Risk & Security - Research Paper Example

Risk and Security Risk and Security Availability of secure and reliable information is very essential resource in the way organizations operate and manage its day-to-day activities. This is especially in management, planning, leadership, and power. Information systems provide support for decision-making processes, operation, and management. Properly managed information system obtains data, transmits, develops it, and securely stores it for use by the company. This avails information to support the managerial functions of the organizations (Davis & Olson, 1985).

Good information systems should be relevant to the organization’s main goals, up-to-date, accurate, and reliable to both the company and its clients, cost effective, detailed and can be used by everybody in the organization. Analysis and management of risks of information is fundamental as it guarantees proper functioning of processes concerning information. This process involves identification of vital assets and how they work. Thus, identification focus on what you want to protect against whom, how you intent to do it, and knowledge of the organizations operations is equally important.

Operation procedures and priorities of an organization are essential in identification of risks likely to affect the security of information. The procedure for risk identification is as follows; identify what you want to protect, to whom, define potential risks, which are likely to be involved, and finally ways of evaluating and monitoring the security of the company information and any challenges. Information security policy outlines the organization’s important assets and how to protect them.

It provides employees with acceptable codes of conduct in use of company information aimed at achieving security. The policy emphasize on sensitivity of information, application of passwords, potential security intrusion attempts, use of information sources like internet, and company emails (Ahituv, 1994). Computer desktop security; this is a way of enhancing information security of a company by introduction of passwords before operation of machines. The best way to do this is by having combined numerical and alphabetical figures.

This enhances the strength of the password against any harking by unauthorized users. Virus Protection; this is the information security that safeguards the information from malicious objects. This is achieved by scanning any removable devices before opening them on the computer. Sometimes it is advisable to automate the system for scanning any inserted removable devices (Imboden, 1980). Computer Software Installation; for the security of company information database, software installation should be forbidden, especially for those programmes that are likely to affect stability of systems and information security.

Some unnecessary programmes should only be installed after permission from relevant authority or department (Danchev, 2003). Encryption of documents in an organization, especially for shared documents should be consulted since some document users may not have knowhow on how to decrypt them. This is likely to prevent access to information and may result to incontinences. Computer Removable Media; these include devices that store information e.g. floppy disks, external hard disks, flash disks, and CDs as well as DVDs.

Most of them are potential carriers of malicious objects. Having mechanisms in place like updated antivirus and mandatory scanning will help in enhancing information security (Adobe, 2011). Machine maintenance; hardware and software maintenance are fundamental information management systems that companies must employ. The risks involved include breakage and failure. This is achieved through; engineering practices, cleaning and electrical safety. Thus, an MIS department ought to consider the measures above to ensure the security of information.

References Adobe. (2011). Adobe® digital enterprise platform document services overview. Retrieved from http://help.adobe.com/en_US/enterpriseplatform/10.0/Overview/adep_overview_ds.pdf Ahituv, N., Neumann, S., & Riley, H. N. (1994). Principles of information systems for management (4th ed.). Dubuque, IA: Wm. C. Brown Communications. Imboden, N. (1980). Managing information for rural development projects. Paris: Organization for Economic Co-operation and Development. Danchev, D. (2003).

Building and implementing a successful information security policy. Retrieved from http://www.windowsecurity.com/pages/security-policy.pdf