Information Security

Information Security

Name:

Institution:

Information Security

Modern organizations and especially in thriving economies such as the United Arab Emirates have become highly reliant on interconnected and automated systems to execute core functions. This has resulted in enhanced efficiencies, business effectiveness, customer satisfaction, and competitive advantage. On the other hand, there are numerous challenges posed by fraud, computer intrusions, and disruptions from criminals and hackers from any remote locations around the world. In essence, information security plays a critical role in the protection of assets of an organization. It is important top note that there are no perfect strategies, which can provide guaranteed safety. This illustrates the for constant appraisals and benchmarking of systems as a means of ensuring adequacy in information security and controls coupled by efficient usage of resources and adoption of best practices (Blyth, & Kovacich, 2006).

Question 1

Some of the primary information security concerns for a majority of organizations include hacking and malicious software. These are a few amongst the many security issues affecting a majority of organizations in United Arab Emirates and around the world. The two threats, hacking and malicious software are significant issues that have negatively affected the security and reliability of information security techniques in application by organizations around the world. The emergence of new technologies, techniques, and general advancements of information technology provide new challenges to modern organizations in terms of ensuring the security of their assets and information (Blyth, & Kovacich, 2006).

Hacking represents one of the most prevalent threats to information security in modern organizations, government agencies, and personal information. Organizations and governments are becoming primary targets for hackers because centralized functions are easy targets. Centralized functions are easy targets because they hold confidential information, which can be used for varied reasons by hackers. In addition, the failure by organizations and governmental agencies to deploy formal security programs is a primary factor towards hacking incidences in the country. Formal security programs such as threat intelligence activities are integral for modern entities towards assessment and management of risks.

Question 2

The primary role of the government is to monitor and control information security through regulations and policies. The government plays a critical role in providing modern organizations with appropriate platforms for airing their concerns because of malicious actions and inadvertent errors. Through active monitoring governments can be able to identify potential or existing threats to information security for organizations and governmental agencies as well. The government is also tasked with conducting risk assessment as part of risk management activities in relation to its information technology and security infrastructure with the sole aim of protecting intellectual property of its citizens, security information, and assets held by organizations (Northouse, & Computer Ethics Institute, 2006).

The government should ensure that standards and procedures are adhered to in regard to enhancing information security. This is only achieved by ensuring that organizations and agencies that provide critical services and information to the public adhere to set out laws, regulations, and policies in relation information security. Furthermore, the government is also tasked with ensuring that the public is provided with adequate information through public awareness programs on the inherent risks or threats to information security. Such awareness programs also extend to enterprises and corporations, which should be made aware of evolving threats and appropriate standards that should be observed in ensuring conformity to information security protocols. However, the private entities should ensure that they adhere to set standards, policies, laws and regulations in ensuring information security for asset protection and more so for client confidentiality (Northouse, & Computer Ethics Institute, 2006).

Question 3

Information security is a significant management problem for modern organizations governments and their respective agencies. Information security is a management issue because breach of security and loss of information result in business inefficiencies, poor business processes and possible loss of client trust and loyalty. It is an important issue for managers in modern entities given that information security demands the need for collaborated, coordinated, and planned efforts by staff through management to ensure information security. In addition, risk assessment and management are also integral aspects for modern organizations towards enhancing the security of their assets and information. Management is able to ensure that resources are aligned within an organization in response to risks or threats identified that may pose a security challenge to assets or confidential information of the organization agency or its customers (Axelrod, Bayuk, & Schutzer, 2009).

Question 4

Laws and ethics of information security are different from one another because the latter refers to implied codes of conduct whereas laws are standards and regulations punishable by governments. Ethical and moral standards in relation to information security refer to the implied conduct of employees or individuals in an organization or country in relation to their cyber activities, which may compromise values of an organization, or country. On the other hand, laws are established to control cyber activity in relation to information security as a means of ensuring safety of assets, lives, and welfare of individuals in an organization or country. Contravening laws is a punishable offence given that it may result in jeopardized security of a country, its people, security agencies, health, and welfare of the people.

References

Axelrod, C. W., Bayuk, J. L., & Schutzer, D. (2009). Enterprise information security and privacy. Boston: Artech House.

Blyth, A., & Kovacich, G. L. (2006). Information assurance: Security in the information environment. London: Springer.

Brotby, W. K. (2009). Information security governance: A practical development and implementation approach. Hoboken, N.J: John Wiley & Sons.

Northouse, C., & Computer Ethics Institute. (2006). Protecting what matters: Technology, security, and liberty since 9/11. Washington, D.C: Computer Ethics Institute.

Tipton, H. F., & Krause, M. (2005). Information security management handbook. London: Taylor & Francis e-Library.