Need for information security management in Bangladesh.

Introduction.

Information  is  the  most valuable  asset  for  an  agency.  Information  has  different  dimension  in terms of accessibility. Some information is public where as some are confidential. Depending on the degree of confidentiality, information has several level of accessibility as well. Such as there  are  information  which  are open  for  public  access  without  any  authentication  of  the information seeker, some are accessible with single factor authentication, some require multi factor  authentication  whereas  some  are  private  within  the  organization,  some  are  highly confidential thatonly a group of people in an organization has access. So it is very important for  an  agency  to  have  clear  understanding  about  their  information  and  the  accessibility.

Internet  is  an  open  platform  for  all  to  access  information.  Internet  technology  and  other technologies  like  handheld  devices,  mobile  devices,  tablet  PCs,  wireless  technologies  are making  information  easily  accessible  and  affordable.  There  may  be  some  situation  when information can be used as weapon to make chaos in a country. So it is the duty of an agency to  take  care  of  its  own  information  in  the  internet.

Need information security management.

Assume that you do not have information security management in Bangladesh. What will happen? A typical scenario to explain the rationale behind it is imagined Bangladesh Govt. IT system being hacked. Some examples, of effects after being hacked are such as leakage of confidential information, loss of client data which will result in loss of shareholders confidence, country reputation affected, etc. It does not matter whether the security breach is a small scale or large scale breach as even the smallest scale security breach can cost a dire effect in Bangladesh.

With proper information security management in place within the organisation, you will be able to minimize the risk of loss of information. This will be able to help the clients to build more confidence with the organisation as the organisation will be able to protect their confidential information.

Carli C (2009) says “Your business vulnerability is also your reputation, so don’t assume that you can ignore the importance of information security management.

Michael Cobb (2009) says “Smartphone has quickly become yet another indispensable part of modern business. Features such as wireless email, Web browsing, personal information management and network access to corporate resources allow for quicker and better decision making and greater productivity.”

Although mobile devices are not the primary target of cyber criminals, this does not mean that mobile device will not be targeted by cyber criminals in the near future. Example on the recent mobile attack on July 2010, Android mobile user downloaded malicious mobile software which resulted in sending of personal information found from inside of the mobile phone to selected servers in China. This clearly proves that mobile devices are not immune to attack. Therefore, there is a need for mobile device security management.
It is important to monitor and review the information security policy for improvement.