Security Policy Essay

2866 words - 12 pages

As sad as it is to say, the possibility of having our data exposed to a malicious attacker nowadays is constantly increasing. This is mainly due to the fairly high number of ‘security illiterate’ staff also having access to sensitive and sometime even secret business information. As such, Information Security has come to play an extremely vital role in today’s fast moving but invariably technically fragile business environment. To that effect, the importance of establishing good security policies cannot be overstated. This does not only serve to enhance a company’s daily business procedures and transactions, but also to ensure that the much needed security measures are implemented with an ...view middle of the document...

While the major Data Centers will be maintained in the US and Germany, distributed installations will be at all other locations having remote access capability through a private data network to all Data Center applications. 24/7/365 up time requirements will be a must. Socio-technically speaking, this is a rather complex task. Indeed, complexity in socio-technical systems is increasing. True, systems composed of information, physical properties and human behavior have always been sophisticated. However, recent developments make a real difference. Outsourcing and service composition alone cause dissolution of boundaries between organizations. The proliferation of mobile devices for instance can cause dissolution of boundaries between the private and the public sphere, and between work and home as well. Furthermore, convergence of access control mechanisms, as well as convergence of bio-, nano and info technologies cause dissolution of boundaries between different technologies. In recent times these trends have led to an explosion of a number of possible interactions. When considering the security of information in such a sociotechnical environment, developments like working from home, bring-your-own-device and cloud computing lead to increasingly complicated information security problems. One has to deal with propagation of access rights in complex attack scenarios: attackers may exploit vulnerabilities at different levels, and attacks may include physical access and social engineering. This is already the case even in relatively simple scenarios. For example, in the road apple attack, an attacker will leave infected dongles around the organization’s premises. When an employee picks up a dongle and plugs it into a company computer, malware will send out all the information it can find. The possibilities for such multi-step attacks in increasingly complex systems come with the important questions of how to manage information security policies in complex situations, and how to check whether the security policies in place are adequate.
Although the main aim of this paper is theoretical, in the sense that it merely provides formal foundations for security policy alignment, I believe it to have substantial practical implications in terms of connecting existing methods for security analysis, as well as in providing opportunities for potential future applied research in the area of security in distributed computing. With this in mind, there should be no arguing the fact that in order to protect their people, organizations and territories, countries usually develop their own national security policies. Such policies should enable their nations to establish a secure, threat free environment that supports sustainable development. Additionally, those policies have to be formulated based on a National Cyber Security Framework (NCSF) that comprises legislation and regulatory, technology, public-private cooperation, institutional and international aspects....

Other Papers Like Security Policy

Information Security Policy Essay

1790 words - 8 pages of this policy. Contents The topics covered in this document include: • Statement of responsibility • The Internet and e-mail • Computer viruses • Access codes and passwords • Physical security • Copyrights and license agreements Statement of responsibility General responsibilities pertaining to this policy are set forth in this section. The following sections list additional specific responsibilities. Manager responsibilities Managers

Heart Healthy Information Security Policy Essay

540 words - 3 pages Introduction to Policy Augmentation Process Due to the fact that both HIPAA and HITECH are non-prescriptive security frameworks HITRUST common security framework (CSF) was leveraged to augment the Heart-Healthy Insurance Information Security Policy. Moreover, HITRUST CSF was chosen as it maps to various other information security frameworks applicable to Heart-Healthy Insurance Company (i.e. HIPAA, HITECH, PCI, ISO 27000-series, etc

Global Security Policy - Week 5 - Cmgt-400

969 words - 4 pages Global Security Policy CMGT-400 Monday, May 11, 2015 Vijay Bhaskar Jonnalagadda Global Security Policy Organizations with offices in multiple countries have to strategically implement personnel, logistics, network configurations, and inventory; but they also have to create a security plan to secure these assets to keep their customer, brand integrity, and profits. Some of the issues faced while maintaining security for a company in

Unit 4 Assignment 1: Enhance an Existing It Security Policy Framework

698 words - 3 pages Quintin Damare’ 1/23/15 Unit 4 Assignment 1: Enhance an Existing IT Security Policy Framework 1. Purpose The purpose of this policy is to define standards for connecting to Richman Investment's network from any host. These standards are designed to minimize the potential exposure to Richman Investment from damages which may result from unauthorized use of Richman’s Investment resources. Damages include the loss of sensitive or company

Is4550 Week 5 Lab

1642 words - 7 pages ------------------------------------------------- Week 5 Laboratory: Part 1 Part 1: Assess and Audit an Existing IT Security Policy Framework Definition Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure * Review existing IT security policies as part of a policy framework

Cmgt400 Week 4 Individual

1359 words - 6 pages The Role of Information Security Policy A successful Information Security Program is determined by how the security policy for an organization is developed, how it is implemented, and maintained. An effective sound security policy creates a solid foundation for an information system. The policy makers must emphasize that within the organization, the role played by information security is of paramount importance. The system administrator is

Beth A Grillo - It540 Management Of Information Security - Assignment - Unit 2

297 words - 2 pages Unit 2 Assignment: Security Policy Implementation Beth A. Grillo, MHA, CPC-A July 19th, 2016 IT540-01: Management of Information Security Dr. Kenneth Flick Kaplan University Table of Contents Unit Two Assignment: Security Policy Implementation 3 Part 1: Step 29 3 Part 1: Step 36 3 Part 3: Step 33 4 Part 3: Significance of Strict Password Policy 5 Reference 6 Unit Two Assignment: Security Policy Implementation Part 1

Title Is Awesome

1179 words - 5 pages IS 471 Policy Development and Security Issues Lab 4 (Due October 22, 2014) Introduction In any company, a security policy helps to mitigate the risks and threats the business encounters. However, unless a company happens to be in the information security industry, the task of identifying, assessing, and categorizing the myriad of risks can be an overwhelming one. Thankfully, a company’s IT infrastructure can be divided in a logical manner to

Course Discription

968 words - 4 pages Respond to weekly discussion questions. 3 Learning Team Instructions Draft a 2-3 page description on the web security issues and concerns present at each Riordan plant. 9/2/13 5 Individual Security Policy Create and submit a 2-3 page security policy for McBride Financial Services, located in the Virtual Organizations. Develop a policy based on perceived needs associated within the loan department and issues in implementing online loan applications. 9/2/13 15

Linux Security

448 words - 2 pages Linux Security Project Part 1 Instructor Sandro Tuccinardi Student Brian Dupee Security Policy Outline First World bank wants to provide banking services online to its customers. The institution estimates over $100,000,000 a year in online credit card transactions for loan applications and other banking services. According to a team that was formed using a Linux an open source infrastructure would roughly as

Security Breach

1832 words - 8 pages potential customers and communicate with them effectively. Security policy and Response of firm on Security breach To secure the data of customers and software information of the firm, Sony group privacy policy is used by Sony Corporation. In this, to win confidence and trust of the customers, appropriate use and security control tools are focused by the firm under this security policy. Management of the firm believes to give priority to

Related Essays

Security Policy Essay

848 words - 4 pages Law and Policy Case Study September 15, 2013 Introduction In the field of information security, there are many types of law. As senior managers, it is important to be knowledgeable of the legal environment. Once this information is learned and retained, then it will increase access and understanding of information security. Laws and practices that are related to information security will be discussed and how these

Security Policy Document Essay

2165 words - 9 pages 1.0 Purpose The purpose of this policy is to describe the security requirements for Global Distribution, Inc. (GDI). It is important that GDI protects the confidentiality, integrity and availability of information that is essential for day-to-day business operations. This policy will apply to all information that is electronically stored, received, typed, printed, filmed, and generated. Information technology systems are critical for Global

Security Policy Week 4 Essay

547 words - 3 pages This document is to describe the Information Security requirements of Online Application Services and Application Service Providers that engage in business with McBride Financial Services. This policy applies to any use of Online Loan Applications (OLA) and any outsourcing to Application Service Providers (ASP) by McBride Financial Services, independent of where hosted. The Online Loan Application or Application Service Provider's Sponsor

Physical Security Policy Essay

749 words - 3 pages Associate Level Material Appendix E Physical Security Policy Student Name: xxxxxxxxxxx University of Phoenix IT/244 Intro to IT Security Instructor’s Name: xxxxxxxxx Date: 4.14.13 Physical Security Policy