Information is a very important resource which must be protected to ensure trust between those who use the resources and those who own them. Protection is closely linked to security risk assessment. The first task in determining security risks is to review the data resources of the organization such as: application programs stored in the computer system of the organization, stored data, reports, product design and specification, proposals, work plans, financial documents, databases and other files. The purpose of the survey is to organize the resources in order to help them know about the resources and their scope. It is necessary to determine the right owners of the various assets and motivate them to take responsibility for determining the importance and significance of the assets.
Various ministries, departments, directorates, and agencies are working to implement e-governance. Its purpose is to develop and facilitate government work and increase the capacity of the government. To do this, the data needs to be digitized and all digitized information needs to be processed and stored in such a way that the data is not lost or misused. In recent times, Bangladesh has been attacked by web defamation, data crashes, data theft, distributed denial of service etc. due to various reasons including lack of information security procedures, weak and unmanaged security control system, management by low skilled staff and lack of specialized knowledge and skills. There are no adequate preventive, investigative and administrative security measures in place to protect digitalized government information resources against these attacks. Therefore, it is essential to formulate proper security policies and implementation strategies to prevent unauthorized intrusion into digitalized government information resources.
An information security policy is an authoritative list of management guidelines detailing the proper use and management of computer and network resources to protect against any unauthorized disclosure, alteration or loss stored or processed in information management Resources. Data protection is essential to establish and maintain trust between governments, citizens and institutions. Information security is a process associated with a company’s manpower and technology through which that organization provides for the protection and security of its information. Information security policies help determine policy and control strategies to protect information from attacks or threats or misuse or damage or unauthorized access.
Information, like other important assets of an organization, is an asset that is essential to the activities of the organization and which is properly protected. In the broadest sense, information refers to the basis on which an organization conducts its activities. Reliable information enhances the organization’s capacity to help make better decisions. The government stores information that is important for administrative, political, commercial or personal reasons. One of the responsibilities and legal obligations of the government is to protect this information from unauthorized or sudden changes, damage / loss or unwanted disclosure. Ethics is also involved in the proper use of information. There can be different forms of information such as – authentic documents and papers, electronic data, information systems (software, hardware and networks) through which information is stored, processed and exchanged, the intellectual information (knowledge or ideas) of the person, physical materials from which ideas related to the design, or use of information can be found and images, audio or video clips.
Information’s must be classified to determine who will have access to them. Once the information resources are properly identified and properly classified and their scope is determined, the next step will be to determine who will have access to the information. There are many types of resources such as database and data file agreement, system documentation with process, research data, usage rules, training materials, management or support methods, continuity planning of activities, implementation of special measures in case of difficulties, audit statement and ultimately stored information, application software, system software, system development tools and other emergency facilities, computer equipment, communication equipment, portable promotional equipment and other equipment, accounting and communication services, manpower, their qualifications, skills and experience and non-material resources such as the reputation and image of the organization.
A data protector is a person employed by a data proprietor who will protect information by following the maintenance and control measures introduced by the proprietor. If he needs to provide information to others, he will be responsible for it. The protector completes the regular backup and data acceptance verification activities in the manner prescribed by the data owner and will also be responsible for saving the data in various ways from the backup and imposing controls on access to the data. Each resource will be the responsibility of a protector. The protector is ultimately responsible for the security of the information resources. That is why he has to make sure that all the responsibilities are being fulfilled properly.
The issue of information security is an essential part of the continuity of day-to-day activities and other management processes of the organization. It includes risk identification and mitigation. At the same time, this process will ensure general risk assessment, minimizing the harmful effects of incidents, and ensuring the availability of information necessary for day-to-day activities. The various steps in planning for the continuity of day-to-day activities are incorporating information security into the management process, continuity of activities and risk assessment, development and implementation of plan including information security, activity plan instructions and activity plan testing, error removal and correction.
(Mr. Arafat is Columnist & Asst. Officer, Career & Professional Development Services Department. Southeast University. E-mail: [email protected])
