Data Security and Responsibility of the User Essay

Data Security and business of the User - Essay ExampleHence, the human resources department be tasked to track solely head hunt and social engineering activities to steal the personal information ab break through the game designers and developers by the competition. In this context, the looseness companies implement stringent Information security policies similar to the ones defined for any softw atomic number 18 engineering company. Dayarathna (2009) presented tail fin types of unauthorized activities that bear be carried out in an organization that is immensely dependent upon computer systems and because completely their intellectual properties and data resides on computer systems. These activities are - access, use, destructions, alterations and disclosure. The protection of information against these unauthorized activities are carried out in three attributes requiring different controls - Confidentiality, Integrity and Availability. In my major, all the information asset s including personal records are identify and their requirements pertaining to Confidentiality, Integrity and Availability are assessed. Thereafter, the threats from unauthorized activities are assessed and the internal vulnerabilities are detected such(prenominal) that the jeopardize exposures can be determined. The asset based risk assessment methodology recommended by NIST is one of the almost suitable risk analysis methods applicable in computer systems industries like the gaming industry (Stoneburner and Goguen et al. 2002). The controls are applied as an integral part of the risk mitigation strategies once all the threats and corresponding risks to assets are assessed and documented. Identity management controls to protect personal records form an integral part of such controls. The records comprises of personal attributes, faculty member records and professional records of employees. Claub and Kohntopp (2001) argued that identity management requires multilaterally secured communication within an organization. Such a system requires that security concerns of all parties in a communication are protected and hence valid pseudonyms related to all parties subscribe to to be shared. If one of the parties is not able to share valid pseudonyms then the party is viewed to be an unauthorized participant in the communication channel. The companies having computer generated intellectual properties are very strict about such pseudonyms that are digitally coded in various access tools provided to valid employees. Moreover, all communication channels are secured using various controls like e-mails & attachment scrutiny (both in inbound as well as outbound), private e-mail sites blocked by a firewall, intrusion prevention systems deployed at the Internet gateways, hollo conversations are routed through trained operators smart enough to detect social engineering/head-hunting attempts, etc (Phua. 2009). Such mechanisms can help in protecting theft of pseudonyms rela ted to all employees such that their identity can be protected. Companies dependent upon computer generated intellectual property are highly concerned about protection of personnel office information that