Information security identifies with offering security to the information systems against admittance, revelations to other parties, manipulations, adjustments, wiping out, review, registering, dislocation, and unlawful perusal (Bertran, 2009). Information security is committed to maintaining wholeness, privacy, and easy availability of information. Ethics dictates that confidential information must be accorded the necessary authenticity and privacy to avoid legal penalties. An organization or a business with employees of less than five hundred is considered small (Stamp, 2005).
Protecting business information is critical as protecting the business property, employees, and products (Porter, 2009). It has been noted that small businesses fail to take measures of dealing with information Technology threats and vulnerabilities. Larger businesses have invested in information security through budgets, human resources, and technology, this has made it difficult for hackers to penetrate their systems. Hackers have focused their efforts on small organizations and businesses with unsecured networks, information, and systems (Bertran, 2009). National Institute of Standards Technology (NIST), Federal Bureau of Investigation (FBI), and Small Business Administration (SBA) have been assisting businesses in the management of cybercrimes among other essentials.
Threats and Vulnerabilities
The common cybercrimes noted identifies with laptop thefts, denial of service, hacking, insider abuse, and computer viruses among other threats and vulnerabilities experienced by small businesses, as a consulting firm based in Washington D.C. with a strong emphasis on Information Security, Small business owners are encouraged to define the security needs, develop Information Technology security practices and stay updated on the current developments in the management of information (Kissel, 2009). It has been noted that cybercrimes in small organizations and businesses lead to lost money, privacy, and security, among other negative influences of disruptions that damage reputation. Cybercrimes are on the rise, several attributes encourage the vice based on the increased application of distributed computing, development of mobile computing, and growth of internet businesses (Stamp, 2005).
Confidentiality is a security term applied in prevention of information disclosure to systems and individuals who are unauthorized. Confidentiality is enhanced by encrypting data in the transmission processes. Breach of confidentiality occurs if a third party acquires private information (Porter, 2009). Integrity issues arise if data is unlawfully altered intentionally or unintentionally. In has a different meaning with the referential integrity in the databases. Integrity relates to Atomicity, Consistency, Isolation and Durability (ACID) that has the mandates of guaranteeing the privacy of the database transactions (Calder, 2006).
Availability identifies with accessibility. Research has shown that technologically advanced information systems have the capability of providing instant solutions that save on time and on efficiencies (Stamp, 2005). This translates that the computers systems, security controls and the communication channels must function excellently to produce the desired information in the right format. Availability calls for close measures in managing threats identifying with denial of service attacks. Non-repudiation identifies with meeting the declared terms and conditions. This means that all the parties involved must acknowledge transactions particulars. Non-repudiation is enhanced by public key encryption and digital signatures in making sure that authenticity is observed (Kissel, 2009).
Authenticity entails keeping the data, communications, transactions and documents in a genuine state. Parties involved in the business processes must be the original, to eliminate impersonification. Authorization is a function of the information security that specifies the rights of access to the resources in an organization or businesses. This is in most times defined as a policy and codes that approves and disapproves people accessing the resources. Risk management in the information security identifies with monitoring the vulnerabilities and threats involved in the system (Bertran, 2009). Research indicates that small organizations and small businesses must have countermeasures to control the risks. This is in enhancing productivity, effectiveness and costs.
Denial of Service (DoS)
Denial of Service (DoS) operates as blackmail to the internet sites. It has been noted that DoS has the capability of shutting down a business or organization off from the services of the internet (Stamp, 2005). The processes involved in managing DoS calls for network and business survivability and being a net citizen (Kissel, 2009). DoS is counterattacked by setting a technologically advanced detection mechanism on the website that note automatic intrusions. An insurance policy works best in the compensations. Reacting to DoS attack entails traffic limiting, filtering, blocking, enabling backups and re-connecting to Internet Service Provider (ISP). Effective management of DoS reduces the negative impacts and encourages sustainability, yielding high Return on Investments (ROI).
Effective protection measures on the information technology identifies with contractual and legislative requirements. This is critical in the achievement of a competitive advantage edge over the competitors, which significantly lowers the security incidences. It has been noted that effective information security optimizes the operations of small organizations and businesses (Calder, 2006). This is critical in the overall reduction of the running costs of the small organization and small businesses by setting the right investment, defining the need, enhancing correct security practices and staying on the correct platform.
Bertran, M. (2009). Computer Security Division, Computer Security Resource Center; Solutions for Small Busineses. Web.
Calder, A. (2006). A Business Guide to Information Security: Threats and Compliance. Web.
Kissel, R. (2009). Small Business Information Security: The Fundamentals. National Institute of Standards and Technology , 1-13.
Porter, J. (Director). (2009). National Institute of Standards and Technology, U.S Department of Commerce; Information Technology Security for Small Busineses [Motion Picture].
Stamp, M. (2005). Information Security : Principles and Practice. New York: Wiley-Interscience.