An information security program can employ a number of practices to ensure that businesses are conducted in an effective manner on the Internet. An effective information program will ensure that a company protects its information. The information has a qualitative value and it must be protected to ensure that unauthorized individuals do not access confidential company information.
Various practices have been explained in the recommended Information Security Program Plan. A thorough explanation, however, could have been provided for personnel management and data security management to provide companies with a clear explanation of the benefits they could receive from implementing these practices.
The Personnel Management department shall plan, organize, integrate, compensate and motivate employees with the aim of contributing to the goals of a company and its employees. Personnel management is mainly concerned with the human resources of a company. It is part of general management and mainly focuses on promoting and motivating a competent workforce.
This is to ensure a full contribution and participation in ensuring the goals of a company are achieved within the required time frame. An effective personnel management team puts a strong emphasis on action instead of developing lengthy work plans and schedules that should be followed by employees. Problems experienced by employees within a company can be solved effectively through the development of rational policies of personnel management.
Personnel management entails the practices of hiring employees, developing them professionally, and assigning duties to them. An effective personnel management system will ensure that a company hires individuals with appropriate qualifications and skills that will enable them to perform competently. Personnel selected to work within the company will have the appropriate requirements that will ensure they are able to fulfill their responsibilities (Reddy, 2004).
Data security management is a practice of serious concern within companies as technology has become an integral part of the management of company records and data systems. Accessing data by unauthorized individuals jeopardizes the confidentiality of company information. A company must, therefore, have a significant financial investment in the development of new security programs. As companies continue to develop and implement advanced information management systems, data security management becomes a crucial practice in various companies (Alexander, French, Taylor, & Sutton, 2008).
Data security management shall enable the implementation of desirable measures within companies so as to eliminate the impacts of security threats. Desirable qualitative characteristics, such as preservation of data, integrity, confidentiality, and availability of services will be implemented. For data security management to be effective, it should be an integral component of the entire management of a company, reflecting its approach to risk management.
It should also be based on a common strategy and goal across all departments within a company. An effective data security management will ensure the integrity and confidentiality of data is maintained. It will also ensure that the accessibility of company information is protected and assured for the authorized users.
A data security management system has various benefits. It enables a company to protect its vital information. A company’s survival in the business environment depends on reliability, availability, and comprehensiveness of its organizational and financial information. The system will create fair access, and also provide back-up for each service available within a company. Implementation of an access security management system will eliminate concerns of many companies regarding protecting their information and applications from intruders.
Alexander, D, French, A, Taylor, A. & Sutton, D. (2008). Information Security Management Principles. Swindon: The Chartered Institute.
Reddy, R. J. (2004). Personnel Management. New Delhi: APH Publishing.