From the given case it is obvious that a third party is trying to get information about the company or the employees. This third party can be either the competitor for the company or just a database building institutes which is trying to get information about the employees. Both these information will be very valuable in the outside market so the company should be very cautious in storing and discarding information.
The basic concept of information security is confidentiality, integrity and availability of information. Confidentiality means that information that should stay secret stays secret and only those persons authorized to access it may receive access. Confidentiality is the prevention of unauthorized disclosure of information. Integrity is concerned with the trustworthiness, origin,…show more content… 1. For each information resource that an organization wishes to manage, a list of users who can take specific actions can be created. This is an access control list, or ACL. For each user, specific capabilities are assigned, such as read, write, delete, or add. Only users with those capabilities can perform those functions. If a user is not on the list, they have no ability to even know that the information resource exists.
2. Encryption is a process of encoding data upon its transmission or storage so that only authorized individuals can read it. An organization needs to transmit information over the Internet or transfer it on external media such as a CD or flash drive. In these cases, even with proper authentication and access control, it is possible for an unauthorized person to get access to the data.
3. Another essential tool for information security is a comprehensive backup plan for the entire organization. Not only should the data on the corporate servers be backed up, but individual computers used throughout the organization should also be backed up.
