User:Nath2nath/sandbox

PURPOSES OF SECURITY POLICIES

Every business has a set of objectives to meet at the end of a day. These objectives vary depending on the business and their stakeholders. Most business main objective is to perpetuate the operation of the organization. Policies are established to go along with the objective of organization for many reasons.

SECURITY POLICY IN THE ORGANIZATION

Within any business, security policy sets the limits and standards of how critical information and the actual system will be protected from compromises and threats. These policies need to be flexible in order to be adaptable to change within the concerned organization. Staffs who are responsible for creating and maintaining the security policy need to learn how to recognize changes in information technology and the impact on the organization security.

SECURITY AWARENESS

Security awareness program is intended to instruct users on the security policy of the business. The objective of security awareness program should not be limited to the education of the organization’s security policy but should go beyond and help to develop an understanding of how the policy protects the business. Security awareness training should educate employees at a high level of how to monitor and maintain security across the organization.

CORE OF THE SECURITY PROGRAM

Most often, security programs focuses on disseminating and familiarizing the employees and management with the company’s security policy. This would include educate users on creating a good and strong password or phrase-word, informing users of email and internet access policies and also employee responsibility for computer security. Employees need to be trained on how to configure systems securely, educate them on users’ account management policies and also how to secure remote access for support of system. All these training programs are part of security training awareness and no area need to be neglected in order to minimize risks.

COMPUTER SYSTEM ATTACKS AND SOURCES

Lack on security of organization system places more business on risks of attacks from hackers and many other malicious intruders. These attacks comes from both inside and outside the organization and could be only be prevented when the business set a good security plan.

According to a survey conducted by eWeek and Camelot IT, Ltd., almost 60 percent of the respondents said that attacks from outside were a more serious threat than those from inside. This is in spite of the fact that 57 percent of those responding who reported a breach in security, reported the breach was caused by insiders with unauthorized access. Forty-three percent reported that security was breached using accounts left open after employees left the company. Of the total respondents, 21 percent reported attacks from disgruntled employees. (Lightfoot).

From that perspective, all employees should be informed on the tools that IT professional use to monitor internet access as well as email. These tools should be provided as part of security awareness training. System administrators on the other hand need to realize that almost all critical security threats come from inside the business. Login user activity, monitoring emails, and internet access are very important for internet tracking purpose.

Security within the organization falls under many perspectives; the protection of the business’s assets (people and information), rules and guidelines of users and the violation of security policies lead to sever disciplinary action which could even go further to termination and sue fine.

Protection of people and information; security policies are set to protect every individual that has interest in the business (stakeholders). People interact with the business with their personal and precious information, employees use precious data while performing their daily duty for the ongoing business. Security policies are established to guide individual within the business to protect stakeholders and information of the concerned business. Rules and guidelines for users; security policies set rules and regulations for employees, management and stakeholder as whole. This set up the expected behavior and conducts and even the culture within the business is serving. Users in this case know where the organization is heading and the guidelines to follow for achieving the business’s objectives.

Consequences of violation; the concerned company’s agreement and baselines are elaborated though security policies. Consequences out of violations are also highlighted and employees read and sign adherence and agreement of knowledge of this document. Risks minimization; security policies cover all aspect of the organization; risks are then minimized when employees are familiar and follow the steps of the security policy.

CONCLUSION

Overall, security policies offer a structure for the good practice that all employee follows to get the work done with less risk. This helps to make sure that safety is established within the organization and any security incident would be handling with less risk. Since information and data are precious assets and properties of the organization and need to be protected, security policies describe the concerned business’s attitude and approach to information.

REFERENCES

http://www.article10assetsecurity.com/information-security-policy http://www.symantec.com/connect/articles/introduction-security-policies-part-one-overview-policies http://www.csoonline.com/article/495017/how-to-write-an-information-security-policy http://www.sans.org/reading_room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies_1331 http://my.gwu.edu/files/policies/InformationSecurityPolicyFINAL.pdf http://www.pearsonhighered.com/assets/hip/us/hip_us_pearsonhighered/samplechapter/078973446X.pdf