Today's economy is information driven and therefore information is an indispensable tool for the growth and good performance of every organization. The security of an organization's data is the responsibility of all the employees in the organization (Ortmeier, 2008). Information security in an organization entails the protection against social engineering attacks and the creation of an efficient incident response plan. Information security breach in an organization is most of the time caused by human error since most organizations have employees who do not have security knowledge hence do not follow security procedures (Ortmeier, 2008).
Personnel and information security carry out the following roles to mitigate the risk so as to ensure the organization's valuable assets are secure.
The personnel and information security should ensure prevention of loss of data and system integrity . This is just an act of preventing the improper modification of information which can lead to integrity loss (Ortmeier, 2008). The security should therefore prevent intentional or accidental system or data changes. The use of data or system that is short of integrity means that the system is operating with contaminated or corrupted data and this could result to inaccuracy, fraud or even decisions full of mistakes (Ortmeier, 2008).
The personnel and information security should also prevent the loss of availability of a mission-critical IT system as this can affect the mission of the organization (Ortmeier, 2008). The personnel and Information security should ensure information is protected from unauthorized disclosure which could lead to loss of public confidence in the organization leading to embarrassment as well as legal action against the organization. Such exposure can also lead to a risk to national security as well as exposure of privacy act data (Ortmeier, 2008).