Think HR Think CHRM
Tuesday - 15 Oct 2019

CHRMGlobal.com on LinkedIn
Username : Password: Forgot Password?
Updates
Updates
Data Security Challenges
Archive

The term data security is used interchangeably with the terms information security and data privacy. Data security deals with the availability, integrity and confidentiality of data. When information as well as the controls used to secure it is available for use, data is said to be available. When the available information is not prone to modification or deletion without proper authorization the integrity of the data is said to be maintained. Information is confidential if it can be used only by those who are authorized to use it.

Risk management is the most important component of data security. According to the CISA Review Manual 2006, “Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.” There are three major kinds of control used to counter risk to data security. Procedures, policies, standards and guidelines are known as administrative controls. When data and software is used to control access to information, it is known as logical control. When physical entities are used to guard the information systems and the work environment, it is known as physical control.

Some of the most common security myths are: most damage is caused by hackers; data can be made completely secure through encryption; and, data can be made secure by using firewalls. In fact, about 80% damage is caused by insiders, encryption must be supported by integrity, availability and control, and 40% of data damage occurs even when a firewall is present. The most prevalent data security risks are data tampering, data theft, eavesdropping, false user identities, threats related to passwords, unauthorized access to information, and complex management requirements.

There are four aspects to the safe handling of data security challenges: security planning, incident response plans, change management and disaster recovery planning. The security planning stage involves creating the reporting structure and strategic plan, risk assessment, budgeting, establishment of policies and standards, and training. Incident response plans are comprised of selection of team members and delegation of roles and responsibilities. Change management involves direction and control of modifications made to the information systems. Change may be requested and then approved, or it may be planned, approved, tested, scheduled, communicated, and then implemented and documented. This change must be followed-up from time-to-time. Disaster recovery planning is comprised of preparation of back-up, identification of stakeholders and prioritization of business functions and assets.

Data security is an important component of businesses as breach of security may lead to a lost client or even bankruptcy. The challenges must be assessed and weighed before preparing plans to deal with them.

All the fields are compulsory.
Your Name
Comment
 
Code
 
Related Articles
Corporate Social Responsi
HR Challenges in IT Indus
Hiring Challenges for mid
Challenges for human reso
Compensation and Benefits
 
Related Discussion
Salary Survey Data
Information Security Poli
Practice for Information
Termination on grounds of
HR challenges related to
 
Events
Poll
 
  Culture, Mission, Values, Ethics
  Compensation & Benefits
  Job Profile
  Opportunity for Career Development