Rus Articles Journal

Information security of business information

Valuable, confidential information
Special processing of BI appendices transforms terabits of data to valuable business information. Analyzing the intercepted data obtained from BI appendices ill-wishers - competitors can influence work of your company, now they have an opportunity to exploit new opportunities, to understand strategy of development of your company, to monitor change business - processes, to react scratchpad to technological novelties or even to take out patents for your inventions. Thereof, ill-wishers considerably increase efficiency of the work and competitiveness of the services, and the affected company can even be ruined. Below some examples of especially important information which has to be reliably protected are given:

- Contact information on clients, the carried-out trends, and any similar business - information. Information on technological developments and the introduced novelties.
- Corporate financial statements, costs of securities given about sharp changes and expenses as these data can be used at strategic planning of fight against your company.
- Information of use of Internet - the website, including the detailed analysis of activity of users, structure of audience, its quantity, calculation of viewings of pages, and similar information on your visitors.

The companies understand advantages of use of strategic initiatives like BI. In certain cases BI becomes the integral way of achievement of successful work of the enterprise. Use of BI promotes:

- To the Best, in comparison with competitors, to understanding of the market.
- Fast adaptation to the changing conditions of business and, therefore, to emergence of a possibility of use of this information in the interests.
- To creation of new opportunities of profit

of BI the data disseminated earlier through various structures of the enterprise are going to information storage or special data center now, then are analyzed and submitted logically. Such information is extremely valuable, very confidential and especially sensitive for each company.

As it was already told above if this information falls into hands of competitors, then there can be a real crash for your business. Therefore the companies have to develop information policy of protection and make changes, using a combination of the software and the protective equipment, to use the best protective actions and methods of management which are coordinated with their policy.

Exclusive use of data
of BI the data which underwent special processing belong, eventually, to the owner of the company, or, in case of corporation, to board members. On shoulders of this team of leaders heavy responsibility lies: they are obliged to adhere to certain instructions for respect for privacy, and also to define appropriate methods of storage and use of all corporate data. This group has to follow recommendations of heads of the highest level, and in case of need involvement of external experts - economists, auditors etc. they need to define importance and the importance of data and to estimate a possibility of the risk connected with possible leak.

A corporate information security policy
Many companies do not do necessary changes in the corporate information security policy. The policy has to promote appropriate use of information obtained from a specification and analytical business data. To avoid emergence of the problems connected with use of BI of the company have to recheck and strengthen four main field of information policy again:

- Identification
- Authorization
- Confidentiality and privacy
- External and internal audit

Identification
Users and appendices have to be surely identified, their identifiers have to be checked before they get access to information assets. If it is necessary to establish authenticity, use various combinations below the given ways:

- ID of the user or password
- Additional resources of identification (for example, smart cards and USB keys)
- Use of open keys for exchange of information

Authorization
Correctly authorized users and appendices have to have access only to the subjects IT to resources on which use the owner of information gave the written permission.

It is necessary to regulate access strictly:

- to corporate databases and places of data storage.
- to appendices and tools by means of which it is possible to spoil or analyse data of the company
- to results of analytical data in an electronic and paper form. Here also access to system in which final messages, like personal folders and additional electronic devices are kept belongs.

Confidentiality and privacy
the Active actions directed to following to all instructions of the local guide to respect for privacy is one of corporate obligations. The information collected for BI of the analysis and which is of value for this company may contain also information of the client which is protected by laws. Confidentiality and privacy can be reached with the help:

- Security policies
- Enciphering
- Instruments of management of policy (Tivoli Access Manager type)

it is important to understand that in case of BI, other enterprise, in other words, the trade partner, but not an individual or the end user can be the client. Information collected from BI of initiatives may contain information on the last trends and strategy made and developed by the trade partner, and this information has to be protected, at least for the sake of compliance with laws and implementation of agreements on nondisclosure. We recommend to reconsider protective policy so that it covered not only an individual, but also and the legal entity of the enterprise.

It is recommended to book audit and to collect detailed information on that:

- who makes requests in databases and storages of data?
- what information can be obtained by these inquiries?
- how this information is used?
- who is the owner of this information?

Besides, in certain cases the companies have to have an opportunity to return the control systems of data to an initial state, for example, after carrying out all necessary inquiries the base has to be given to an initial state. The policy dictating duties and procedures for carrying out such checks, has to be included in the general policy of information security.

Main sense of the article
- The Corporate information security policy has to be again rechecked in connection with introduction of BI of initiatives.
- If it is necessary, elements of policy have to be rewritten for a guarantee of the rights and satisfaction of wishes of the owner of information.
- The Enterprises working with BI have to involve information security managers to development of policy of the information security directed against unintentional or deliberate violations of safety