Human Factors in Information Security

Question: Discuss about the Human Factors in Information Security. Answer: Effect of Work at Home Employees on Information Security and Risk Management Multinational Payment Card Company has decided to expand its wings on the global platform and the expansion process would enable a large number of employees to work from home on the basis of the connections provided for the call centres. The decision would prove to be fruitful for the organization in terms of expansion and growth; however, the same would introduce a lot many security risks and attacks as well. The employees working remotely may transfer the private and confidential information to an unauthorized party which may be accidental or deliberate (Pyoria, 2011). There would also be chances associated with loss of the devices used by the employees leading to loss of data. Also, the security of the device from which the connection would be made may not be sufficient to ensure that there are no security risks and attacks. The same would enhance the chances of information breaches and network security attacks. It would therefore be required to develop security mechanisms in orde r to deal with the security risks and attacks that would come with the employees working from home. The mechanisms shall include the use of firewalls and anti-malware software along with network intrusion detection and prevention systems installed on all the machines. The information shall also be encrypted to ensure that the misuse of the same is avoided in all the cases (Colwill, 2009). Effect of Updating Customer Information on Information Security and Risk Management The employees would be allowed to update the information of the customers via connections provided for the call centres. The information that would be updated would include payment information and demographic details and it would be extremely sensitive and confidential in nature. There would be a number of security risks that would get introduced as the employees will have access to such information which may lead to unauthorized breaching of information. The same may cause a lot many legal obligations as well. The information security and risk management policies would therefore be required to be set up accordingly (Lee, 2014). There shall be an ethical and professional code of conduct that must be made mandatory to be accepted by all the employees at the time of joining. Also, the employees shall be provided with the trainings on the legal and regulatory policies that would be applicable to the information of the customers and the access and usage of the same. The information shall also be encrypted to ensure that the misuse of the same is avoided in all the cases. There shall also be network detection and activity detection software that must be made mandatory to be installed by all the employees on their machines (Taylor, 2015). Consideration of Information Security Risk Management Methods and Blueprints of other Countries The payment card company is based out of Australia and the call centres are set up in Singapore, Suva and will be set up in other parts of the world as well. The legal, regulatory and ethical policies and standards vary from one country to the other. Also, the business operations would be done on a global platform which would mean that customers from all around the globe would be using the services provided by the company. It would therefore be required to ensure that the terms and conditions that are applicable in Australia along with the home country of the call centre are taken in to consideration and an amalgamation of both are applied (Ghazouani, 2014). The practice would ensure that the information of the customers is kept protected at all times. Also, there may be legal and regulatory obligations that may come up in case of information security risks. Such legal obligations will also be avoided be adhering to the policies and rules prevailing in both the countries. Frequent se curity risks and attacks also lead to downfall of the organization in the market which brings down the level of customer engagement and satisfaction. Inclusion of the security policies prevalent in other countries would enhance the overall security infrastructure and mechanisms leading to lesser possibility of security risks and attacks. The decision shall be taken by the senior management and regulatory parties involved at both ends and the same shall be documented as well (Webb et al., 2014). References Colwill, C. (2009). Human factors in information security: The insider threat e Who can you trust these days?. [online] Available at: https://csbweb01.uncw.edu/people/cummingsj/classes/mis534/articles/Previous%20Articles/Ch11InternalThreatsUsers.pdf [Accessed 24 Jan. 2017]. Ghazouani, M. (2014). Information Security Risk Assessment A Practical Approach with a Mathematical Formulation of Risk. [online] Available at: https://research.ijcaonline.org/volume103/number8/pxc3899155.pdf [Accessed 24 Jan. 2017]. Lee, M. (2014). Information Security Risk Analysis Methods and Research Trends: AHP and Fuzzy Comprehensive Method. [online] Available at: https://airccse.org/journal/jcsit/6114ijcsit03.pdf [Accessed 24 Jan. 2017]. Pyoria, P. (2011). Managing telework: risks, fears and rules. [online] Available at: https://www.uta.fi/yky/tutkimus/socru/space/Managing%20telework.pdf [Accessed 24 Jan. 2017]. Taylor, R. (2015). Potential Problems with Information Security Risk Assessments: Information Security Journal: A Global Perspective: Vol 24, No 4-6. [online] Tandfonline.com. Available at: https://www.tandfonline.com/doi/abs/10.1080/19393555.2015.1092620 [Accessed 24 Jan. 2017]. Webb, J., Maynard, S., Ahmad, A. and Shanks, G. (2014). Information Security Risk Management: An Intelligence-Driven Approach.