Information security basics

Have you ever heard the term information security and wondered what it was all about?

Information security is about protecting the confidentiality, availability and integrity of your information. Confidentiality means no unauthorised persons have access to that information, availability speaks to your having access to it when you need it, and integrity – no unauthorised changes have been made to that information.

Such information can be personal as in identification numbers, bank account numbers,  wills, etc.; information held by professionals like lawyers’ case files, doctors’ patient records; corporate customer records, financial records, asset registers, stock records, and information on manufacturing processes, trade secrets, strategic plans , just to name a few.

In the normal course of life, one does not really appreciate that information both personal and corporate has value and therefore one may find it difficult to understand why others may want it.

Your personal information can be used by someone else to assume your identity i.e. become you and transact business in your name. Think of a person getting access to your credit card or bank account information. The results can be that you are left having to prove that you are indeed you, facing large amounts of debt, or worse still (dependent on how much was in it) with empty bank accounts.  Recovering your identity can be a very difficult process and getting the debt cancelled or reduced even more difficult.

What if the patient records of a doctor are altered or even stolen from his office and patient information gets into the public domain?  The results can be disastrous for both patient and physician.

Theft of company trade secrets can spell significant losses in revenue and possibly the demise of the company.  Leaking of important information like financial records etc. while a merger or acquisition is being negotiated can severely impact those negotiations.

Loss of information through the destruction of company premises by fire, flood, hurricane or the crash of the information technology can be devastating to a company if there is no business continuity plan and or disaster recovery plan. Many of the companies that survived the 9/11 World Trade Towers incident did so because they had functional business continuity and disaster recovery plans. Those plans ensured the companies had access to critical information when it was needed. Those that did not went out of business since they had no way to recover critical business information. The value of the information to those organisations was not fully appreciated.

Know the value of your information. This can be done by categorisation and will determine what types of defences need to be employed.

These will include policies and procedures for accessing and handling your information, proper storage and backup facilities, technology such as firewalls, antivirus, intrusion detection; business continuity and disaster recovery plans, properly trained personnel to advise on or manage your information security.  These defences can be employed in varying degrees by the average person, the sole trader, the partnership, small business and the corporate giant alike.

The services of a competent and certified information security professional should be retained to assist in developing a comprehensive information security program to protect your information.

No Comments Yet.

Leave a comment