Definition of Information System in Organisation
Information systems support organisations to achieve strategic competitive advantages over other organisations and assist senior management in the decision-making process. In addition, this help organisations in timely implementation of projects and effective risk management. A reliable and coherent information system requires a solid security framework that ensures Confidentiality, Integrity, Availability, Authenticity and Auditability of the critical information assets; therefore, managing security is essential for organisations doing business in a globally networked and competitive environment whilst seeking to achieve their objectives and goals and ensuring the continuity of business. Information Security Systems exist to setup a solid security framework and regulate the systematic way in which information technology can use relevant resources. They address all issues that relate to the initiation, implementation, maintenance and evaluation of a secure information system (Tipton, F. & Krause, M. 2008)
IT risks and security awareness
As a part of human nature, we take risks. We take the risk for business opportunities, for recreation or just for fun of it. The world is one where we take and we need to take business risks to make venture. Logically, we would expect the higher risks to be up on the radar, and lower risks to be in the background, but that is often not the case (Jordan and Silcock, 2005)
Many organizations find it difficult and costly to handle the information security in a proper way. The question is whether organizations are able to handle these challenges. The research problem is how to solve information security in organizations.
IT Security Awareness is the degree or extent to which every member of staff understands:
· the importance of IT security
· the levels of IT security appropriate to the organization
· their individual security responsibilities
User authentication
The process that determines whether the information given is authorized information in the database. If the credentials match, the user can continue to process further. User authentication is identified in the human-to-computer interactions other than the guest accounts. (Rouse 2015.)
Information Protection
An organization that has successfully conducted a risk analysis, established sound security policies and an information security management system has a solid foundation for creating a secure working environment. Enforced and implemented security policies direct the daily activities in an organization where roles and responsibilities are clearly understood. At this point, the board and executive management should demonstrate their commitment and provide tangible support to the other staff members and employees. (Burgess & Power 2008.)
Until two decades ago, information protection was an easy task since computer systems and information infrastructure were located behind closed doors with very limited access. Today, it is a complicated and ambiguous task. Information infrastructure comes in different forms from large supercomputers to handheld and portable devices. Other forms of information systems are cloud based storage systems which have taken computing and information processing to a new level and in turn raised the information security standards. (Greene 2014.)
· Intrusion observation
· Backup schedules
· Inspection of communication
· Anti-virus
· Firewalls
· Secrecy of information
· Secure remote access
· Data and network protection
Reference:
· Tipton, F. & Krause, M. 2008. Information Security Management Handbook, NW, Auerbach Publication.
· Jordan, Ernie & Luke Silcock, PA Consulting Group, Beating IT Risks, 2005
· Rouse, M. 2015. Essential guide to business continuity and disaster recovery plans. Available: http://searchsecurity.techtarget.com/definition/authentication. Accessed 25. April 2015.
· Burgess, Christopher & Richard, P. 2008. Secrets Stolen, Fortunes Lost. Burlington: Syngress Publishing, Inc.
· Greene, S. S. 2014. Security Program and Policies: Principles and Practices. Indiana: Pearson IT Certification.
Kris027
DefinitionofInformationSysteminOrganisation.docx
0
