Information Security White Paper
Information security in a business environment is critical for keeping businesses safe from threats while keeping associated risks are relatively under control. This is true in any business environment, no matter how large or small. Every business relies on certain types of information and businesses processes in order to reach its objectives. Information security ensures that systems – and the content that makes up those systems – remain unchanged, available, and confidential for stakeholders. At its most basic, information security is about ensuring that a business will be able to function properly. This might include ensuring the ability to operate various applications or ensure data confidentiality for customers. It might also be the simple ability to use the Internet properly to communicate. But during a time when the access of everyone to Internet communication has exploded – through the use of mobile devices, e-commerce and phone connectivity – implementing information security has become a critical component of daily operations in any business environment.
Every business must approach information security in terms of costs and impacts. The business need for security describes the cost-effectiveness of security measures, which may not always be apparent in the short run (Guel, 2007). For example, a business implementing malware protection may do so without ever experiencing an external penetration or even knowing if this strategy is cost-effective for the business. However, the risk of catastrophic data loss can undermine the value of the business to long-time loyal customers. It can also render a reliable infrastructure obsolete, regardless of how technically advanced that infrastructure is. For these reasons cost analyses must take into consideration the potential for loss and how injurious that can be to business processes (Stamm, Sterne & Markham, 2010). Loss can include disruption of...