Memorandum
As information technology becomes more integrated into the everyday lives of customers, employees, and businesses, questions regarding data storage, processing, and information security become prominent. Without a solid risk mitigation strategy, an organization could suffer from exposure to critical data about its assets, customers, and employees to third parties. This memorandum will focus on the issues of data processing and protection based on the article written by Lakshmi, Kumar, Banu, and Reddy (2013), as well as the study published by Hernandez, Mayernik, Murphy-Mariscal, and Allen (2012), which address the most recent data management and confidentiality practices. The information from these articles will be incorporated into the final project.
An educational organization uses several types of data resources and storage systems based on its purpose. Typically, a school has an electronic archive of educational materials, which allows access for students and teachers to assist in studies. Another system in place is an electronic curriculum and journal, with access permitted to teachers, students, and parents. Finally, there is scheduling and budgeting software, typically accessed by managers and accountants. These systems use electronic data processing and batch processing methods.
Utilizing these systems to their full effect while maintaining a proper level of data protection offers numerous advantages to the educational institution. For example, it allows parents and students to track their educational progress, enables visual and graphic representations of schedules and curriculum for teachers, and makes budget managing easier and less time-consuming. All of these practices are the new standard in modern schooling. Sustaining competitive advantage without integrating IT into the teaching and management processes would be impossible.
However, the use of IT presents a list of short-term and long-term issues with information security. According to Lakshmi et al. (2013), three main fundamental security requirements are confidentiality, integrity, and availability. At the same time, security issues can be classified as physical, procedural, technical, and personnel-related risks. Hernandez et al. (2012) state that roughly 80% of all data loss is caused by inadequate management or malicious intent by the insiders. Thus, security issues are likely to be caused due to the lack of training and understanding as much as from outside sources. Encryption and firewalls, while making data more secure, do not necessarily address all of the risks involving IT. A school is expected to protect the privacy of its students, the integrity of study materials and academic information, and the confidentiality of all other nonpublic information, which includes budgeting reports, expenditures, and financing, aside from materials used for taxation and legal purposes.
Based on the article by Hernandez et al. (2012), there are several suggestions and recommendations to be made regarding data storage, processing, and security issues. All users with access to specific data files, be it teachers, managers, or parents, should be instructed on matters of information security. Passwords should not be stored in cookie files or shared with unauthorized individuals. Anti-virus programs, encryption, and firewalls should be used to prevent unauthorized access. The system must be made transparent enough; all insider activity is to be monitored. Lastly, it is suggested that all related data should be placed in a physical school server, with a virtual private database as a backup. The data on both servers should be protected by a POLICIES access system with access being determined by security clearance levels (Lakshmi et al., 2013). These measures should improve our existing systems based on the three criteria outlined above: confidentiality, integrity, and availability.
References
Hernandez, R. R., Mayernik, M. S., Murphy-Mariscal, M. L., & Allen, M. F. (2012).
Advanced technologies and data management practices in environmental science: Lessons from academia. BioScience, 62(12), 1067-1076.
Lakshmi, B., Kumar, K. P. V., Banu, A. S., & Reddy, K. A. (2013). Data confidentiality and loss prevention using virtual private database. International Journal of Computer Science and Engineering, 5(3), 143-149.