We live and conduct business in an active asymmetric threat environment. An individual, business or organization must adapt & protect its vital information assets & critical digital infrastructure. Failure to do so is reckless and may be considered as an obvious lack of due diligence for people who have fiduciary & custodial responsibilities.Any event that causes damage to information resources, whether it is a computer virus, natural disaster or system failure could be devastating to an individual (i.e. identity theft), company, its customers, suppliers and shareholders. Failing to do so may threaten the survival of the company itself.
An information system security breach could result in serious financial losses, the disclosure of protected private information, loss of research & development data or fines by regulatory agencies. Losses due to intrusions into an information system could negatively affect the general public (i.e. power failures). This might result in costly class action lawsuits that could exceed an organization’s ability to pay and result in its dissolution. Even an individual might be sued for negligence & be financially ruined.So how should an organization or person protect its valuable digital processing infrastructure? A business should establish and implement a comprehensive information assurance plan. Individuals should at least address the components of a professional information assurance plan. Doing so is evidence that the infrastructure owners are attempting to practice due diligence.An information assurance plan for an organization should be formalized & approved in the organization’s policies and have the following components: Confidentiality, Integrity, Availability, Accountability & Non-Repudiation.Article Source: http://EzineArticles.com/5064038
