INFORMATION TECHNOLOGY SECURITY
Maintaining a good reputation in an organization is a fundamental principle for the success of the firm. Notably, it takes relatively a long time to build and maintain, but ruining one’s reputation takes less than five minutes. It is essential for most business organizations such as institutions and has a vast scope applied universally. The underlying principle of information security in an organization is that, policies and procedures must be put in place to govern how information or data can be accessed. These policies help determine who is unauthorized to access, use, disclose, disrupt, modify, peruse, inspect, or record any information from their database. It is, therefore, the task of an IT director to put in place plans to prevent security breach. This can be achieved by employing the concept of Triple A i.e. authenticate, authorize and account ( Satarova ,2007).
The AAA works together authentication is typically a way to identify a user by enabling the user to enter a valid username and password to gain entry. To access a portal, each user must have a unique set of credentials and they must match in order to access the internet (Ferguson, 2010). Failure to do so, the authentication fails and accessing the internet is denied. The director of IT is tasked with enforcement of system policies that determines the activity types, resources and qualities to give permission to user’s access when authenticated (IJC, 2017)
Authorization occurs when the user’s credential matched in the system. An authorized user gains access to different types of activities or any consent for any action in the network system. It is determined based on varied restrictions such as physical location, multiple access by same identity and time of day. The IT director is mandated to restrict any user access when the above cases are not followed to ensure security of information is not breeched.
Finally, accounting for what people do in a system is important. The users should only access what they are allowed to and not gaining access to information they should not. It involves auditing of the actions of individuals to make sure they meet the set threshold of the company’s information.
In conclusion, the Information Technology director should ensure that the AAA framework is established in any business organizations so that any access to a network system is first authenticated, authorized and accounted for before any entry into the system is allowed in order to avoid security breech. This in turn, will ensure that the reputation of the company and its members is maintained.
REFERENCES
Sattarova F. Y. and Tao-hoon K. (2007). IT Security Review: Privacy, Access, Control, Assurance and Security, International Journal of Multimedia and Ubiquitous Engineering vol 2.
Ferguson, N., Schneier, B., Kohno, T. (2010). Crypography Engineering: Design Principles and Practical Application. Wiley Publishing.
International Journal of Computer (IJC) (2010). Vol 24