Itm 431 Module 1 How to Achieve Business Information Security in Cyberspace
In the 21st century, a business without a network mirrors a city with no roads. Small businesses, in particular, arguably have a greater need for network connections and information systems. Small businesses rely on information systems for several things, to include their communication and customer database.
Small businesses rely on network connectivity for communications. With the advancement in Voice Over Internet Protocol (VOIP), many businesses are using the internet to save on phone costs. Additionally, it is common for a business to have an in-house communications system. Take some installations in the Air Force for example; they use an Instant Messaging (IM) service for member-member contact. Many times, it is easier to reach someone through IM or social networking. However, these commodities present their own challenges about IT security. However, that is not all that needs protection. In fact, in a more broad view, communication is viewed as a small bite.
When a business sells its product/s online, it is at distinct advantage over mom and pop stores because they have to collect certain data to complete the transaction; shipping, credit card, billing, and personally identifiable information (PII). (Bradley, 2010) This system is located on a network accessible to employees in order to conduct business. Companies are not only morally obligated to protect customers’ information; it’s the law. The May 2002 Financial Information Safeguards Rule requires businesses to develop a written information security plan that describes, among other things, the specific ways their employees should protect consumer information. The plan must be appropriate to the business's size and complexity, the nature and scope of its activities, and the sensitivity of the information its employees encounter, and must be regularly monitored. (Federal Trade Commission, 2002) The company must consider all areas of its operation, including three that are particularly important to
Small businesses rely on network connectivity for communications. With the advancement in Voice Over Internet Protocol (VOIP), many businesses are using the internet to save on phone costs. Additionally, it is common for a business to have an in-house communications system. Take some installations in the Air Force for example; they use an Instant Messaging (IM) service for member-member contact. Many times, it is easier to reach someone through IM or social networking. However, these commodities present their own challenges about IT security. However, that is not all that needs protection. In fact, in a more broad view, communication is viewed as a small bite.
When a business sells its product/s online, it is at distinct advantage over mom and pop stores because they have to collect certain data to complete the transaction; shipping, credit card, billing, and personally identifiable information (PII). (Bradley, 2010) This system is located on a network accessible to employees in order to conduct business. Companies are not only morally obligated to protect customers’ information; it’s the law. The May 2002 Financial Information Safeguards Rule requires businesses to develop a written information security plan that describes, among other things, the specific ways their employees should protect consumer information. The plan must be appropriate to the business's size and complexity, the nature and scope of its activities, and the sensitivity of the information its employees encounter, and must be regularly monitored. (Federal Trade Commission, 2002) The company must consider all areas of its operation, including three that are particularly important to
References: Bradley, H. (2010, April 21). Customer Databases as Marketing Tools. Retrieved November 20, 2012, from Small Business Computing: http://www.smallbusinesscomputing.com/emarketing/article.php/3877761/Customer-Databases-as-Marketing-Tools.htm Federal Trade Commission. (2002, October 17). FTC Offers Guidance on How to Protect Customer Information. Retrieved November 20, 2012, from Federal Trade Commission: http://www.ftc.gov/opa/2002/10/safeguard.shtm Indiana University. (2012, August 21). Knowledge Base. Retrieved November 20, 2012, from University Information Technology Services: http://kb.iu.edu/data/aoru.html Kessler, G. C. (1996, January). Passwords - Strengths and Weaknesses. Retrieved November 20, 2012, from garykessler.net: http://www.garykessler.net/library/password.html Natarajan, R. (2008, June 8). The Ultimate Guide For Creating Strong Passwords. Retrieved November 20, 2012, from The Geek Stuff: http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/ Schulman, A. (2012). Top 10 Database Attacks. Retrieved November 20, 2012, from The Chartered Institute for IT: http://www.bcs.org/content/ConWebDoc/8852