Explore BrainMass

Security of Information in Commercial or Business Organizations

This is a case study in preparing for analysis purposes, to study on Security of information in commercial or business organizations.

*This is a general approach, with no specific size of organization or industry type.

5 topics to cover:

(1) Definitions of human, technical and physical information assets at potential risk in commercial or business organizations.

(2) Definitions and descriptions of the terms, 'integrity', 'availability' and 'confidentiality' in relation to the security protection of information assets in commercial or business organizations, i.e. what is it about these assets that must be protected?

(3) Risks inherent in commercial or business organizations: for example, malware and Trojan horses, hackers, insider risks (social engineering) and threats, physical weaknesses

(4) Implications of the threats that put commercial or business organizations at risk.

(5) Suggested counter-measures for commercial or business organizations, namely:
- technical counter-measures
- physical counter-measures
- personnel counter-measures

Each topic should contain an introduction of what each topic means, definitions if required, and detailed explanation, possibly some examples that can aid in understanding the topic better.

This analysis must be based on the work of credible and relevant authors (not personal opinions about information security management). Hence please list in bullet points, the URLs, title/author of book, journal, etc.

**No need include any citation or quoting** as this is purely my own analysis work.
in doc/docx format.

Solution Preview

Information security in commercial or business organizations

Information security within a commercial or business organization is involves an act that is concerned with information protection of the information systems from people who have no authority over the system. The main purpose of information security is restricting access to unauthorized users, information disclosure prevention, disruption, perusal and destruction.

Topic 1: definition of terms such as technical, human and physical information assets which are at potential risk in a business or a commercial organization.

There are several assets which are at a potential risk in a business or a commercial organization. These assets are classified into three major categories that that is; human, technical and physical information assets.
Human information assets

The human information assets within a business or a commercial organization are the most important assets among the three assets. Humans are like a backbone joining the vital capabilities concerned with sustaining an organization. Human information assets within an organization are basically divided into two major categories that is; employees and non employees.


This involves the organization's staff members as well as managers, especially the ones who are assigned roles dealing with knowledge management for example, an executive manager, a software developer, a system manager, and a security administrator among others. Generally, they are the 'go-to' people within an organization.


People under this group are either, temporarily working for an organization, special advisors or specialist contractors. An example of this group of people is the person who understands the physical Information Technology environment maintenance. An organization's suppliers and the partners to the organization are also examples of non-employees.
Both the employees and the non-employees form part of an organization's information asset which is at potential risk.

Physical information asset

Physical information assets are generally any tangible information asset within an organization. They are further divided into infrastructures which support IT, control IT environments and IT hardware. Some examples include devices used for storage and computing such as lap tops, computer rooms, and water alarms.

Technical information assets

These are information assets in an organization which have the ability of assisting in the processing of information. Moreover, technical assets assist in creation, output generation, input storing and data storage. Technical asset plays a big role in the identification and valuing of an organization's processes.

Question 2:
Define and describe the terms 'integrity', 'availability', and 'confidentiality' in relation to information security protection of information assets in organizations (either business or commercial). That is, what is it about these assets which make them valuable so that they need to be protected?

The integrity, availability and confidentiality of an information asset have to be protected through information security. Information security ensures that the integrity, availability and confidentiality of any information asset is upheld at all costs regardless of the form of the information asset for example, electronic or in a print form.
An organizations' information such as employee details should be confidential to the organization in context only.

In case an information asset falls in the hand s of a competitor, the organization's security will be breached which may result to drastic end results for example, business loss. In addition to that effect, an organization may become bankrupt in case a competitor obtains the information about it. An organization's confidential information asset protection is termed as both an ethical and legal requirement.

Confidentiality, integrity and availability are the basic principles of an information security. Confidentiality involves the prevention of information disclosure to ...

Solution Summary

The solution discusses the security of information in commercial or business organizations.