Security Program Case Study Example | Topics and Well Written Essays - 1750 words

Security Program - Case Study ExampleThe organization under analysis is the New York worldly concern depository library. In this organization, security issues ar taken into account as the library gather and keep personal data of users and their personal information. The New York public library consists of several branches and departments it has regional branches and has more than 43,975,362 items. The library computerized its lending services in order to improve customer service and improve its routine work.The security course of instruction is aimed to protect users from unauthorized access to their information and protect library from attacks. Beyond that, however, all staff-especially those who deal with personal data regularly-need to be aware of what they are allowed to do, what they are not allowed to do, what security procedures they are expected to follow, and whom to ask if they are in any doubt. There must be policies spelling out what is expected, opportunities for staf f to subsist what those policies are and what procedures are required to implement them, and regular checks on whether the policies and procedures are being followed (Data Security and Protection 2008).The security program was implemented 5 years ago. It is supposed that the biggest risk to security is almost always staff. The damage they do can be deliberate-stealing information about people, such as business contacts they emergency to use for their own purposes, for example, or trashing the database out of frustration on being demoted. more(prenominal) often it is un-thinking or inadvertent-giving information over the telephone to someone who shouldnt get it, leaving confidential files on their kitchen table for a neighbour to see when they are working at home, or chatting in the canteen about a users borrowing habits where other people can overhear. Even with external threats, the accepted wisdom is that anyone trying to gain access is more likely to succeed by tricking staf f into giving away vital information than by hacking straight into computer (Data Security and Protection 2008). The first line of defense is therefore to attend that staff are aware of the possibilities and operate within a culture where information, and especially personal data, is handled carefully and responsibly. To support them, employees should take measures that make it as light-colored as possible for them to do the right thing. At the same time employees should not be over-anxious. Security measures must be appropriate to the threat, not cytosine% perfect every time. (Even government security agencies have been known to lose vital information held on laptop computers.) The kind of things the responsible person at the departmental level should be looking at include (Baschab et al 2007 The New York Public Library 2008). In the New York public library, one empyrean that often gives rise to concern is e-mail. Although the dangers can be exaggerated, it is important to be a ware that e-mail is inherently insecure. E-mails themselves may constitute personal data if the addressee is identifiable. More importantly, if e-mail is used for sending personal data to other people, some thought should be given as to whether it should be encrypted. A special direction is given to the information department of a charity. A new computer system is introduced for holding details of telephone enquiries, which