Joseph Doss
Forum Replies Created
-
Posts
-
Information security is a incredibly important key in modern day business, data leakage, unauthorized access, data loss could be devastating to a company, or its reputation.This is why it is important to have certain controls or systems in place to minimize such issues. Policies could be put in place to dictate who has access to what and what actions will be taken if that role is broken. Maintenance should also be considered to aid in data integrity, as well as systems like RAOIDS to preserve backups.
Risk management is important, especially for large enterprises where uptime means everything. The longer an asset is down the more it cost the company (speaking computers and servers) there is also risks to not only physical devices and the data within, but non physical “assets” such as reputation or consumer trust. It is important for a company to figure the value of an asset to determine how much time/energy/money should be dedicated to protecting each asset. Also taking into account the likelihood or frequency of damage/loss/downtime of each asset. A company does not to place more money or time into protecting an asset than its value, and should also avoid putting to much in protecting a asset that would likely cause little issue, so determining that Information and building a plan (and sticking to it) is very important. However, some assets are difficult to place values such as reputation and customer trust as mentioned earlier.
It’s encouraging to know that you do not need to be wise or strong to get God’s favor, as the verse suggest its the other way around. But that doesn’t necessarily mean that those who are wise or strong lose his favor.
They all involve access to information. Authentication techniques such as passwords/passphrases/SSO etc. all are methods of gaining access to information. Authentication can be something you know (passwords), something you have (key/card), or something you are (fingerprint, face ID). Access control monitoring is a method of keeping track of who is accessing data and if they should have access or not. Systems such as IDS and IPS can detect breaches and alert system admins of the intrusions.
Information security management is key to a successful company for several reasons. for example: Expectations, customers have expectations on what a company delivers (Like in the case of a bank they expect to have their money safe and have access to it when and where they need it) If a system were to go down or be compromised, the company would fail to meet that expectation. Another example could be the company’s internal Human resources, HR needs access to employee information and they need to be able to document Information that should not be made available to others if a system were to be attacked that information could get out. It is important for companies to make and keep to policies that encourage or require good IT practices like strong passwords and need-to-know policies.
Risk management is important because, risk can harm/damage reputation, finances, assets, or even individuals. Managing risks is a bit of a balancing act as you must determine what an asset etc is worth and how much it will cost to lessen or eliminate that risk as well as determine its overall impact on the business. You must also consider the likelihood of an event occurring in order to justify the change or investment to fight the risk.
