1 .What is
Information Security?
Information security is the process of protecting the
availability, privacy, and integrity of data.
2. Why Information
Security is important?
In today's high technology
environment, organisations are becoming more and more dependent on their
information systems. The public is increasingly concerned about the proper use
of information, particularly personal data. The threats to information systems
from cyber criminals are increasing. Many organisations will identify information
as an area of their operation that needs to be protected as part of their
system of internal control. It is, vital to be worried about Information
security because much of the value of a business is concentrated in the value
of its information.
3. What is data
breach?
A data breach is an incident in
which sensitive, protected or confidential data has potentially been viewed,
stolen or used by an individual unauthorized to do so. The most common concept
of a data breach is an attacker hacking into a corporate network to steal
sensitive data.
4. What is data
breach means to organisation?
A data leak, may lead to a
business loss. An organisation may lose their edge against their competitors.
Potential hacking of corporate network may affect business continuity of the
organisation.
5. What are the
different ways to secure information?
Install proper anti-virus
software into the corporate network. Installation of Unified Threat Management
(UTM) is highly recommended. Strong Information Technology (IT) policy is
highly appreciated. Periodically change passwords wherever applicable. Encrypt
and Decrypt the data as applicable. Regular system audit may help to know about
the security of the data.
6. Are there any
guidelines available?
Yes, there are guidelines available. Follow the guidelines
mentioned in ISO:27001 for better governance, risk and compliance.
7. Who is responsible
for information security in an organisation?
The ownership varies depend upon
the size of organisation. Normally in a big organisation, it is the
responsibility of chief information security officer (CISO) and in small
organisation it is the responsibility of System Administrator or Network
Administrator.