Information Security

Information Security

Business organizations and individuals have become increasingly reliant on technology to conduct day-to-day functions. In organizations, information is one of the most important assets. As such, securing information becomes a major concern for organizational leaders. Certain weaknesses in information technology systems can increase the risk of unauthorized access to sensitive information. To protect against loss of sensitive information or data, organizations must adopt the practices of information security (Gibson, 2010). In general, information security refers to the various processes as well as tools that organizations can adopt to protect sensitive information from unauthorized individuals.

Business organizations must ensure that they implement information security to protect sensitive data. Failure to implement information security can lead to collapse of business organizations when threats occur leading to serious losses. Information security threats are always present in the environment. As such, it is the role of a business organization to implement appropriate protective measures in order to guarantee the survivability of a business. Threats can have different impacts to a business organization. Four possible impacts are high business costs, compromise of business assets, compromise of its functions, and reputational damage (Gibson, 2010).

High business costs may arise from implementing advanced information security systems. In addition, a business may experience high costs in trying to settle damages caused by sensitive data loss. For instance, a business may be forced to compensate customers who lose their money when their sensitive credit card data is stolen from its database. Compromise of an organization’s assets can lead to serious losses. One of the organization’s asset that faces a significant risk in the event of hacking is trade secrets or patented technology. Hacking can cause an organization to lose such valuable information thus reducing its competitiveness in the market since other businesses may copy its model. Compromise of an organization’s functions may involve disruption of the normal operations of the business (Gibson, 2010). For instance, the company may experience losses when sales agents are unable to interact with customers through the internet for businesses that sell via the internet.

A serious impact that an organization can face is reputational damage. For hacking events that lead to the loss of customer’s sensitive data, reputational damage is likely to arise. Customers may perceive a business as unable to safeguard their data properly and thus opt for rival business organizations. Since information is likely to travel quickly, a large number of customers could leave the affected organization thus leading to its collapse. Since the risks involved in compromised information technology systems are high, business organizations must take active steps to ensure they implement information security. This can help in minimizing the risk of backdoor threats, which essentially involves bypassing the normal security measures in place.

Hackers will normally utilize backdoors in getting access to unauthorized business information. This can involve the use of malwares that give them access to sensitive data. Once a malware is successfully installed, hackers can be able to modify and delete files, take control of the computer system, or to steal sensitive information. Another common way that hackers can gain access is by utilizing the human factor to gain access to an organization’s information system. For instance, some hackers may address emails to employees and trick them to open infected email attachments, hence giving them access to the information technology system.


Gibson, D. (2010). Managing risk in information systems, second edition. Burlington, MA: Jones            & Bartlett Learning.