INFORMATI

ON SECURITY

WWW.PENNEYCOMPU

TER.COM

P R O T E C T I NG Y

O U R I NT E R N A L A

N D EX T E R N A L

A S S E T S

- No matter how small or large your company is, it is important that you have a plan to secure your information assets.

WHAT IS INFORMATION SECURITY

- Information security, also referred to as InfoSec for short, is the practice of protecting information from unauthorized access. This also includes, preventing the unauthorized disclosure, use, modification, disruption, recording, and inspection of information.

DON’T WAIT… SECURE NOW - Data held on computer

systems are usually critical to the operations and overall business of an organization. However, it is common for some businesses to neglect security until their data assets become threatened or otherwise stolen.

IMPORTANCE OF INFOSEC - In business, it is not

uncommon for organizations to collect customer data. Sensitive company data or information assets are also stored internally. This is largely why it is important that organizations pay attention to information security.

- The purpose of information security is to preserve confidentiality, integrity, and availability. Let’s take a look at them quickly.

CONFIDENTIALITY

- This ensures that only those with the right to view your information have access to them. This will help protect your company from internal and external threats.

INTEGRITY

- This ensures that your data is reliable, accurate, and processed correctly. Accurate and reliable data will help your employees meet and/or exceed company expectations.

AVAILABILITY

- This ensures that data can be accessed whenever it is needed or when it is requested. Thus, improving overall efficiency.

TYPES OF INFORMATION SECURITY THREATS

- There are several information security threats and as IT systems become more advanced, it is crucial that we can clearly identify these threats so that we may stay safe.

In a 2013 TEDx presentation, Anish Bhimani, Managing Director and Chief Information Risk Officer of JP Morgan Chase, grouped potential security threats into two categories. These were disruption and fraud.

DISRUPTION   – This group consists of

“hacktivists” and people who may hate big businesses or individual companies. These people can cost an organization a lot of dollars. Some examples are service attacks, website defacements, email hacking and other disruptions.

FRAUD

- This group of people are more focused on stealing money and intellectual property. This includes identity theft, banking information theft, and other information that may lead to cash.

One recent event in regards to information theft is the email hacking of Colin Powell, former top diplomat to USA’s former president George W. Bush. According to the NY Times, Colin’s email was breached and leaked online. You may be able to imagine the potential damages that have occurred.

OWNING A CULTURE OF SECURITY AWARENESS

- Information security has to be part of the day to day thinking of your employees. It has to be thought of and seen as an important aspect of your organization’s success. Although, IT generally handles the technical aspects of security, your employees should also be made aware of the many risks that are out there.

To address potential information security risks within your organization, reach out to us at:

 Penney Computer Consultinginfo@penneycomputer.comhttp://www.penneycomputer.com

Thank you for your time.