Running Head: INFORMATION PROTECTION AND SECURITY 1

Information Protection and Security

Institution of Affiliation

Name
INFORMATION PROTECTION AND SECURITY 2

Abstract

There a high need and importance for organisations to protect and secure customer

information. This has led to the requirement for compliance with information security standards.

Many people confuse information standards with the act of having usernames and passwords.

Although this is true, it also entails many other important parts of intangible assets of an

organisation, customer trust and upholding customer level of confidence for the success of an

organisation. In spite of all this efforts to increase client information protection and security there

are challenges and breach that come with the efforts.

Introduction

Organisations cannot run without transfer of information between two are more parties.

This is usually done through the internet, intranet and extranet. The three channels are a high

target for hackers hence the need to provide protection security. Resent research shows that

information breach and credit card phishing is one of the most common security issues. A survey

on information protection and security done by Potter and Beards 2010 indicated that:

“Protecting customer information remains the most important driver for security, 28%.

Preventing downtime and outages (19%) has increased in relative importance, perhaps in

the wake of the recent wave of Internet worm attacks”

Due to the importance of information security and protection issues there are some

standards which have been developed for IT Governance to provide security. These includes:

PRINCE2, OPM3, CMMI, P-CMM, PMMM, ISO27001, BS7799, PCIDSS, COSO, SOA, ITIL

and COBIT.
INFORMATION PROTECTION AND SECURITY 3

In spite of the presence of these standards, there are challenges and issues that prevent the

adoption and implementation of these protection mechanisms.

Cost. The cost of engaging in customer information protection and security strategy is

high, thus leading to increase in overhead cost of an organisation that engages in the

implementation of the system. example is of organisation shunning away from private cloud

computing implementations dues to high cost associated with its adoption. Therefore, this leads

to the organisation adoption of old form of information security leaving most of their client

information to be vulnerable from attacks. Also, the cost of acquiring expertise to work on the

information security and protection departments is high.

There are also the challenges of choosing from the many protection and security

standards platforms. This is due to the fact that they are so many with different unique nature and

characteristics which differs from one standard framework to another. Each standard has a

unique role and role in the implementation of 1SMS. Susanto, Almunawar and Tuan, (2011).

Stated in their research that:

“There are several standards for IT Governance which leads to information security such

as PRINCE2, OPM3, CMMI, P-CMM, PMMM, ISO27001, BS7799, PCIDSS, COSO,

SOA, ITIL and COBIT “

INFORMATION PROTECTION AND SECURITY 4

Change of organisation culture. Kosutic, (2010) stated that:

“Compliance with ISO 27001 will require employees to embrace new security controls

introduced by the standard. This organizational change could also affect company

culture”

There is also the necessity in providing an assessment tool for measuring organisation

preparedness level of implementation of ISO 27001. A research by Susanto, Almunawar &

Tuan,( 2012b) indicate that:

“Novelty framework to descript and viewing ISMS is required, while introducing new

algorithm and mathematic models is something attracted”

Implementing information protection and security mechanism can be seen as an overload for an

organisation. Kosutic, (2010) stated that:

“The project can be seen as just additional workload and its benefits may be overlooked”

User notification that information is being monitored and preserved

Customers notification on monitoring and preservation of information can be achieved by

the use of technology. These technologies may include:

Telephone conversation is a major response media that provides customers with instant

feed back and a solution to their queries. This has been adopted by most organisations, to

mention some of the few is AT$T which signs up millions of credit cards. their report of 1990

they indicate that:

“When AT&T entered the credit card business in March 1990, it had a powerful source of

competitive advantage: it knew millions of its prospective customers by name and

reputation because they were telephone customers.”

INFORMATION PROTECTION AND SECURITY 5

Mailing is another response tool where customer and organisations uses unique address in

communication on any important matters. Mailing usually uses unique email addresses to

communicate between parties. It is a form of organisation data base where information about a

client can be retrieved. Quaker Direct (1990) indicate that:

“When addresses do not exist, some manufacturers create them. Quaker set out in

September 1990 to find the addresses of 18 million of its customers by mailing cents-off

coupons, each of which bore a unique household number”

Use of catalogue. This is where the seller send a bid to sell inform of catalogue

and the buyer responds by buying or not buying. Many business organisation uses this

form of interactive marketing to sell their products.

How end users respond to announcements.

Most of the end users which are in most cases respond to the announcements in a positive

manner, this is by continuous conversation with the clients to get solutions to some of their

queries and at the end indulging into a business undertaking with the organisation through the

use of telephone conversations and mailings. Also, some customers respond by either purchasing

what is being bid in the catalogue or refuse on the proposal to buy.

INFORMATION PROTECTION AND SECURITY 6

References

Abdulkader Alfantookh.(2009). An Approach for the Assessment of The Application of ISO

27001 Essential Information Security Controls. Computer Sciences, King Saud University.

Ali Bitazar.(2009). About ISO27001 Benefits and Features. Obtained from

http://www.articlesbase.com.

Business Dictionary online (BDO). Obtained from www.businessdictionary.com

Chris Potter & Andrew Beard.(2010). Information Security Breaches Survey 2010. Price Water

House Coopers.Earl‟s Court,London.

Dejan Kosutic. (2010). ISO 27001 and BS 25999. Obtained from

http://blog.iso27001standard.com

Blattberg, R. C., and Deighton J.(1991). "Interactive marketing: exploiting the age of

addressability." Sloan Management Review, vol. 33, no. 1, p. 5+. Academic

OneFile, https://link.galegroup.com/apps/doc/A11649593/AONE?u=googlescholar&sid=AONE

&xid=6dccd9de.

Webster,. F.E. (1981), "Top Management's Concerns about Marketing: Issues for the

1980s," Journal of Marketing, Summer, p. 9-16.

INFORMATION PROTECTION AND SECURITY 7

"Sears Rewards Shoppers in Bid to Boost Sales," Chicago Tribune, 12 September 1990,

sec. 3, p. 1.

Dwyer,. F.R. (1989) Customer Lifetime Valuation to Support Marketing Decision

Making: Journal of Direct Marketing 3.

Blattberg,. (1987). Research Opportunities in Direct Marketing: Journal of Direct

Marketing 1

AT&T Signs Up a Million Accounts for Credit Card: Wall Street Journal, 13 June 1990,

p. B6.

"Quaker Direct," Direct, September 1990, p. 1.