Information security policies and awareness in organizations

Abstract

India is rapidly emerging as an economic superpower in the present times. As a natural consequence of this explosive growth, it now plays host to the facilities of a large number of home grown and international corporations. These organizations may be classified into IT and non-IT as follows. IT Services/Product organizations: This segment comprises of hardcore information technology companies which either provide outsourcing services to clients or are involved in the development and testing of proprietary products. Non-IT related organizations: This segment comprises of institutions like government departments and companies in the field of financial services, manufacturing, retail etc. It must be noted that while these companies do not deal in IT related products directly, information technology plays a very important part in their smooth functioning. Most of these companies have dedicated IT departments which look after their IT needs. In either of the aforementioned scenarios, company employees handle information which is either proprietary in nature or confidential and strategically important to the client or the company. Thus, proper handling of information according to policies laid down by the respective organizations becomes very important. In fact, any mishandling of client specific information can have disastrous consequences for an organization in terms of a bad public image and loss of future business opportunities.