Security Program Case Study Example | Topics and Well Written Essays - 1750 words

Security Program - Case Study ExampleThe transcription under analysis is the New York public depository library. In this organization, security issues are taken into account as the library gather and keep personal data of users and their personal information. The New York public library consists of some(prenominal) branches and departments it has regional branches and has more than 43,975,362 items. The library computerized its lending portions in order to improve customer service and improve its routine work.The security program is aimed to protect users from unauthorized access to their information and protect library from attacks. Beyond that, however, all supply-especially those who deal with personal data regularly-need to be aware of what they are allowed to do, what they are non allowed to do, what security procedures they are expected to follow, and whom to ask if they are in any doubt. There essential be policies spelling out what is expected, opportunities for staff t o know what those policies are and what procedures are required to implement them, and regular checks on whether the policies and procedures are being followed (Data Security and Protection 2008).The security program was implemented 5 years ago. It is conjectural that the biggest risk to security is almost always staff. The damage they do can be deliberate-stealing information to the highest degree people, such as business contacts they want to use for their own purposes, for example, or trashing the database out of frustration on being demoted. More often it is un-thinking or inadvertent-giving information over the telephone to someone who shouldnt have it, divergence confidential files on their kitchen table for a neighbour to see when they are working at home, or chatting in the canteen about a users borrowing habits where other people can overhear. Even with impertinent threats, the accepted wisdom is that anyone trying to gain access is more likely to succeed by tricking st aff into giving away vital information than by hacking straight into computer (Data Security and Protection 2008). The kickoff line of defense is therefore to ensure that staff are aware of the possibilities and operate within a culture where information, and especially personal data, is handled carefully and responsibly. To support them, employees should take measures that make it as easy as possible for them to do the right thing. At the same time employees should not be over-anxious. Security measures must be appropriate to the threat, not 100% perfect every time. (Even government security agencies have been cognize to lose vital information held on laptop computers.) The kind of things the responsible person at the departmental level should be looking at include (Baschab et al 2007 The New York Public Library 2008). In the New York public library, one area that often gives rise to concern is netmail. Although the dangers can be exaggerated, it is big to be aware that e-mail is inherently insecure. E-mails themselves may constitute personal data if the addressee is identifiable. More importantly, if e-mail is used for sending personal data to other people, some thought should be given as to whether it should be encrypted. A special attention is given to the information department of a charity. A bare-assed computer system is introduced for holding details of telephone enquiries, which