Privacy

Confidentiality is ensuring that information is accessible only to those authorized to have access, regardless of where the information is stored or how it is accessed. Each employee within an organization has the responsibility to maintain the confidentiality of the information entrusted to him for the performance of his work and this responsibility must be reinforced through awareness. An awareness training program should address, at a minimum, the following confidentiality issues to ensure that an acceptable level of awareness is imparted to employees of the organization.

has. Access control

Access control is any mechanism used to control which resources a user can access and the tasks that can be performed with the accessed resources. Passwords and biometrics are two access control methods that can be used individually or in combination to limit access to resources.

b. passwords

Passwords and their safekeeping are a fundamental element of system and network security and are of great interest to hackers. An intruder in the physical area of ​​the organization can look under keyboards and in drawers to find passwords that have been written down and then use them to gain access to private information. Password protection can be augmented with additional security measures such as smart cards and biometric identification systems. Employees should be instructed on password creation and handling best practices.

against Biometrics

Biometric technology can identify people based on the physical characteristics of parts of the human body. The main biometric technologies in use are retina scanning, facial recognition, voice recognition, and fingerprint scanning. A user requesting access submits a sample and it is checked against a database to find a match for access permissions. Biometric information is difficult to duplicate and, when used in conjunction with other access methods such as passwords and badges, creates a very strong defense against unauthorized access to organizational resources.

d. encryption

Encryption is any process that converts readable data (plain text) into secret code (cipher text) to prevent unauthorized disclosure of information. It can be used in Internet transactions, email and wireless networks. An encryption algorithm is a mathematical procedure that encodes information so that it is unreadable by unauthorized third parties. Encryption has become the foundation for protecting networks, communications systems, and online transactions. Employees should use encryption whenever possible to ensure security.

me. Privacy

Privacy is the prevention of confidential or personal information from being viewed by unauthorized third parties and the control over its collection, use and distribution. The terms privacy and confidentiality can be used interchangeably. Maintaining privacy is essential to prevent unauthorized disclosure that can lead to identity theft or other problems.

F. Ethics

Employees should be given clear instructions, through policy, about what the organization considers to be acceptable behavior and should also be informed of the processes in place for raising ethical concerns and disclosing unethical activity.

data integrity

Data integrity is defined as safeguarding the accuracy and integrity of information and processing methods from intentional, unauthorized, or accidental changes. Maintaining data integrity is essential to the privacy, security, and reliability of business data. Data integrity can be compromised by malicious users, hackers, software bugs, computer virus infections, hardware component failure, and human error when entering or transferring data. Mitigation of data integrity risks can enable rapid data recovery. Employees can mitigate risk through regular data backups and secure off-site storage of backup media, integrity monitoring tools, and encryption.

has. Configuration management

Change or configuration management is a process for introducing changes to an information technology environment. Changes to an environment can introduce new vulnerabilities, and through the configuration management process, changes can be implemented in a documented, systematic, monitored, and reversible manner. Formalized configuration management processes must be implemented by organizations and followed by employees.

b. Audit Settings

Configuration auditing involves verifying that only approved changes have been made to systems. The audit also verifies that employees follow configuration management procedures and that all configurations are documented. Auditing to actively monitor systems and record changes for reconciliation with configuration management documentation can be done manually or automated with the use of specialized systems.

Availability

Availability ensures that authorized users have access to information and associated assets when needed. This can be achieved using data backup plans, disaster recovery plans, and business continuity/recovery plans. Employees must be trained on their responsibilities when it comes to data backup, disaster recovery, and business continuity.

has. Data backup plan

Data backups are an essential part of information security and an organization must be able to restore data in the event of data corruption or hardware failure. Backups should be done regularly, and the frequency depends on the amount of data an organization is willing to lose in the event of a loss (recovery point objective). Backup media should be stored in a secure location, possibly off-site, that is not exposed to the same hazards as the primary data. Backups should also be periodically restored to test systems to ensure that the process works correctly and within the specified time frame (Recovery Time Objective) before the need for the backup actually arises.

b. Disaster Recovery Plan (DRP)

A DRP is a plan used to recover quickly after a disaster with minimal impact to the organization. DR planning should be part of the initial stage of IT systems implementation. DR plans are developed in response to risk assessments and are designed to mitigate those risks. Risk assessments determine the frequency and scope of potential disasters; this will allow an organization to decide which technologies to implement to achieve an appropriate level of recovery. External audits can be valuable in uncovering deficiencies, although an organization’s DRP can never be fully tested until a disaster actually occurs.

against Business Continuity Plan or Business Resumption Plan

The business continuity plan (BCP), sometimes called the business resumption plan (BRP), is an essential part of a disaster recovery plan. This is a plan that details, step by step, how to quickly continue or resume normal business after a disaster strikes in a methodical manner. The BCP must also identify the employees responsible for implementing the various components of the plan, and these employees must be given clear instructions about their responsibilities in the event of a disaster. The plan should be reviewed regularly to ensure that any changes to business processes are reflected in the BCP.