Information Security: Protecting Organizational Assets and Enabling Business Operations

Information Security: Protecting Organizational Assets and Enabling Business Operations

Purpose of Information Security

The reason that information security exists is to protect a company's or organization's valuable assets. Information security includes information or data, computer hardware, and software. The information security team, using the appropriate safeguards and applications contributes to the mission of the company or organization by protecting the physical and financial resources, reputation, legal position, employees and other assets (Peltier, 2013, p. xi).

Information Security as a Business Enabler

The information security program should is devised so that security is a business enabler for the organization. For information security to become an enabler, the company must explore and assess the information security risks to business operations. The business or organization must also identify what policies, standards, and controls are essential in implementing to reduce the security risks identified. Promoting awareness and understanding amongst the team members is also required. Once policies, standards, and controls are implemented the information security must access the compliance and control effectiveness of what is put and place and revise if needed (Peltier, 2013, p. xi).

Different Viewpoints of Information Security

Information security over time has is viewed from different viewpoints as Jacob (2015) discusses. Information security can be viewed as a concept, a function or a subject area.

Concept View

The concept view treats security as a set of related branches or activity. All the branches are equally depend on each other. The concept view is formed by layers or rings. The rings include physical, personnel, network, and computer security. After computer security is device, data, application, operation and database security (Jacobs, 2015-12-07, p. 2). These layers not intended to be in a hierarchy between each layer of security but is intended to portray that layered security is crucial to achieving an information security program that is economical and worthwhile (Jacobs, 2015-12-07, p. 2).

Functional View

Defining information security by functional areas is done by breaking information security in to categories or areas of risk avoidance, deterrence, prevention, detection and recovery (Jacobs, 2015, p. 5).

Subject Area View

Information viewed from the subject has be done using the Common Body of Knowledge (CBK) security domains developed by the International Information Systems Security Certifications Consortium, Inc. (ISC2). The CBK creates groupings or areas. Examples of CBK domains are access control, applications/systems development security; business continuity and disaster recovery planning; cryptography; information security and risk management; legal, regulations, compliance, and investigations; operations security; physical security; security architecture and models; and telecommunications and network security (Jacobs, 2015, p. 8).

The CIA Triad

The core views or tenets of security, commonly referred to as CIA. CIA stands for Confidentiality, Integrity, and availability. Confidentiality is a measure of privacy or confidentiality of data or information. Integrity ensures the data is dependable and correct. Availability involves the ability to team members, customers and other authorized users access to the information or data (Jacobs, 2015, p. 8).

Practical Application: Physical Security Training

Information security has different insights and views formed over the years as Jacob (2015) points out. Any viewpoint of information security, no matter if it is viewed as a concept, a function, and a subject area needs layers of security and people working together to protect the assets(s). Our workplace recently had physical security training. The company brought in experts in handling active shooter incidents. A.J. DeAndrea, a member of the Jefferson County SWAT Team in Colorado, a first responder, an expert in the field of active shooters who was at the Columbine High School shooting came in to explain the steps one should take in the unlikely event a shooter arrives in the building. The provide details on the steps one should take to get out of the building or how to protect one's self if they cannot make it out of the building before the active shooter reaches ones area in the building.

References

Jacobs, S. (2015). Engineering information security: The application of systems engineering concepts to achieve information assurance (2nd ed.). Hoboken, NJ: Wiley-IEEE Press.

Peltier, T. R. (2013). Information security fundamentals (2nd ed.). Boca Raton, FL: CRC Press.