Introduction to Information Security Awareness

Information is considered lifeblood of a successful and profitable business and employees of the organization work as veins to pass this information through. Confidentiality, Availability and Integrity of information are then directly related with employee’s behavior towards information. Most companies think information security is a technical issue and do not consider involvement of employees in ensuring continuous security of the information. Organizations may have components of information security awareness program but without proper management of the needed resources, they will not be able to complete it properly and continue to be successful. Identifying and bringing together all available components to develop an effective information security awareness program can be a difficult and overwhelming task.

Information Security is the protection of information in opposition to fault, disclosure and manipulation.

In Software Development Companies in India, It is commonly accepted that the majority of the security violations are due to human interaction rather than technology fault. Yet, companies depend and grant a lot of consideration to technology and usually forget participation of human beings in the system. Usually organizations use best of the best products and technology for the protection of information and infrastructure. They ignore human’s contribution and role in securing organization assets. Actually companies make this mistake and relate information security with the products and technology although it is a process which needs human interaction and involvement. There is no such thing as 100% security but we try to maximize its level through an awareness program and human involvement in the process.

A simple definition of the three security pillars is as follows. If anyone of them is missing then it’s a flaw and is against the information security measures.

Confidentiality: It means only authorized people can see information e.g. you are the only one authorized to see your bank statement.

Integrity: It ensures that information has not been changed either in transit or while in storage. It means only authorized people can change the information e.g. you can see bank statement but not authorized to change it according to your wishes.

Availability: It means information is available when and where it is needed e.g. you can get money from ATM machine when you want to buy things.

Information Security Awareness is user’s education and awareness to handle information security threats and minimize their impact. Awareness program basically focuses attention on information security issues like confidentiality, integrity and availability. It highlights the importance of these factors, their role in business and finally concentrates on how to behave with them in a confident way.

“Awareness is not training. The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly.”

Information Security awareness is a method used to educate people in the IT Industries in India. It highlights the importance of information, threats to that information and staff’s contribution in implementing policies and procedures for the protection of information. Awareness program is an attempt to change the behavior of employees towards systems and processes in the organization. It teaches what needs to be protected, against whom and how.