Surviving in Dubai as a Business Requires SeriousnessTowards Information Security

In today’s fast advancing world where there is a high rate of advancement in the field of technology and simultaneously giving rise to data theft and information insecurity, it is mandatory for organizations to keep their information secure from data theft and privacy concerns of their business. This is mainly because the stakeholders of the business such as vendors, shareholders, employees, customers, etc. require the information security of the business. With Dubai in specific and world in general, the need of cyber security is at its peak.

The absence of proper cyber security, Infrastructure in the organization can make it prone to multiple types of hazards such as losses being channelled in the bucket of fraud cases. For e.g. the average white collar frauds in 2012 were $140,000. Evidences prove that half of the victims of such frauds never succeed in the Bourn losses. Hence, with the inclusion of strengthened IS in an organization, it can avail the following benefits.

• Risk reduction to a satisfactory level that the stakeholders are convinced to keep their links with the business.
• The objectives of Enterprise, Organization and the Internet Security platform are all merged strategically.
• Since the business is tagged as Secure, in Dubai it attains Business value and invites higher investments in comparison to what an unsecured business does.
• This way, the business captures an upper hand in the market share of Dubai and hence also succeed in Market capitalization.

Information Security (IS), if needs to be implemented as per the requirements, then there is need of focus to be paid upon intelligent decision making. Only then the outcomes mentioned above and more will start to pop out in favour of the business. Therefore the business should see its management’s performance too.

The online security process should seek to be effective in attaining the following for the business:

1. Concealment: The information shouldn’t be available to every Tom, Dick and Harry. Rather, it should be concealed and only accessible by the authorized personnel of the business which ensures the complete confidentiality and concealment of the business. This way the risk of data leakage will be minimized to a significant extent.
2.  Reliability: The information should be kept safe from any kind of vague amendments which may make it fraudulent or despoiled or altered. The IS department must take measures to protect the information from unintentional or voluntarily made changes. This will ensure the reliability of the business and prove to be very helpful in 360 degree reliability of the information as the information available will be modification free to a vast extent.
3. Accessibility: Information must be kept available to authorized personnel so they can access I wherever and whenever they need it only through a secure platform.

Dubai is a multicultural city, with people from multiple ethnicities and it is never easy to count upon anyone because one doesn’t simply carries the ability to judge which person from which ethnic background would be intelligent enough to do information theft and there is a significant disparity observed in this ability from one ethnicity to the other. Hence, Information Security should be dealt seriously in Dubai without which it won’t be possible to survive in such a competitive market.

Why Managers are an Important Actor of Information Security Schema

Why managers must be involved in planning a thorough information security plan for the company, why? This is one of the most common questions we have been answering since long, but still this exists in many minds. Why managers are given so much importance, the reason is that managers are the one who is managing everything in a working culture OR simply he is responsible for maintaining Confidentiality, availability, and integrity of information assets.

Have you ever thought or experience workflow of an organization when there is no manager, there is hardly one person who will take the responsibility of protecting the digital assets. There is only one person who is then held responsible for data leakage, “the manager”. And a manager who fails to accept the responsibility of data leakage will out his/her organization’s survival at risk.

Why managers must know about information security?

There are many organizations that are still working without any kind of security policies and they are considered as “rudderless” when it comes to providing information security. The technical IT people are responsible for creating a master plan for information security and they simply fight with any kind of mitigation attack (also they have limited control or authority of the overall system). At this point, manager’s role starts as he/she is responsible for keeping check on any data leakage by ensuring every team member follow set guidelines. A manager will act as a backbone and help the company to achieve its goal of information security.

Companies which are operating in GULF especially in Qatar are still lacking such practices that are why there is a big loophole exists for hackers.

Many information security companies in Qatar must understand that managers have direct authority to supervise information policies for an organization. And to do this job a manager do not even need to be a computer nerd, basic training and responsible role can help him/her achieve their goals. There is a need of realizing that organizations must undergo with some kind of the systematic approach to assuring information security in their organization.

Manager’s responsibility:

The following items are included in the manager's responsibility for computer security:

1. Vital assets of an organization must be identified, described and itemized.

It is really important to identify all information assets in order to provide an appropriate level of security for each set of information. In addition to that an organization without explicit knowledge of what information assets it owns cannot provide information security.

2. Each of the information assets must be classified as to its level of criticality.

What “critical” means must be described in terms of an information asset, what are they and why they must be protected? For example, financial accounts are more critical than a backup copy of a public website. Policies and procedures must be developed on how information is to be processed in the organization.