The Role of Information Security Policy
A successful Information Security Program is determined by how the security policy for an organization is developed, how it is implemented, and maintained. An effective sound security policy creates a solid foundation for an information system. The policy makers must emphasize that within the organization, the role played by information security is of paramount importance. The system administrator is responsible for setting employees’ roles, authenticating the identities of employees, setting access levels, logging security-relevant transactions, initiating awareness efforts, and ensuring that the information security objectives are met. In ...view middle of the document...
While not used to establish administrative enforcement, security policies are used to provide a common understanding of the purposes for which employees can utilize technology at the workplace.
Security policies provide readily available standards for compliance noting that technology is used in an appropriate manner. Other characteristics that may be addressed by the security policies may include the use of electronic mail, access to the internet, incident response, recovery, and use of personal equipment on company network. Firewalls, antivirus programs, and software updates are other recommendations that should be addressed by the security policy.
Include a discussion of the role employees—and others working for the organization—play in this effort.
A principle initiative for information security is the acceptance of responsibility by employees in ensuring standards, policies and procedures for handling company information are followed. To change the attitudes and behaviors of employees, specific guidelines, goals, and initiatives that best fit an organization’s security needs must be developed. This will create a benchmark awareness towards information security and policy management capabilities with recommended guidelines on how to turn employees into the first line of defense. Employees are encouraged to be cautious when opening emails that appear suspicious or originating from unknown sources.
Security policies must include provisions that stipulate that employees should acknowledge their participation in ensuring that company resources are utilized appropriately and consistent with established guidelines. The preparation of new information security policies requires the existence of adequate enforcement processes. Policies that are not enforced have a probability for inefficiency as having not any policies at all because they generate hypocrisy and tolerance for inappropriate behavior.
Examine the different levels of security and how an organization can provide the proper level of effort to meet each information security need and how this relates to what is in an organization’s information security policy
There are various levels of security procedures that an organization can utilize to ensure that her information security system is well protected and secured against external threats such as unauthorized intrusions, viruses, malware, and hacking. It is almost impossible to protect an IT system from adversity. Hermann, Rothke, and Robert (2006) stated that, “There are many viruses, malware, and hackers that can compromise the security and integrity of an information system. Many remedies that are available for protecting IT systems cannot guarantee security that ensures data protection.” Therefore, deploying protective measures can help lower the level of risks.
Implementing organizational tactics, modernized technologies, and processes can help close the gap by providing an almost impenetrable web of...