International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT CONTRACTING Lee E. Rice1 and Syed (Shawon) M. Rahman, Ph.D.2 1
School of Business and IT, Capella University, Minneapolis, MN, USA LRice6@CapellaUniversity.edu
2
Assistant Professor, Dept. of Computer Science, University of Hawaii-Hilo, HI USA and Adjunct Faculty, School of Business and IT, Capella University, Minneapolis, MN, USA SRahman@hawaii.edu
ABSTRACT The need for information security within small to mid-size companies is increasing. The risks of information security breach, data loss, and disaster are growing. The impact of IT outages and issues on the company are unacceptable to any size business and their clients. There are many ways to address the security for IT departments. The need to address risks of attacks as well as disasters is important to the IT security policies and procedures. The IT departments of small to medium companies have to address these security concerns within their budgets and other limited resources.Security planning, design, and employee training that is needed requires input and agreement from all levels of the company and management. This paper will discuss security needs and methods to implement them into a corporate infrastructure.
KEYWORDS Information security, security breach, data loss, disaster recovery,corporate infrastructure
1. INTRODUCTION In developing a corporate security plan, it is important to understand the corporate structure and day-to-day business operations. The infrastructure of the Information technology department will be very important knowledge to have in order to build an effective security policy. The requirements for security are defined by the business and risk assessment. The corporate security policy is becoming more important to the overall company success and ability to attract customers. In the development of a security policy all employees have a part in the implementation and success of the security policy. It is important for corporate officers to understand the importance of information security to the business. This will allow resources and money to be spent on this implementation and support. The Information Technology (IT) department must understand security and the best methods to utilize the corporate money and resources to get the best possible security policy put in place. The other employees need to follow the procedures and security guidelines for computer use to help prevent viruses, and unauthorized access to the systems through password compromise. These are important parts to the security policy in addition to the use of technology and proper tools to prevent and recovery from any possible attacks on the IT infrastructure. In section two of this paper there will be a case study of a non-profit government contracting organization. This will show some of the challenges the IT structure needs to address. In DOI : 10.5121/ijnsa.2012.4404
53