Logo en.artbmxmagazine.com

Information security, an option or an obligation?

Table of contents:

Anonim

Summary

Two decades ago, the only measures that entrepreneurs needed to take to protect their assets were taking care of their cash box, inventories, infrastructure, machinery and other assets.

Currently, for many companies the main asset is not really something tangible, they are not valuable structures or office buildings, but the information they handle.

When we talk about information, we almost always talk about Information Systems in the workplace. This is thanks to the fact that technology and computing have brought great tools for data processing, storage and information management.

Just as great and novel inventions have emerged, it is worth mentioning that there is always an opposition in all things. And it is where the malicious ideas, and wishes, of some, to steal or damage the information that does not belong to them arise. Hence the need to protect ourselves, and protect our business, our clients and the future of our company, thus guaranteeing the security of information.

Methodology

This article is the product of my own experience and that of others, in everything related to information security. In addition, references are made to recommendations from experienced companies whose observations have been of great value to this article.

The bibliographic sources used are: Official publications on the internet.

Text complete

In an informative article, the security company Kaspersky published that (the number of computer attacks carried out using malicious programs targeting financial data theft in 2013 grew by 27.6% to 28.4 million. The number of attacked users was 3.8 million and the growth in the year of 18.6%. And the number of users who encountered financial attacks carried out by malicious programs in 2013 was 6.2% of the total users attacked. In comparison with 2012 this index has grown by 1.3 percentage points.

Among financial malware, Bitcoin-related instruments were most actively developed, but the leading role is still played by theft of money from bank accounts, for example the Zeus malware.

These data show a growing trend, however this does not indicate that computer security companies are not doing their job, since these malicious entities can always be detected and eradicated, however the drawback is their constant evolution and persistence.

Karspesky's indicators also indicate that many of these attacks were not made with extensive knowledge of hacking, but using malicious software (malware) that a user can learn to use. This shows that there are people capable of using their programming knowledge to create harmful applications, tools of evil.

That is why there are recommendations that should be taken into account in a company, which should not be seen as optional, if what you want is to protect your business from internal and external attacks. The first thing is to have the appropriate personnel in the technology area, of which there must be a specialized computer security committee in the area.

These are the two environments that need to be protected in any company:

Individual Protection

  • Every process within the organization must keep an audit record that stores a log of who, when and where made a movement or transaction in the system. For this, software developers must ensure that in each INSERT made in a database table, there is also an INSERT in the audits table recording the name of the user, time, among other data. The computer equipment must be configured by profiles and roles, in the same way the systems that run on these computers, where only access is provided depending on the level of responsibility. This means that the receptionist does not have to have access to the TOAD (Database Manager), or the secretary of the marketing manager cannot have access to the financial statements of the company, among other examples.There must be a confidentiality agreement signed by each employee of the company, where it demonstrates acceptance according to the policies that exist in the company regarding the handling of confidential information. Information security personnel must have the ability to monitor or audit the teams periodically (in case they are people whose activities imply some sensitivity to the information, this does not mean that you should always be reviewing the teams of colleagues in the company as this creates unnecessary discomfort and distrust). To do this, you can work with the network manager, who must have the appropriate monitoring tools.where it demonstrates acceptance according to the policies that exist in the company regarding the handling of confidential information. IT security personnel must have the ability to monitor or audit the equipment periodically (in case they are people whose activities imply some sensitivity For information, this does not mean that you should always be checking the teams of your colleagues in the company as this creates unnecessary discomfort and distrust). To do this, you can work with the network manager, who must have the appropriate monitoring tools.where it demonstrates acceptance according to the policies that exist in the company regarding the handling of confidential information. IT security personnel must have the ability to monitor or audit the equipment periodically (in case they are people whose activities imply some sensitivity For information, this does not mean that you should always be checking the teams of your colleagues in the company as this creates unnecessary discomfort and distrust). To do this, you can work with the network manager, who must have the appropriate monitoring tools.Computer security personnel must have the ability to monitor or audit equipment periodically (in case they are people whose activities imply some sensitivity to the information, this does not mean that they should always be reviewing the equipment of colleagues in the company already that this creates unnecessary discomfort and mistrust). To do this, you can work with the network manager, who must have the appropriate monitoring tools.Computer security personnel must have the ability to monitor or audit equipment periodically (in case they are people whose activities imply some sensitivity to the information, this does not mean that they should always be reviewing the equipment of colleagues in the company already that this creates unnecessary discomfort and mistrust). To do this, you can work with the network manager, who must have the appropriate monitoring tools.

Corporate Protection

The first measure that every company must have in terms of computer security is a good corporate antivirus and a good firewall, the antivirus to detect malicious software (capable of deleting data, contaminating other computers, stealing information, etc.) and the firewall to prevent internet browsing (which is unavoidable in most organizations) from allowing access by crackers, computer spies, or viruses.

Information security personnel must be up-to-date in terms of day-to-day dangers, and must be able to maintain up-to-date security policies and make them known to employees throughout the organization. This can be done in a number of ways, including:

  • Computer security conferences within the company (quarterly) Informative emails with Tips (Recommendations) massively sent to all members of the company. Preparation of printed newsletters with information addressed to the members of the organization.

For a complete list of recommendations to keep your business equipment safe, visit Microsoft's site or read this recommended list of suggestions provided at the Polytechnic University of Madrid.

Companies specializing in technology, or those that handle essential information for their operations in computer systems, must take even more efficient measures and stricter controls, such as biometric security controls (iris readers, fingerprints, among others), strict policies information management (for example, the test department will not use or see real data, but test data), among others.

Conclusions

Faced with a world that grows in terms of technological advances and where technology is used both for good and for evil, it is our responsibility as a company to have the necessary preventive controls to avoid the intrusion of dangerous entities in our systems, and also avoid the misuse of it by our users.

Recommendation

Today there are countless sources of information that allow us to stay updated, and it is this update that will allow us to be prepared for the future. Let's be part of these changes in this century!

Reference sites used

  • Book Quote: Book of Mormon (2 Nephi 2:11)
Information security, an option or an obligation?
Technology

Editor's choice

Fundamental problems in the financing of higher education in the world

Fundamental problems in the financing of higher education in the world

Environmental problems, economic growth and technological advance. origin, current debate and consequences

Environmental problems, economic growth and technological advance. origin, current debate and consequences

Garbage collection problem in a municipality of Mexico. test

Garbage collection problem in a municipality of Mexico. test

The problem of urban transport in Venezuela

The problem of urban transport in Venezuela

Problems of adolescents in Mexico

Problems of adolescents in Mexico

National problems and presidential disapproval in Peru 2015

National problems and presidential disapproval in Peru 2015

© Copyright en.artbmxmagazine.com, 2024 October | About site | Contacts | Privacy policy.