The main goal of information security (IS) programs is to protect information assets, ensuring their safety and proper functioning. For an organization, IS’s purpose implies the performance of four essential functions: protecting functionality, data protection, enabling applications’ safe operation, and safeguarding technology assets (Whitman & Mattord, 2018). All four functions are vital since IS promotes secure and efficient organizations’ work, yet, in my opinion, data protection holds greater importance.
Functionality protection means that IS ensures the organization’s ability to operate. Thus, IS performs not only technological tasks but managerial: “managing information security has more to do with risk management, policy, and its enforcement than the technology of its implementation” (Whitman & Mattord, 2018, p. 52). Enabling applications’ safe operation implies that IS programs implement appropriate and secured functioning of various applications used throughout organizations’ infrastructures. Considering rapid technological progress, organizations “acquire and operate integrated, efficient, and capable applications,” including operational ones, messaging tools, and operating system platforms (Whitman & Mattord, 2018, p. 53). Constantly and widely used applications’ proper functioning is ensured by IS programs. Safeguarding technology assets function presupposes that IS is expected to keep hardware and technological solutions appropriate to the scope and needs of the organization (Whitman & Mattord, 2018). Protection of physical or electronic collected data involves ensuring the safety and confidentiality of organizations’ information “in transmission, in processing, and at rest (storage)” (Whitman & Mattord, 2018, p. 52). Every organization operates with a large amount of information, and data protection is the crucial function of IS.
IS programs aim to address potential and existent issues to protect organizations’ information assets. Information and data protection appears the most significant among IS functions since every organization “relies on information systems” (Whitman & Mattord, 2018, p. 52). Organizations operate with valuable data, and its value makes information vulnerable. Collected and used information can contain private data, including personal, health, financial and other records. Theft and misuse of such information lead to concerning outcomes for employees, customers, and organizations in general. For example, a Russian hacker thieved data from the e-commerce site CD Universe. The data stolen contained several hundred thousand customers’ credit card numbers. The hacker blackmailed CD Universe to extort money, and after the company refused to pay, he posted stolen card numbers on his website (Whitman & Mattord, 2018). This example shows that data is the most vulnerable part of the organization and, therefore, the information protection function holds greater importance.
Reference
Whitman, M. E., & Mattord, H. J. (2018). Principles of information security (6th ed.). Cengage Learning.