I’d first like to define what is meant by information security and why it is important to all businesses.
Commerce is based on the exchange of either goods or services. Very few business transactions are strictly cash only and therefore the seller usually ends up receiving and storing information about customers.
Some examples of the type of stored customer data include name, postal address, email address and banking details. These details are enough to identify an individual, construct a fault identity or commit fraud against someone.
A business has to assure customers it uses information handling systems that provide the following:
• Confidentiality – personal data is kept securely
• Availability – the company is in operation when expected
• Integrity – claims coming from the company are genuine
Information Security provides businesses with the guidance and skill to fulfil these assurances. The methods used are not all technical. Increasing staff awareness and configuring applications to protect against unauthorised access can be very cost effective.
There are laws governing the protection of information and the correct use of computers. These laws apply to all businesses that collect, process and store information from customers. No business is too small to be exempt.
The Data Protection Act (DPA) is designed to protect the public from misuse of personal data and applies to all businesses that collect, process and store information that can identify a person. The basic principles state that information must be:
• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection
Information security is much more than the use of a firewall on a network. The entire system for handling data must be considered. Each point from the perimeter of the network to the data that resides in a file provides opportunity to defend the system from both internal and external threats.
Photo by jsprhrmsn : bcn