This paper explores the gap between organizational processes and security design for Easyshopping Ltd. It starts with a presentation stressing the need for improved security in the Easyshopping Ltd.. Organizational processes such as work design, creativity, innovation, culture, learning, and change are considered in organizational design. The way the organization is designed and coordinated leads to the ability to reach its goals. Many factors influence the behavior and performance of the organization including the context, purpose, people, and structure as they interface with the core transformation and management support processes to set the organization's performance level.
Discussion
Data in an information technology (IT) system is at risk from various sources—user errors and malicious and nonmalicious attacks. Accidents can occur, and attackers can gain access to the system and can disrupt services, make systems useless, or change, delete, or steal information. Some companies have taken an enlightened view of security. They believe that, to be successful, they must show their customers that security and protecting information assets are a core business function. Security by design means that it is not an afterthought in the design process; instead, it is one of the requirements that designers use when starting a project. Secure in deployment means that products will be shipped and ready to use in a way that will not compromise the security of the customer or other products.
In the broadest definition, an information security program is a plan to mitigate risks associated with the processing of information. The security profession (Bensen, 2006) has defined the basics of security as three elements:
Confidentiality. Confidentiality is preventing unauthorized use or disclosure of information. The system contains information that calls for protection from unauthorized disclosure. Examples include timed dissemination information (e.g., interim financial statements, personal information, and proprietary business information). Privacy is a closely related topic that has lately been getting more visibility.
Integrity. Integrity is ensuring that information is accurate and complete and that it has not been modified by unauthorized users or processes. The system contains information that must be protected from unauthorized, unanticipated, or unintentional modification. Examples include survey reports, economic indicators, or financial transactions systems.
Availability. Availability is ensuring that users have timely and reliable access to their information assets. The system contains information or provides services that must be available on a timely basis to meet mission requirements or to avoid substantial losses. Examples include online accessibility of business records, systems critical to safety, life support, and hurricane forecasting.
These three elements are the basics around which all security programs are developed. The three concepts are linked together in information protection. The idea that information is an asset that calls for protection, just like other asset of the business, is basic to understanding these concepts.
Ernst and Young Computer Security Institute conducts an annual study on Global Information Security. In Ersnt and Young's 2002 study, 90% of respondents (Easyshopping Ltd.s and government agencies) detected computer security breaches; 70% reported a variety of serious computer security breaches except ...