Keeping Information Secure
Information Systems
If I were the Chief Intelligence Officer for an organization, there would be a number of things I would do to keep my organization's information secure. I would first make sure I had an extremely comprehensive knowledge of the kind of technology that best serves my organization. The kind of precautions a CIO must need to take are in part contingent on the kinds of technology and the kinds of information that need to be secured. Not all information systems are the same and they all do not serve the same function, though clearly there are general commonalities. Walton suggests that for all organizations, these five steps should be as follows:
Establishing and maintaining a meaningful and relevant security policy; Ensuring that your security policy has teeth and is enforced; Providing tools to help your IT staff implement your security policy; Closing an increasingly popular network back door; and Plugging security holes in cohosting situations. (Walton, 2001)
Each organization should have a very transparent security policy. The security policy should be clear, stringent, and with specific consequences for security breaches as well as improvement to security. Furthermore, the IT staff, specifically, must be well trained, well supported, and kept up-to-date regarding security policies and relevant technologies to uphold the security policy. Whitman (2003) additionally contends that organizational information security also depends on accurately assessing and categorizing the kinds of threats are present and likely based on the nature of the organization, the nature of the information technology used, and the nature of the information that needs securing. He claims there are twelve categories, including Acts of Human Error or Failure, Technological Obsolescence, Deliberate Acts of Sabotage or Vandalism, and Forces of Nature. (2003)
Networks, servers, and other forms of information technology support should be monitored carefully and the areas that are most used and most vulnerable should be fortified often. Therefore, as part of the security policy, there must be something that addresses training, assessment, and fortification. Besides having adequate equipment and training, the success of a policy that keeps organizational information secure is in part based on a great deal of practicality and common sense.
You’re 76% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.