Information systems security planning and audit
Today’s advanced technology requires each company to implement a comprehensive information security policy to guard their valuable assets. Recently, there have been many cases that exist concerning data breach of the company’s confidential information that has led to the loss of customer data records. Data breach tarnishes the company’s reputation and can lead to a decline in the company’s stock prices. Therefore, companies must implement strong information security policies to avoid cases of a data breach. The purpose of this paper is to discuss the importance of developing a comprehensive information policy and different kinds of network attacks.
Lack of a strong information security policy can make a company to become another governmental statistics. For instance, in 2005, 9033 data breach cases were reported. In the year 2018, the number of data breach cases had risen to over 11,582,116,000. There was a time when the German federal police arrested a college student who was engaging in massive data breach cases that were reported in Germany. It was found that the same student had access over 1000 peoples’ data and had managed to leak it to potential attackers.
Data breach affects the company’s revenue. In 2006, IBM identified that a company spends over $4 million in every case of a data breach that they experience. IBM vice president was recorded saying that the current technological advancement makes it easy for attackers to attack even the most prepared people and companies. Also, it was noted that the cost of each data record stolen ranges between $80 and #355. The numbers of data records that were compromised during a data breach increased from 1.8 percent to 24,089 records. The IBM security states that the possibility of been involved in a data breach is 1 in 4 which is higher than the probability of been struck by lightning which is 1 in 960,000.
Additionally, it costs a small amount of money for a company to prevent a data breach incident to react to a data breach incident that has already occurred. Therefore, each company should establish a fast-acting incident response team to take care of a data breach that might arise. To contain a data breach incident, the response team takes an average of 46 days.
In the United States, corporations that hire more than 1,000 employees, used up to $15 million a year to battle cybercrime in 2015. “Attacks relating to malicious code, malware, viruses, worms, trojans and botnets accounted for 40 percent of this cost, followed by 16 percent for denial of services, 14 percent for phishing and social engineering, 12 percent for web-based attacks, 10 percent for malicious insiders and 7 percent for stolen devices” (Korolov, 2015).
A company can avoid cases of a data breach by implementing strong security policies. These security policies include network security, intrusion detection, remote access, information security training, secure use of i9nternet, and password protection. These policies are explained below
- Network security
Network security outlines the requirements and procedures that should be followed by employees. A company can secure its network trough implementing multiple layers of security to limit the access of their valuable assets by potential attackers.
- Remote access
Remote access security comprises the rules and requirements that every individual in accompany should meet before accessing the comp0nay’s network. The policy reduces the potential damages that can be caused by unauthorized remote access connections through the use of the company’s resources.
- Secure use of internet
Companies develop this policy to ensure that employees do not access contents that are inappropriate for a work environment. The policy is designed in a manner that specifies the personal use of the internet from work use. The policy is important as it enlightens employees on the threats associated with unnecessary downloads via the company’s network.
- Password protection
The password plays an important role in ensuring that the company’s devices are protected from unauthorized access. For instance, the policy would need the user passwords to be at least eight characters in length, be a combination of alphanumeric, upper- & lower-case letters as well as comprise special characters. Passwords should be altered every thirty days and unable to be repetitive for ten iterations.
- Information security training
Companies can install the most effective security intrusion recognition equipment with the most affluent software on the market, but without skilled employees, this will not inhibit a company from being compromised. The best equipment is only as good as the person who uses it. That is the reason why our company must safeguard every employee and ensure that they receive the proper training.
Conclusion
The development of comprehensive information policy is the most crucial part regarding the operation of every company. Companies must implement strong information security policies to avoid cases of a data breach. Also, a company might fail to implement an Information Security Policy and introduce other measures of dealing with the data breach. Such companies may deal with the repercussions of having a security breach where their reputation is tarnished and they experience loss of millions in revenue due to lawsuits and negative publicity. A comprehensive Information Security Policy safeguards the company’s tangible and intangible assets.