It only takes a single lapse to put the classified data and information resources at risk. Thus, the sensitive data may be acquired unlawfully, damaged, or modified because personnel have either become complacent or are assuming new responsibilities without specific security awareness. Therefore, efficient security indoctrination measures must be planned and applied to manage all risks associated with Information and Communication Technologies. Managers at all levels have to ensure that, the indoctrination of AAN personnel commences on induction and continues throughout the progression of their career. 2. The Report In the following paragraph a brief report is presented by AAN managers in order to raise a winning bid for a huge contract. 2.1 Highly Secretive Organizations AAN Limited is involved in designing hundreds of small electrical products and consists of highly professional manpower. Over the last 3 years, the company has been exploring the Asian markets. In order to make a successful bid for winning a huge contract for Indian government, the company is required to change its overall structure and working environment. In order to gain the optimum confidence level of Indian government, AAN Limited is going to change itself into a highly secretive organization. It means the company has to create a highly secured and protective environment to keep all of its business projects confidential not only from external factors but also from any unauthorized persons even belong to AAN. On the contrary, a constricted deliberation related to security devices as a whole may initiate a counterfeit confidence in the system (Turn amp. Ware, 1975). A cultural shift surrounded by in-depth awareness of information security is needed to win the desired contract. AAN can execute this project through its short and long term strategic objectives. This can be achieved by close coordination of planning, communication, peer review, and documentation (Kevin, Gene, amp. George, 2004) (a) Establishment of Department of Information Security Management at headquarters level and IT Centre at section levels (b) Formulation of information security doctrine (c) Designation of IT Officers at section level (d) Provision of information security awareness to all personnel (e) Ensure the use of only officially procured and registered hardware and software (f) All hardware and media is to bear appropriate security marking (g) Ensure that no unauthorized hardware is used 2.2 Human Factors in Security 2.2.1 Roles and Responsibilities Roles and responsibilities of all personnel with respect to information security have been clearly defined by all stakeholders. The word ‘security’ means the controlling methods by which a computer, some other devices, or information contained in them are modified (Miller, 1971).
Human Factors in Security