Security when it come to an organization mainly deals with the valuable information that may be disclosed, misused, hacked, and wiped out. The security thus involves technology, processes, people and data. (Wallace, 2015) Organizations should be able to reduce this risk beforehand by setting up systems and protocols at place to identify threats, assess vulnerabilities and implement control. These have been discussed briefly below.
Identifying Threats
Threats in an organization can be both internal and external in nature. External threats are out of control such as natural calamities, war, fire, power failure, competition etc. On the other hand internal threats are more serious in nature as it involves individuals involved inside the organization who can misuse information, delete valuable data, leak out confidential information, sabotage, hack etc. One leading cause of inside threat results from unsatisfied employees.
One of the major damage to an organization is the leakage of confidential information. It is next to impossible to stop a disgruntled employee from spreading information to outside competitors so it is important to understand if an employee is disgruntled in the first place and understand the extent of the damage that can happen.
Access Vulnerability
The first step to access vulnerability is to understand the type of risks that could sprout. Based on these risks it is important to undertake its risk assessment to ascertain how well prepared the protocols are and how well it is implemented. (Wallace, 2015) Protocols and policies in my organization such as child protection policy, confidential policy, code of conduct etc are some standards that have been laid out to protect the organization from internal harm from such situations. Similarly policies for securing information of the organization needs to be assessed as there are no such policies.
Implementing Control
Protocols and policies must be refreshed and oriented to staffs and management alike from time to time. It is important to understand the value of information breach, sabotage of information in the organization from angry employees. Mechanisms to control and limit these employees access to delicate and confidential information should be planned.
One of the widely used technology is the email and so it is right to prepare control mechanisms to safeguard information through email. "The newly launched Internal Email Protect service can address these threats by enabling customers to detect and remediate security threats that originate from their internal email system. This could include emails from the unassuming compromised insider, thecareless employee inadvertently sending files and/or a malicious employee who wants to do harm to the company. (Channel, 2017)”
Another way to control threat is to hit it before it arises. "Organizations must address at least three critical areas in order to create a healthy work environment that stimulates productivity. Companies must hire the right people, reduce excessive pressures, and help employees better cope with stress. (Kamery, 2004)”
It is very important to address threats that are internal in nature as these are more dangerous and are risks that can be mitigated. External risks are also important. Fire, earthquake, flood, competitors are some external threats that also need to be looked into and standards maintained for such unforeseen situations.
References
Channel, N. O. (2017, February 13). Mimecast Combats Rise of Internal Email Threats with Industry-First Purpose-Built Cloud Security Service: 99% of Organizations Surveyed Impacted by Internal Email Threats. NASDAQ OMX’s News Release Distribution Channel; New York .
Kamery, R. H. (2004). ANGER, STRESS, AND VIOLENCE IN THE WORKPLACE: MANAGING EMPLOYEE INTERNAL THREATS. Allied Academies International Conference. Academy of Legal, Ethical and Regulatory Issues. Proceedings , 127-132.
Wallace, P. (2015). Information System in Action. In P. Wallace, Introduction to Information System (pp. 4-9). New Jersey: Pearson Education, Inc.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where students share, stay up-to-date, learn and grow.
Security when it come to an organization mainly deals with the valuable information that may be disclosed, misused, hacked, and wiped out. The security thus involves technology, processes, people and data. (Wallace, 2015) Organizations should be able to reduce this risk beforehand by setting up systems and protocols at place to identify threats, assess vulnerabilities and implement control. These have been discussed briefly below.
Identifying Threats
Threats in an organization can be both internal and external in nature. External threats are out of control such as natural calamities, war, fire, power failure, competition etc. On the other hand internal threats are more serious in nature as it involves individuals involved inside the organization who can misuse information, delete valuable data, leak out confidential information, sabotage, hack etc. One leading cause of inside threat results from unsatisfied employees.
One of the major damage to an organization is the leakage of confidential information. It is next to impossible to stop a disgruntled employee from spreading information to outside competitors so it is important to understand if an employee is disgruntled in the first place and understand the extent of the damage that can happen.
Access Vulnerability
The first step to access vulnerability is to understand the type of risks that could sprout. Based on these risks it is important to undertake its risk assessment to ascertain how well prepared the protocols are and how well it is implemented. (Wallace, 2015) Protocols and policies in my organization such as child protection policy, confidential policy, code of conduct etc are some standards that have been laid out to protect the organization from internal harm from such situations. Similarly policies for securing information of the organization needs to be assessed as there are no such policies.
Implementing Control
Protocols and policies must be refreshed and oriented to staffs and management alike from time to time. It is important to understand the value of information breach, sabotage of information in the organization from angry employees. Mechanisms to control and limit these employees access to delicate and confidential information should be planned.
One of the widely used technology is the email and so it is right to prepare control mechanisms to safeguard information through email. "The newly launched Internal Email Protect service can address these threats by enabling customers to detect and remediate security threats that originate from their internal email system. This could include emails from the unassuming compromised insider, thecareless employee inadvertently sending files and/or a malicious employee who wants to do harm to the company. (Channel, 2017)”
Another way to control threat is to hit it before it arises. "Organizations must address at least three critical areas in order to create a healthy work environment that stimulates productivity. Companies must hire the right people, reduce excessive pressures, and help employees better cope with stress. (Kamery, 2004)”
It is very important to address threats that are internal in nature as these are more dangerous and are risks that can be mitigated. External risks are also important. Fire, earthquake, flood, competitors are some external threats that also need to be looked into and standards maintained for such unforeseen situations.
References
Channel, N. O. (2017, February 13). Mimecast Combats Rise of Internal Email Threats with Industry-First Purpose-Built Cloud Security Service: 99% of Organizations Surveyed Impacted by Internal Email Threats. NASDAQ OMX’s News Release Distribution Channel; New York .
Kamery, R. H. (2004). ANGER, STRESS, AND VIOLENCE IN THE WORKPLACE: MANAGING EMPLOYEE INTERNAL THREATS. Allied Academies International Conference. Academy of Legal, Ethical and Regulatory Issues. Proceedings , 127-132.
Wallace, P. (2015). Information System in Action. In P. Wallace, Introduction to Information System (pp. 4-9). New Jersey: Pearson Education, Inc.