Today, many organizations throughout the world tap into the benefits of cost reduction and enhanced performance offered by information technology. Digital information can be stored, shared and retrieved from any place at any time over internetworked computers and the cloud computer application. However, information technology (IT) poses a threat to organizations’ security through incessant risks of data security infringements. In this paper, I outline some of the risks associated with information technology, how they relate to business risks the rationale behind using ‘locked down’ IT environments to mitigate the risks.
One IT-related security risk that faces IT specialists and business managers is the risk physical damage. IT systems may break down or even be damaged by fire or water. When fire damages the hardware of the IT device, the data is often lost in the process. Other IT security risks include disaster recovery, E-espionage and issues concerning data handling and integrity.
These IT risks are also related to business risks as the IT systems contain sensitive company data and their failure, mishandling or destruction is definitely likely to affect business operations. There are three major areas of IT security risks. The first area concerns networking and connectivity platform. The connectivity risks include email spam, malicious software, viruses, fraud, IP spoofing and identity theft. The other area of IT security concern revolves around data. Security risks involving data include data obliteration, alteration of information, processing the wrong files, disclosure of information, and interruption of services. The third area of IT security risk relates to environmental factors such as power outages, fire and water disasters, and viruses (Schwalbe, 2010).
The dependence of businesses of information technology means that all these risks pose further risks to the business if security assessments and measures are not explored. Schwalbe (2010) explores the preparation levels of businesses for risks related to IT. He asserts that companies are armed with up-to-date security defense mechanisms like data encryption to safeguard data from manipulation. Other protection mechanisms include the secure socket layer protocol that is useful in encoding transmissions and the biometric control system that monitor authorization.
As an employee or a professional, it is important to observe ethical standards when handling data that relate to clients, managers, or other employees of the organization. The right to privacy regarding personal information must be observed. For instance, it is grossly unethical for a nurse to access and disclose a patient’s health record devoid of the patient’s request and authorization. Other ethical issues around data include not using a person’s intellectual property without their authority or without explicitly recognizing their contribution to the body of knowledge and fraud.
Many companies that rely extensively on computers and digital equipment prefer to use a ‘locked down’ IT environment that ensures the security of data and sensitive business information (Vellani, 2006). The problem with a ‘locked down’ IT environment is that updating software and system applications is not an easy task and requires the authority of a manager or a person with administrative rights. A ‘locked down’ system is also often expensive to establish and manage and lacks comfort for the users since they are unable to make changes and access some applications. In implementing a ‘locked down’ IT environment, an organization has to weigh between business security and practicability, ease of use and cost. IT professional need to consult company executives who understand the implications of implementing a ‘locked down’ environment on the business.
When end users are denied administrator privileges, they cannot alter system functions and applications that can undermine the system and probably lead to increased cost of IT support. Moreover ‘locked down’ systems are less vulnerable to malware and data manipulation by unauthorized persons. In general, ‘locked down’ IT environments afford organizations better control of their IT functions and this can bring about consistency and considerable endpoint security.
References
Schwalbe, K. (2010). Information technology project management, revised. USA: Cengage Learning,
Vellani, K. (2006). Strategic security management: A risk assessment guide for decision makers. Burlington, MA: Butterworth-Heinemann.
