Data Security and Responsibility of the User Essay

Data Security and Responsibility of the User - Essay Example Hence, the human resources department are tasked to track all head hunting and social engineering activities to steal the personal information about the game designers and developers by the competition. In this context, the gaming companies implement stringent Information security policies similar to the ones defined for any software engineering company. Dayarathna (2009) presented five types of unauthorized activities that can be carried out in an organization that is immensely dependent upon computer systems and because all their intellectual properties and data resides on computer systems. These activities are - access, use, destructions, alterations and disclosure. The protection of information against these unauthorized activities are carried out in three attributes requiring different controls - Confidentiality, Integrity and Availability. In my major, all the information assets including personal records are identified and their requirements pertaining to Confidentiality, Inte grity and Availability are assessed. Thereafter, the threats from unauthorized activities are assessed and the internal vulnerabilities are detected such that the risk exposures can be determined. The asset based risk assessment methodology recommended by NIST is one of the most suitable risk analysis methods applicable in computer systems industries like the gaming industry (Stoneburner and Goguen et al. 2002). The controls are applied as an integral part of the risk mitigation strategies once all the threats and corresponding risks to assets are assessed and documented. Identity management controls to protect personal records form an integral part of such controls. The records comprises of personal attributes, academic records and professional records of employees. Claub and Kohntopp (2001) argued that identity management requires multilaterally secured communication within an organization. Such a system requires that security concerns of all parties in a communication are protect ed and hence valid pseudonyms related to all parties need to be shared. If one of the parties is not able to share valid pseudonyms then the party is viewed to be an unauthorized participant in the communication channel. The companies having computer generated intellectual properties are very strict about such pseudonyms that are digitally coded in various access tools provided to valid employees. Moreover, all communication channels are secured using various controls like e-mails & attachment scrutiny (both in inbound as well as outbound), private e-mail sites blocked by a firewall, intrusion prevention systems deployed at the Internet gateways, telephone conversations are routed through trained operators smart enough to detect social engineering/head-hunting attempts, etc (Phua. 2009). Such mechanisms can help in protecting theft of pseudonyms related to all employees such that their identity can be protected. Companies dependent upon computer generated intellectual property are h ighly concerned about protection of personnel information that