Information Management and Security

Look at today's typical office (as shown below) that is open unlike in the past where individual manager's office can be locked anytime the manager is leaving the office because it is physically separated.

In today's office one workstation simply demacated with dividers from the other could simply be a source of problem when it comes to information management and security.

Imagine an intruder gaining access to the open office shown below. Could you imagine its possible impact? In fact, it could be very disastrous. The only solution is a proper management of information security within and outside the office environment.

The all important question on the lips of information security professionals has always been, how best can we protect information assets in view of its values?

How important is information asset?

Hardly will a week pass without seeing at least a story in the newspaper/TV/magazines about identity theft, loss of social security numbers, privacy violation, compromising confidentiality of information, terrorist attack, laptop theft, defaced web site, virus infections, system failure or data corruption, fraud, misuse of information systems, or one security breach or the other.

There is no entity that spends and understands information management and security like the government of nations. Government at national and international levels understand what information management and security is all about.

They now take adequate care to protect their state from espionage activities of enemies, enforcing compliance with privacy laws while companies are now aware of the danger of not protecting the information of the company e.g trade secret and that of third parties in their possession.

The history of information management is as old as man, i.e from the early ages up to the biblical days where God gave Moses the tablet of the law and all the other epistles that were later recorded on scrolls.

The advent of writing and paper gave a new dimension to information management. The advent of computer (mainframe) marked another stage of information management in the 60’s/70’s. Today, we have the computer, telecommunication, internet and other similar technologies which have all contributed to information dissemination.

How best can we manage information to avoid all the problems listed above?

It is important to state here that there is no best single way to protect your information asset other than adopting a “Defence-in-depth” approach that is, adopting multiple layers of defence that have to be circumvented before gaining access to internal or personal information assets and resources. This has been the position of Information Security practitioners and not until a new technology is invented where a single technology will take care of all known and unknown problems, this will continue to be adopted as the best practice until a new method is found.

Basic measures to protect the security of information asset on any computer:

1) The physical security of the computer must be properly secured from unauthorised access

2) The application security must be in place and

3) Also, the infrastructural security must be in place. These are the infrastucture supporting applications and programs.

To achieve these, these are some of the things that must be put in place:

i) Good security policy which must be enforced

For more information on this, click here to go to Information Security Policy

ii) Install a good firewall

iii) Install a good intrusion detection system

iv) Install a good antivirus software and spyware remover

v) Conduct regular Information Security Awareness training

vi) Update yourself with latest vulnerabilities in hardware and software use and update patches as soon as they are released.