Data Security and Responsibility of the User Essay

Data Security and Responsibility of the User - Essay ExampleHence, the human resources department atomic number 18 tasked to way of life every(prenominal) head hunting and mixer engineering activities to steal the personal information about the game designers and developers by the competition. In this context, the gaming companies implement rigorous Information security policies similar to the ones defined for any software engineering company. Dayarathna (2009) presented five types of unauthorized activities that can be carried out in an organization that is vastly dependent upon figurer systems and because all their intellectual properties and data resides on computer systems. These activities are - access, use, destructions, alterations and disclosure. The protection of information against these unauthorized activities are carried out in third attributes requiring different controls - Confidentiality, Integrity and Availability. In my major, all the information assets includ ing personal records are identified and their requirements pertaining to Confidentiality, Integrity and Availability are assessed. Thereafter, the threats from unauthorized activities are assessed and the internal vulnerabilities are detected such that the venture exposures can be determined. The asset based risk assessment methodology recommended by NIST is one of the most suitable risk analysis methods applicable in computer systems industries like the gaming industry (Stoneburner and Goguen et al. 2002). The controls are applied as an integral part of the risk mitigation strategies at once all the threats and corresponding risks to assets are assessed and documented. Identity management controls to protect personal records form an integral part of such controls. The records comprises of personal attributes, academic records and professional records of employees. Claub and Kohntopp (2001) argued that identity element management requires multilaterally secured communication with in an organization. Such a system requires that security concerns of all parties in a communication are protected and hence logical pseudonyms related to all parties need to be shared. If one of the parties is not able to share valid pseudonyms then the party is viewed to be an unauthorized participant in the communication channel. The companies having computer generated intellectual properties are very strict about such pseudonyms that are digitally coded in various access tools provided to valid employees. Moreover, all communication channels are secured using various controls like electronic mails & attachment scrutiny (both in inbound as well as outbound), private e-mail sites blocked by a firewall, intrusion prevention systems deployed at the Internet gateways, telephone conversations are routed through trained operators smart enough to detect social engineering/head-hunting attempts, etc (Phua. 2009). Such mechanisms can help in protecting theft of pseudonyms related to all employees such that their identity can be protected. Companies dependent upon computer generated intellectual property are highly concerned about protection of personnel information that