Unit 1 LO3
3.1: Explain why security and confidentiality are important in a business environment?
The section explains the importance of safety and privacy in the UK’s grid business environment. Then, this paper explains the potential consequences of failing to maintain the safety and confidentiality of the business requirements of the Hilton.
Importance of security
If a security breach is attributable to a failure by a company to take reasonable steps to implement robust e-security architecture, shareholders may ask questions. They may want to know what steps (if any) the directors took to prevent the breach of network security. After all, directors have a duty to exercise fiduciary care and due diligence in the protection of corporate assets and minimization of loss (Snag, 2017). For that reason, to comply with their obligations, directors must ensure that suitable measures are taken to protect the company’s information systems and the data on those systems. This is only incensed when the company also maintains data belonging to another party.
Protecting the security of personal information involves implementing reasonable steps to maintain:
- Physical security,
- Computer and network security,
- The security of communications and
- The appropriate training of staff.
The information ought either be destroyed or de-identified when it is no longer needed for the purpose of collection, any permissible secondary purposes, or for the purpose of meeting a legal requirement to retain the information. A security policy that deals with privacy issues is essential for an organization that wants to avoid breaching the National Privacy Principles as it establishes strict systems to ensure that personal information held or processed by the organization is not subject to unauthorized access or use. For instance, in an online environment, a policy would dictate that personal data would never be stored in the clear on a transaction server.
Importance of privacy
Confidentiality is a critical component of the UK data protection regime with non-compliance being likely to lead to a variety of breaches both locally in the UK and Internationally. The confidentiality principle of the Data Protection Act 1998 “requires that appropriate measures (technical and organizational) must be taken by data controllers against unauthorized or unlawful access to personal data and against accidental loss or destruction of personal data (Snag, 2017). Consequently, Hilton must take reasonable measures to protect the personal information it holds from misuse and loss, from unauthorized access, modification, or disclosure.
Our Recommended Resources:
Organizations need to become aware of the massive reputation risks related to a breach of confidentiality associated with the disclosure of personal information. When Hilton will be able to ensure confidentiality, its stakeholder trust will be increased that will ultimately increase its brand reputation, customer base, customer and staff retention and loyalty, and even revenue and profits.
3.2: Explain the Possible consequences of failing to maintain security and confidentiality in line with requirements.
The second part of this paper identifies the source of risk holding and evaluates risk impacts and it affects the risk of risk.
A possible consequence of failing to maintain security
A lack of security cameras, entry badges, inventory systems, alarms, and other means of protecting your assets can cost you significant dollars. Dark stairwells, poorly lit storage rooms and remote parking lots are prime areas for criminals to rob or assault your employees, customers, and delivery people, and commit acts of vandalism. Hilton may lose drastically from instances of computer hacking. Independent firms specializing in hacking prevention software or network development stand to benefit tremendously as the impact of hacking spreads throughout the world. Small businesses in particular may expand operations exponentially if successful in obtaining and retaining a client base (Gish, 2018).
However, a company in this field whose product or efforts fail in the face of hacking face a ruined reputation and thereby the potential loss of a client base and an inability to attract additional clients. Thus, Hilton needs to ensure that the data it maintains on its clients is secure, but additionally, in cases where it maintains some responsibility for the security and protection of client data; it also needs to ensure that this is adequately secured.
A possible consequence of failing to maintain confidentiality
Information security systems are often incredibly expensive, and difficult to set up and maintain. However, not spending the extra time and money to have the confidentiality that Hilton needs is a huge risk. If the stakeholders of Hilton identifies that it fails to maintain the confidentiality of their personal information, according to Data Protection Act 1998, they can file a case in court that may cause huge financial and image damage to Hilton. In addition, computer hacking often revolves around information. Organizations steal information such as research, business strategies, financial reports, and more from one another through hacking operations.
Digitized client databases also fall victim to hacking, with hackers stealing names, addresses, emails, and even financial information from organizations. Such a loss of information to a small business may cost a competitive edge or the complete loss of a client base, effectively ruining the organization (Gish, 2018). On the opposite end of the spectrum, a business participating in computer hacking may gain a wealth of information providing a competitive edge and access to new client bases through the act. Personal or political information gained through computer hacking can serve as leverage in business or political dealings.
Vandalism is the planting of false information and is a tactic that major hacking groups like to use. By planting false information, Hilton’s reputation could be ruined in a matter of minutes if customers or others find poor information brazenly placed on your site. The structure of an organization can also be hacked, at risk for hacking, or with extensive digital networks requiring protection from hacking often reflects the threat of hacking. Hilton (with employ extensive information technology (IT) team) works constantly on creating, updating, developing, and improving computer networks and safety to prevent or deter hackers from accessing information. Hilton may face radical reorganization to cope with such efforts, while new businesses anticipating such preventative measures must work them into the initial business plan (Gish, 2018).