As discussed on 3.3 which deal with security requirements, it has been stated that the concept
of CIA is very important. Further, security threats are inventive according to the new
information technology launched. These security threats constantly evolve and are harmful to
an organization as they steal, harm or corrupt information stored in an organization’s system.
An organization should arm themselves with resources to safeguard themselves from the
ever-growing security threats. Therefore, the CIA triad though being a security model and
guide for organizations to protect their sensitive data there are a few other data security
considerations that one should be aware of:
Access security- By restricting access of users who have been granted access to
information, thereby results in monitoring who all have access to a particular data.
Therefore, in cases of data theft, sifting through the timelines of access granted to users
can be easier to track down the culprit.
Data encryption- Data when kept unencrypted leads to misuse of personal data by
cybercriminals. Therefore, data has to be encrypted by usage of unique encryption codes,
so as to avoid leakage of vital information stored in databases. When data has been
encrypted and only the user has access to such a data has the decryption code, results in
prevention of data theft.
Email security-It is a form of procedure to protect an email account and the contents on
an email account from unauthorised access. Therefore, measures like strong email
passwords, end-to-end encryption of emails or messages that are sent from one person to
another result in prevention of misuse of data, as emails are a popular forum for hackers
to spread malware, spam and phishing attacks. For example- end-to-end encryption used
by WhatsApp.
Risk-assessment analysis- Organizations have to take a proactive approach while
dealing with information security concerns. The main of conducting a risk assessment is
to identify the risks pertaining to information stored in an organizations system. By
conducting risk assessment analysis, an organization can understand and assess internal
and external risks to their security, confidentiality and personal information stored in
various storage media like laptops and portable devices.
Monitor effectiveness- It is critical for an organization to verify security programs
established and to establish if such security programs manage cyber security measures
implemented for safeguarding an organization’s information or data. This is done
through regular tests and monitoring of information security programs annually or
quarterly helps to assess the number of attacks made to an organizations data.
Third party issues- Website’s play a major role while showcasing an organization’s
success. Therefore, they implement third party tools to make their websites’ more
interactive and user-friendly and offer smooth connectivity for user interaction. These
third-party tools help in generating revenue for an organization’s website. Therefore, an
organization has to undertake to ensure that all reasonable steps have been taken prior to
giving access to third party service providers and that such third-party service providers
apply the stringiest security measures.
Strong firewall- Firewall of a system is part of such system’s cyber security measure. A
firewall enables to protect a system from internet traffic and services it is exposed to.
These services are accessed by everyone who uses an internet. Therefore, firewalls
enable to control who gains access to an organization’s system like insider attacks which
may originate from within a network used by an organization. Antiviruses are for files
and firewalls are needed to protect from unauthorised access or usage of network. A
firewall simply helps to control Internet traffic that is generated by using a network for
work.
Antivirus protection- An antivirus protection can be gained in the form of antivirus
software. This software is a program designed to avoid, detect and deal with cyber security threats that an organization may face. The process of an antivirus is to run background scans on a system to detect and restrict unauthorized access in the forms of malware and to protect a system from vulnerabilities it may face. These solutions are extremely important for data security and must be installed on computer systems. These antivirus protections are available not only for laptops and computers but also for mobile devices and help to fight unwanted threats to files and data.
Back-up regularly- A data security is meant for protecting information stored on a
system from unauthorised access, destruction of such information and includes network
security. Therefore, to avoid loss of data, data should be regularly be stored and kept
somewhere safe where it cannot be accessed or violated by anyone. Further, the securing
of such data helps in preventing accidental modification to data, theft of data, breach of
confidentiality agreements and avoid release of data prior to its verification and
authentication.
I found one successful example of this truth through this blog. I am going to use such information now.
ReplyDeleteOrganic Dresses Online
I read your blog now share great information here.
ReplyDeletestorage near me
life-saving procedure replacing a failed kidney with a healthy one, offering hope and improved quality of life. kidney transplant
ReplyDelete