Навигация
3. Security policy
The lack of security may lead to various consequences and problems, such as loss revenue, lowered market value, legal liability, lowered employee productivity and higher operational costs
Information security is understood as security of the information and an infrastructure supporting it from any casual or ill-intentioned influences which result drawing of a damage of the information, to its owners or a supporting infrastructure can be.
Information security problems are reduced to damage minimization, and also to forecasting and prevention of such influences.
Only the understanding of all spectrum of threats will allow to construct the effective safety system.
It is necessary to give particular attention to e-mail protection as harmful programs often dispatch themselves of nothing to suspecting users.
Necessarily it is necessary to put an antivirus on the corporate server of e-mail. The companies should develop correctly an anti-virus complex in scales of the network, and than to support its working capacity. Only last versions of anti-virus products are capable to protect users from modern virus threats reliably. To support the protection up to the mark it is required as it is possible to update anti-virus bases is more often. At the enterprise it usually isn't a problem – correctly adjusted anti-virus decision will download and establish updatings in an automatic mode.
The updating of the product is very important. There are new anti-virus modules with each new version, small defects, and at times and errors, in old modules are corrected. That is even more important, in new versions the technologies essentially raising efficiency of struggle against new kinds of cyberinfections are realized. Thus, only last versions of anti-virus products are capable to protect users from modern virus threats reliably.
For information safety, a necessary condition is the equipment of premises in which there are system elements (carriers of figures, servers, archives and etc.), fire-prevention gages, appointment responsible for fire-prevention safety and presence of fire extinguishing means.
Observance of all these rules will allow to reduce to a minimum threat of loss of the information from a fire.
The described modes of maintenance of information security of the company are effective enough to secure the company against set of threats of information security both from the outside, and from within. Though there are also other modes, like total shadowing employees, their efficiency much more low and doesn't get under a category of simple means. Besides, it is not necessary to forget that information security maintenance shouldn't harm to activity of the enterprise or create hindrances for work of employees, after all finally any business processes of the enterprise should be directed on primary activity maintenance, instead of auxiliary services.
The information in the company should be divided into some levels of access. The employee should get access only to those data which are necessary for it for work. The principle of the minimum powers should operate both for electronic, and for other data. It is necessary confirm the list of the most critical information carried to the category confidential, employees should to be acquainted with it under a list. Access to the confidential information is possible only after entering of the employee into the corresponding list confirmed by a management.
Conclusion
Rapid development of information technology has also the negative aspect: it has opened road for new forms of antisocial and criminal activity which were impossible earlier. Computer systems comprise new unique possibilities for fulfillment before unknown offenses, and also for fulfillment of traditional crimes, however, more effective modes.
Threats of safety of information field induce to working out of a complex of the actions directed on drop of risk of occurrence of an emergency situation. For this purpose it is necessary to define first of all set of threats with reference to a concrete segment of information field and an admissible risk level of their realization and to estimate expenses for localization and liquidation of consequences.
The problems connected with increase of safety of information systems, are difficult, multiplane and interconnected. It demands constant, indefatigable attention from the state and a society. Development of information technology induces to the constant appendix of joint efforts on perfection of methods and the means allowing authentically to estimate threat to safety of information sphere and adequately to react to them.
As standard model of safety often result model from three categories:
• Confidentiality – an information condition at which access to it is carried out only by the subjects having on it the right;
• Integrity – avoidance of unapproved version of the information;
• Availability – avoidance of time or constant concealment of the information from the users who have received access rights.
Modern anti-virus technologies allow to reveal almost all already known virus programs through comparison of a code of a suspicious file with the samples stored in anti-virus base. Besides, technologies of modeling of the behavior are developed, allowing to find out again created virus programs. Found out objects can be exposed to treatment, be isolated (to be located in quarantine) or to leave. Protection against viruses can be established on workstations, file and post servers, the gateway screens working under almost any from widespread operating systems, on processors of various types.
From all aforesaid it is possible to draw safely a conclusion that necessity of protection of the information at present costs on the first place. If correctly to choose the anti-virus software, regularly to update it, and to observe all necessary security measures it is possible to avoid loss, damage of the valuable information and accordingly all consequences.
Bibliography
risk threat confidential damage
1. LAUDON, K.C., LAUDON, J.P. 2006. Management information systems: managing the digital firm. 9th edn. New Jersey: Pearson Education Ltd.
2. McGEE, J.V., PRUSAK, L., PYBURN, P. 1993. Managing information strategically. The Ernst & Young information management series.
3. GGORDON, B. DAVIS, GORDON BITTER DAVIS. The Blackwell encyclopedic dictionary of management information. Oxford: Blackwell Publisher Inc.
4. BERQUIST, K., BERQUIST, A. 1996. Managing Information highways: the prism book. Dublin: Springer
Похожие работы
... OF GEORGIA JSC – Valuation (Refer to Annex 1) Valuation Limits True Value (GEL mln.) True Value/Market Cap. Low 50.8 3.3 High 68.6 4.4 4.3 Human-Resource Development in the Private Sector 4.3.1 Business Schools/Universities European School of Management (ESM). Data Sheet. European School of Management ESM-Tbilisi 40, Vazha ...
... of control and supervision in the field of customs and the functions of a currency control agent and special functions of contraband control, abatement of other crimes and administrative violations. The Federal Customs Service (FCS) is under the jurisdiction of the Ministry of Economic Development and Trade of the Russian Federation. The FCS in its activity is guided by the Constitution of the ...
... on trucks and utility vehicles, while the automobile industries in other countries may focus on sport cars or compact vehicles. Greater specialization allows producers to take full advantage of economies of scale. Manufacturers can build large factories geared toward production of specialized inventories, rather than spending extra resources on factory equipment needed to produce a wide variety ...
... метод доступа с передачей полномочия. Охарактеризовать метод множественного доступа с разделением частоты. Какие существуют варианты использования множественного доступа с разделением во времени? Лекция 5.ЛВС и компоненты ЛВС Компьютерная сеть состоит из трех основных аппаратных компонент и двух программных, которые должны работать согласованно. Для корректной работы устройств в сети их нужно ...
0 комментариев