Information is considered lifeblood of a successful and
profitable business and employees of the organization work as veins to pass
this information through. Confidentiality, Availability and Integrity of
information are then directly related with employee’s behavior towards information.
Most companies think information security is a technical issue and do not
consider involvement of employees in ensuring continuous security of the
information. Organizations may have components of information security awareness
program but without proper management of the needed resources, they will not be
able to complete it properly and continue to be successful. Identifying and
bringing together all available components to develop an effective information
security awareness program can be a difficult and overwhelming task.
Information Security is the protection of information in
opposition to fault, disclosure and manipulation.
In Software Development Companies in India, It is commonly
accepted that the majority of the security violations are due to human
interaction rather than technology fault. Yet, companies depend and grant a lot
of consideration to technology and usually forget participation of human beings
in the system. Usually organizations use best of the best products and
technology for the protection of information and infrastructure. They ignore
human’s contribution and role in securing organization assets. Actually
companies make this mistake and relate information security with the products
and technology although it is a process which needs human interaction and
involvement. There is no such thing as 100% security but we try to maximize its
level through an awareness program and human involvement in the process.
A simple definition of the three security pillars is as
follows. If anyone of them is missing then it’s a flaw and is against the
information security measures.
Confidentiality: It means only authorized people can see
information e.g. you are the only one authorized to see your bank statement.
Integrity: It ensures that information has not been changed
either in transit or while in storage. It means only authorized people can
change the information e.g. you can see bank statement but not authorized to
change it according to your wishes.
Availability: It means information is available when and
where it is needed e.g. you can get money from ATM machine when you want to buy
things.
Information Security Awareness is user’s education and
awareness to handle information security threats and minimize their impact.
Awareness program basically focuses attention on information security issues
like confidentiality, integrity and availability. It highlights the importance
of these factors, their role in business and finally concentrates on how to
behave with them in a confident way.
“Awareness is not training. The purpose of awareness
presentations is simply to focus attention on security. Awareness presentations
are intended to allow individuals to recognize IT security concerns and respond
accordingly.”
Information Security awareness is a method used to educate
people in the IT Industries in India. It highlights the importance of
information, threats to that information and staff’s contribution in
implementing policies and procedures for the protection of information.
Awareness program is an attempt to change the behavior of employees towards
systems and processes in the organization. It teaches what needs to be
protected, against whom and how.
This is really an awesome article. Thank you for sharing this.It is worth reading for everyone. Halal Certification Kuwait
ReplyDelete