INFORMATION IS VALUE
In recent years several companies and financial institutions have made the front page of papers because of cyber-attacks and information abuse. These businesses are now more concerned about such events, yet probably most companies still consider it just another piece of news if an incident about personal or corporate information comes to light.
Author: Zsuzsanna Kohl
FrameWork Hungary Kft.
The information security incidents concern not only large companies, but also small and medium-sized enterprises, and governmental sector. Absuse with data could cause a serious problem in the IT field, but we either should ignore areas outside their. Although nowadays managing data electronically in large measure, the content of paper documents, photos, orally or coversations by telephone detour into unauthorized hands can mean financial and moral damage/losses for enterprise’s staff, customers.
Modern threats demand modern answers demanded
The reduction of risks resultive from theft and other abuses expansively,could achieved by the introduction of a management system, with which conscious, planned and continuously controlled operation can provide instead of partial solutions. The security of require information is not the only, or some security dispatch, and not concern only the IT area, but also organizational clues, resource management, physical security, and legal protection, among others. By the support of Information Security Management System (standard ISO 27001) information security can manage on risk base, protect against potential threats, ensuring their availibilty, integrity and confidentiality. Information security is not equal to information technology (IT) securit. To the information security should identify in the company those critical areas that you want to protect, they may be processes, technologies, departments, Information Systems, but the whole organization can also fall within the scope of information security. By a specific position paper (survey) the functional strengths and weaknesses can be mapped.
In order to be able to determine accurately int he whole company the damageable information tools, potential threats, vulnerabilities and potential consequences that may occur, analysis and evaluation of risks are essential /neccesary. There are several methods available, according to which fits most of the expectations, which method’s result give principally opportunity for estabilished decisions. The information resultant from the risk assessment must be handled with watchfully as based on these dispatches can draw up, respectively the assessment may raise several further questions.
How insureable the security of tools,informations are accessible by customers?
How preventable stoppage of organizational operation?
How insureable that the employees, contracted and user parties would give up from a company in regular way?
How can risk of system failures minimalized?
How avoidable whatever legal, regulatory, defined in law or contravention of a contracted liability?
However, in many cases, non-technological modifications or investments should be made, but the employee’s habits should be changed. It need to be known and foreshown recognize how to use of Information technology watchfully and safety. There an internal regulation is nessesary that contains clear policies and tasks for all employees. In accordance with the company's information security objectives expansively define the direction and principles, which is attentive with the current operational, legal and regulatory requirements and contractual security obligations. In the practical implement/ realization of information security policies (also) plays a key role of the Board. The first most important is to keep the important rules for themselves, the second is to make it understand with all colleagues the importance of this. By supporting the management can be successful such project and together with this can be achieved, that security efforts would be helpful in everyday work.
|FUNNY FLOWCHART OF A FAMOUS HUNGARIAN POEM||IT TAKES TIME TO FIND THE ONE||8 PRINCIPLES OF QUALITY COMPANIES|
|2014.06.07. HVG.hu||2014. 05.01. Piac&Profit||2014. 04. piac&profit|