The necessity for information assurance
Information as any other organizational asset needs to be safeguarded against destruction, manipulation or exploitation by the firm’s competitors or criminals. The process of information assurance is aimed at addressing these particular threats (Blyth & Kovacich, 4).
The information can be the key to the company’s competitive advantage, its excellent operational performance, technological secrets and so forth. Besides, one has to remember about such confidential data as bank accounts, emails, telephone numbers, or addresses. These data cannot be made accessible to the outsider or any other person who can use it for criminal purposes. The company I would like to refer to is SABIC (Saudi Basic Industries Corporation); it manufactures plastics, metals, chemicals, and fertilizers (SABIC, unpaged). The information that is of the greatest value to this company is the data about manufacturing processes, financial and operational performance, and the information about their investors. Thus, the importance of information assurance should not be underestimated because information can be one of the most valuable assets of the company. Overall, the process of information assurance consists of several elements such as classification of informational assets, identification and evaluation of various threats, search for hypothetical vulnerabilities of the protection system, and development of strategies. These are the key components of this process.
Risk management and information assurance
In order to map out effective information assurance strategies, one should identify and assess possible threats, the organization is exposed to. The main goal is to estimate their impact and probability. The most common threats are as follows: 1) unauthorized intrusion into the website; 2) leakage of information that occurs mostly due to the carelessness of employees; 3) physical destruction of data. It is very difficult to evaluate these risks in terms of their impact but as it may depend upon the type of organization, its size and structure. These problems can be caused by cyber attacks, piggy-backing, impersonation, virus attack, lack of security measures, etc (Blyth & Kovacich, 14). By identifying and estimating these threats, the company can single out the weaknesses of their security system and close loopholes that can be used by the intruders.
The company’s policies, relevant to information assurance
There are several policies of the companies that can affect the process of information assurance.
The first one is organizational policy. In this case, we need to speak primarily about workplace hierarchy and accessibility of the information. The management of leading companies spends much time determining what kind of information should be made available to various employees, and how they should get access to it. In flat organizations, the employees have more or less equal access to the information, whereas in bureaucratic organizations, the level of access depends upon the status of the employee (Information Resources Management Association, 761). In flat organizations the risk of security breach is generally much higher. This is an example of how organizational policies may impact information assurance. Technological policies are also crucial for this process.
For example, the security officer has to determine what kind of technologies the company is using and whether they are vulnerable to such threats as cyber attacks, power cuts, or viruses. Finally, the term management policy includes several elements; one of them is the relations between the executive officers and their subordinates. For instance, managers, who adopt autocratic style, usually avoid sharing information with the employees. This minimizes the security risk, but leads to other problems such as lack of initiative. In turn, the managers, preferring democratic style, may share certain data with his/her subordinates, but this also increases the possibility of a security threat.
Blyth Andrew & Kovacich Gerald. Information assurance: security in the information environment.
London: Springer Science & Business. 2006. Print. Information Resources Management Association. International Conference, Mehdi Khosrowpour.
Challenges of information technology management in the 21st century: 2000 Information Resources Management Association International Conference. NY: Idea Group Inc. 2000 Print. Saudi Basic Industries Corporation. The Official Website. 2010.
Available at: http://www.sabic.com/ Those, which have few levels of workplace hierarchy