Today's economy is information driven and therefore information is an indispensable tool for the growth and good performance of every organization. The security of an organization's data is the responsibility of all the employees in the organization (Ortmeier, 2008). Information security in an organization entails the protection against social engineering attacks and the creation of an efficient incident response plan. Information security breach in an organization is most of the time caused by human error since most organizations have employees who do not have security knowledge hence do not follow security procedures (Ortmeier, 2008).
The Personnel and Information Security Risks
Personnel and information security carry out the following roles to mitigate the risk so as to ensure the organization's valuable assets are secure.
- Risk assumption: here, the management accepts the potential risk and uses the appropriate controls to reduce the risk to an harmless level (Ortmeier, 2008).
- Risk avoidance: here, the risk is avoided by doing away with the cause and consequence. This involves either a decision to avoid certain functions of the system or even shutting down the system to safeguard it from the potential risk.
- Risk limitation: this involves the implementation of the appropriate controls to the effect that the negative impacts of the threat are minimized.
- Risk planning: this is an act of managing the risk by coming up with a risk mitigation plan. This plan prioritizes implements as well as maintains controls.
- Research and acknowledgement: this involves an appreciation of the risk involved and a subsequent research for controls that can correct it (Ortmeier, 2008).
- Finally, risk transference: here, the risk is transferred through the use of other options to offset the loss which may be insurance purchase.
The Personnel and Information Security
The personnel and information security should ensure prevention of loss of data and system integrity . This is just an act of preventing the improper modification of information which can lead to integrity loss (Ortmeier, 2008). The security should therefore prevent intentional or accidental system or data changes. The use of data or system that is short of integrity means that the system is operating with contaminated or corrupted data and this could result to inaccuracy, fraud or even decisions full of mistakes (Ortmeier, 2008).
The personnel and information security should also prevent the loss of availability of a mission-critical IT system as this can affect the mission of the organization (Ortmeier, 2008). The personnel and Information security should ensure information is protected from unauthorized disclosure which could lead to loss of public confidence in the organization leading to embarrassment as well as legal action against the organization. Such exposure can also lead to a risk to national security as well as exposure of privacy act data (Ortmeier, 2008).