Information security Essay

The secrets of an organization are protected from competitors. Vital information to a business is protected from competitors by establishing a strong system of internal controls. Protecting the information relating to the operations of a business reduces losses to the business. Poor information security practices can creates a lot of costs to the business through; data recovery costs, loss of competitive advantage, cost of investigations, and others. The business builds confidence among the stakeholders when it protects its information. The use of technology has increased many risks upon the protection of information of a business. Organizations provide their employees about the guidelines to be followed to protect the information of the business (Chan, Woon & Kankanhalli, n. d. ). Issues relating to information security Many businesses have trade secrets which need to be protected from their competitors. If the trade secrets are stolen, the business may incur losses in terms of competitive disadvantages in the marketplace. The increase in competition in the global business has increased the need to protect information which may be used to out-compete a business. The international law protects the copyrights of each business and gives the authors of original information the exclusive right to use the information. The long term survival of the business in the market depends on the ability to withhold confidential information. Growth and expansion strategies are based on the ability to protect confidential business information. The management should determine which information is important to them and place strict measures to protect it (Chan, Woon & Kankanhalli, n. d. ). The increase in the use of technology has resulted into exposure of internal information about a business to many risks. The computing technology has created information risks which force the management to introduce systems which ensure the protection of information. â€Å"In the recent years, organizations have increased spending on both physical and IT security technologies,† (Chan, Woon & Kankanhalli, n. d. , pp. 3). However, several security incidences continue to occur despite the implementation of the security technologies. The internal security issues are done by the employees when they have errors in their operations or they deliberately misuse the information of the organization. Most of the external threats an organization encounters are linked to the internal staff (College of Education n. d). To protect the information contained in the internet and computers, an organization should use passwords. The passwords should be known to the concerned individuals in the organization and should be changed regularly to ensure safety of the data. The information should be under the control of a responsible person and these individuals should be answerable to the management of the organization. Access to the confidential information should be allowed to a limited number of employees (College of Education. n. d. ). The management should educate its employees about security issues of the data they handle. Some employees may not have knowledge about the confidential information of an organization and they may expose it to competitors without knowing. The use of such information should be limited to the organizational activities and should be protected against competitors. Employees should be taught how to use the passwords to ensure information security. The emails of the company should be provided with strong passwords to ensure no hackers can access information (Tenby, 2002). The government has regulated some businesses and industries which have great influence to the nation by regulating the use of information. The regulations depend on the nature of the institution and its role in the economy. For example, financial institutions and healthcare companies have been regulated since their contribution to the economy affects many sectors. Laws are established to protect the interests of the organization and to ensure the business environment is conducted in a fair manner (McConnell & Banks). The Sarbanes-Oxley Act was established in 2002 to regulate the protection of businesses as well as improving corporate governance. The Act was introduced to prevent the misuse of corporate information by the professionals especially the auditors, accountants and the managers. The Sarbanes-Oxley Act of 2002 was created to address the high rate of failure by publicized businesses, restatement of financial statements and the corporate improprieties. The act requires the management to be responsible for ensuring adequate internal control measures are in operation within the organization. The auditors should report about the effectiveness of the internal controls during the annual audit reporting. The management should introduce internal controls which protect the information of the business as well as ensuring the professional activities are implemented successfully (McConnell & Banks). Conclusion Information security is of great importance to the business since it prevents competition from other businesses in the market as well as preventing the misuse of information by the employees. Technology has increased the risks associated with the use of information. A large number of frauds committed in the organization are initiated by the internal staff of the organization. The management should provide a system of accountability where the staff should be responsible for the information provided to them. The management should ensure the employees have adequate knowledge about protecting the information of the organization.