Information Security Both a Management and Technical Challenge
Essay by people • June 3, 2012 • Essay • 423 Words (2 Pages) • 1,761 Views
Essay Preview: Information Security Both a Management and Technical Challenge
Information Security Both A Management and Technical Challenge
Introduction
Information security should be at the forefront of any organization, due to the severe repercussions that are apparent when security of data is ignored. Investment in security measures should be ongoing making certain that measures are being taken to protect their most sensitive information.
Surveys that were taken by Unisphere shows that less than 30 percent of the organizations surveyed are not encrypting personal identifiable information in their database (Retrieved from http://www.zdnet.com/blog/service-oriented/information-security-both-a-management-and-technical-challenge/5850?tag=search-results-rivers;item3). Two out of five company's states that their organization allows live production data to be given to development teams and outside parties, much of this data is unprotected, some of this data contains very sensitive information that should be confidential. Many companies do not have the parameters in place to prevent privileged data users from reading or tampering with Human Resources (HR), Financial or other application data that is stored in their database. Database administrators and other IT personnel are not the only people who can compromise data security from the inside. Many individuals who are computer savvy can use desktop tools to gain unauthorized access to sensitive data in the database.
A staggering 64 percent of companies surveyed states they do not monitor database activity, some only do it when they are made aware of a possible risk, many are unsure how long it would take them to detect and correct unauthorized changes to their database (2010 IOUG Data Security Survey). The greatest risk that any company faces is that of a disgruntled employee who has access to database information, because there is no way to detect it before serious damage has occurred. I believe this article provides support to the fact that when there are not parameters in place to prevent unauthorized access to database sensitive information, this makes us all vulnerable to risk that can be both dangerous and costly.
Conclusion
The threat to our data base infrastructure is alarming, because of the lack of measures that should be in place to protect sensitive personal information that is located in the database of most companies. No one can quickly identify how long the breach has been undetected or to what extent damage has been done. It should be a matter of standard practice to monitor unauthorized access by anyone to database sensitive information, and those who have authorized access should also be monitored and the areas of their search should be documented as well. A criterion should be in place to determine what information is available, and who is allowed to view that information.
...
...