Abstract
This chapter presents issues, trends, controversies and problems motivating organizations to establish information security policies or deter them from doing so. Its main thrust is to propose that organizations must take the issue of information security very seriously and provide solutions in their organizations. Information resources are a huge investment and the role information plays in any organization is no longer doubted. Increasing awareness of vulnerabilities to information resources is reason for information security policies. Policies provide opportunities to recognize the importance of procedures and mechanisms to enhance information security. Simultaneously avenues by which information may be compromised have increased many-fold. To counter the threats and risks and assure confidentiality, availability, accessibility, integrity, and authenticity of information, organizations draw up and set up information security policies.
TopBackground
Worldwide, information and communication technologies (ICTs) have sparked a revolution in human history due to the rate at which these technologies are proliferating. Developments in ICT are fast. Rate of diffusion is equally exceptional. Uses to which they are deployed are diverse, for instance space science, artificial intelligence, and human genome studies. Their applications, especially with the emergence of the Internet and World Wide Web, have led to tremendous access to information. Surrounding this silver lining is the dark side. Computers are also now used for the design, proliferation and exploitation of weapons of mass destruction, military aircraft, nuclear submarines, biologic and chemical weapons, and reconnaissance satellites and space stations (Bosworth & Jacobson, 2002) as much as they are used for peaceful managerial and business purposes. The rapid entry and expansion of computers in the global economy; increased use on almost every continent and developments in computer networks are some of the reasons that have aroused security concerns (Ministerstvo, 2002).
Key Terms in this Chapter
Integrity: The state of being dependable.
Policy: A statement of agreed positions or plan e.g. information security policy.
Information Security Policy: A comprehensive set of controls comprising best practices in information security. It is a plan or code of practice for information security management embracing the principles for initiating, implementing, maintaining and improving information security in an organization.
Information Security Threat: A person, organization, product, mechanism, or event that has potential to inflict harm on the organization’s resources.
Information Security: Describes the protection of computer and non-computer equipment, facilities, data and information from misuse by unauthorized parties.
Authenticity: The process of verifying that information or systems are genuine or true.
Confidentiality: The protection of data and information from disclosure to unauthorized persons.
Availability: Making the organization’s data and information accessible to all authorized persons.
Risk Management: The process of identifying and analyzing and proposing ways of mitigating risks.