., (2015), Secure Public Wi-Fi : Locking down employees Wi-Fi security settings, Available at https://www.computerweekly.com/tip/Secure-public-Wi-Fi-Locking-down-employees-Wi-Fi-security-settings (Accessed 11th October 2017) Chapple,M., Shinder,D.L., Tittel,E., (2002), Security Administration The Importance of a Security Policy, Chapter from the book: TICSA Certification : Information Security Basics, Available at https://www.pearsonitcertification.com/articles/article.aspx?p=30077seqNum=6 (Accessed 11th October 2017) Garrett,C., Importance of a security policy, Available at https://www.slideshare.net/charlesgarrett/importance-of-a-security-policy-11380022 (Accessed 11th October 2017) Kochetkova,K., (2015), 8 security rules for public Wi-Fi users, Available at https://www.kaspersky.co.in/blog/8-security-rules-for-public-wi-fi-users/5460/ (Accessed 11th October 2017) Lord,N., (2017), Data Security Experts Reveal The Biggest Mistakes Companies Make with Data Information Security, Available at https://digitalguardian.com/blog/data-security-experts-reveal-biggest-mistakes-companies-make-data-information-security (Accessed 11th October 2017) Lee,D.R., (2001), Developing Effective Information Security System Policies, Available at https://www.sans.org/reading-room/whitepapers/policyissues/developing-effective-information-systems-security-policies-491 (Accessed 11th October 2017) Ramdeyal,A., Eloff, M.M., (2010), A General methodology for the development of an effective information security policy, Available at https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.217.3776rep=rep1type=pdf (Accessed 11th October 2017)