When he noticed extraordinarily strange system activity one afternoon during his daily (but randomly timed) surveillance operations, he quickly went on the trail of the troublemaker. Steve knew he was an effective security manager, but he surprised himself by tracing breaches so quickly back to Mrs. Todd, the fifth-grade teacher. He should have known that he would never have trusted Ms. Todd. No one could be so nice – it had to be a ruse. Since system security is the aggregate of the security of individual components, the „system boundaries“ must include individual users and their workstations. However, since personal computers are just that (personal), employee behavior can`t always be dictated without impacting overall employee productivity. Keep in mind that security policies become ineffective if they are so restrictive that legitimate user access is threatened.
Therefore, a successful implementation of security is a reasonable balance between system protection and user autonomy and convenience. The person responsible for finding this balance and actively promoting organizational safety is the person responsible for security. Safety management is about maintaining a safety-conscious organizational culture, developing concrete procedures to support safety, and managing the myriad components that make up the system. The security manager ensures that administration and staff are aware of their security roles, support security efforts, and are prepared to tolerate minor inconveniences that are inevitably part of system changes and improvements. Because when employees bypass security procedures (e.g., writing down passwords, freeing accounts, and disabling antivirus software), they put the entire system at risk. Any computer connected to a network or interacting with others via floppy disks or modem is vulnerable to malware: computer viruses, worms, Trojan horses, etc. It is the responsibility of the security officer to develop and monitor procedures to prevent viruses and other malicious programs from infiltrating the system. As a general rule, no out-of-system floppy disks (including brand name, shrink-wrap software) should ever be used on a system computer without first being scanned by an up-to-date antivirus program. In India, the Aadhaar Act of 2016 provides for the disclosure of information, excluding „basic biometric information“, pursuant to a court order, which can only be issued after the Unique Identification Authority of India (UIDAI) has had the opportunity to assist with the disclosure. It also provides for the disclosure of information, including basic biometric information, „in the interest of national security“ on instructions from senior government officials, if authorized by a central government order and if it is reviewed by an oversight committee composed of the Cabinet Secretary and Government Secretaries of the Ministry of Legal Affairs and the Ministry of Electronics and Information Technology. Computers and networks are valuable tools for their users.
Many people rely on them every day to do their jobs more efficiently. When IT resources are not available, it can become much more difficult to meet the demands of the job. An important role a security manager plays is to make employees understand that protecting the system is in their best interest as well as in the best interest of the company. Personal data should be stored and processed securely and protected against unauthorised or unlawful processing, loss, theft, destruction or damage. This principle is becoming increasingly important for digital ID systems given the threat of cyberattacks. Typical measures to ensure data security that may be required by the legal framework – some of which are explained in more detail in Section III. Privacy and security – including: implementing and maintaining appropriate security measures (as specified/detailed in law). As security risks to citizens` personally identifiable data have increased in recent years, some state legislators are taking a more active role in requiring companies to protect personal information. Many international and regional standards and national laws provide exceptions to the consent requirement for the collection and use of personal data when the government collects data on the basis of legal authority, such as data collected for identification systems (see, for example, the European Commission`s Model Contracts for International Data Transfers).
Where consent is not required or obtained, transparency can at least provide clear and accessible explanations to ensure public trust and avoid misunderstandings. Individuals may be informed of information that is considered public and that is kept confidential. The county rescue disk eventually broke irreparably. But Rita, the head of security, prepared for the case and quickly made a copy of a maintenance contract with her supplier that covered exactly this type of event. She called the sales representative and was told she would receive a replacement drive within 48 hours. She said that would be nice, as the system was not scheduled for another full backup for another three days.