Security Plan Essay Example | Topics and Well Written Essays - 4250 words

Security Plan - Essay Example Hacking 6 Human Errors 7 Unauthorized Access 7 Information Destruction By Dissatisfied Employees 7 Electronic Threats To Organization’s Information Holdings 8 Organization’s Actual Threat For Information Holdings 9 Security Plan 9 Physical Countermeasures 10 Electronic Countermeasures 12 Human Countermeasures 15 Information Security Education And Awareness Program 16 Updating The Education And Awareness Program 18 Measures Used To Test The Efficacy Of Plan 19 Conclusion and Recommendations 20 References 21 Bibliography 24 Introduction With the rapid improvement in information system and exceptional development of internet, the information security has become a critical issue for every organization. Information is acknowledged as an important monetary asset for organizations, thus, it needs to be secured consequently. In present days, organizations are becoming greatly dependent on information system which clearly manages serious portion of organization’s fundamental activities. The role of technology has transformed from a validation tool to the center of main business (Aoufi, 2011). As the technology has improved, people have also become more aware regarding possible threats for information theft, cybercrime and other fraudulent activities. Thus, there is a need to strengthen the information security system in every organization by identifying and removing potential threats. ObjectivesObjectives The objective of this study is to identify and describe the risks of organizations information holdings with respect to physical, human and electronic threats. The study also illuminates a security plan for physical, human and electronic counter measures for reducing the information threats of a business organization situated in an Australian city. Besides, there is need for adequate education and awareness program for minimizing risks in the information system. A comprehensive information security education and awareness plan is developed in this paper which can help to enhance the information security. Scope The scope of information security is to support the safety, control and administration of organization’s valuable information. This study covers the areas such as known threats for organization’s security and several countermeasures which can help people to gain insight about maintaining strong information system in organization. Furthermore, the study describes the methods for developing education and training to employees for increasing knowledge and skill to avoid security problems. Physical Threat To Organization’s Information Holdings In this digital information age, physical threats can have significant impact on the information holdings of organizations. Thus, physical threats need adequate attention besides other cyber threats. The scope of physical threat is much inclusive compared to other threats in terms of financial loss. Physical threat can arise at any form and at any time. An organization can face the following physical threats for their information holdings (Bidgoli, 2006). Theft Theft is regarded as one of most common risks for organizations’ information holdings. Digital information can be physically stolen by people who come from security and Information Technology (IT) background. Outsiders might break or sneak into any organization’s network and steal information. Insiders also can enter into a part of organization for accessing information which they have no right to access or they may abuse access rights which are part of their tasks. Furthermore, physical assaults against rational security can simply be executed by experts (Lindstrom, 2003). Sabotage Sabotage is fairly similar to theft. Sabotage is intentional damage of information holdi