Information Security Small Businesses Research Paper

Information Security Small Businesses - Research Paper Example Therefore, the protection of information and data should be prioritized as one of the foremost steps in every organization, whether small or large. Identity theft and credit card frauds are aggravating crimes that are witnessed due to criminal acts of data thefts. Organizations around the world tend to suffer such thefts that jeopardize their reputation, and often face lawsuits from their clients. One such incident was witnessed last year with Sony PlayStation when their PlayStation network in the British division faced data theft. The Guardian (2011) reported that around 77 million users’ data was stolen. The stolen information included names, addresses, date of births, passwords and credit card numbers. The data thefts of such nature are likely to cause credit card frauds and bank frauds while attempting identity thefts. The online games service had to remain shut down for a week since they did not want the incident to recur before appropriate measures were taken to combat t he attack. Richmond Williams (2011) stated that such an enormous attack was likely to damage the reputation of Sony and threaten its capability to compete with other giant competitors such as Apple, Google, etc. It is also vital to ensure that information security measures are updated regularly to stop any intruder from taking advantage of any obsolete protection software (which is often noticed in small organizations). Alongside financial losses and reputation damages, ineffective information security measures are also likely to instigate legal actions and investigations against organizations. With reference to the example under discussion, a lawsuit was filed against Sony for not providing enough security to the data of their customers. The customers wanted compensation from Sony for the damages caused by the data theft at Sony. Jones (2011) stated that the respective company was likely to face as much as ?500,000 of fine for not being able to protect their customer’s sensi tive information. With the comprehension of the consequences of not implementing effective security measures, it is also important to understand the different types of vulnerabilities that exist in organizations. Confidentiality of data implies the safe keeping of data against any revelation without the approval of the owner of the information. The revelation of data might not be intentional by the organization; however, the data flow that is implemented for the transfer of the data might involve some unreliable third parties that might take advantage of such exposure of data. Data integrity implies that no change or corruption should happen to the data; such corruption and changes are likely to occur if effective information access procedures are not implemented. Availability of data refers to the presence of data and service upon the need of the customer and employees; cyber attacks on an organization can make an online service go offline or delete important data by adopting diffe rent types of intrusions and virus attacks etc. Authenticity and non-repudiation are interrelated concepts that involve the proof of identity of the interacting parties. Authenticity implies that the interacting