An information security policy goes a long way in reducing risks …show more content…
The enterprise information security program policy determines the direction and scope of a company’s security measures (Johnson, 2014). The policy acts as a point of reference when developing, implementing and maintaining the security systems. Furthermore, the security program assigns duties to a number of areas associated with information security.
Policy documents ought to give an overview of the company’s philosophy with regard to security. Given that the firm has to evaluate the need for information security, it becomes easy to establish control that will reduce security. According to Peltier (2016), information will also include the organization of the security system and the roles that various individuals will play. Determining the responsibility that members will execute and the ones which the departments are responsible facilitates coordination and therefore makes the policy effective.
Issue Specific Security …show more content…
The policy is for safeguarding the firewall as it is detrimental to the efficiency of an organization’s operations. Peltier argued security elements of the policy are protocols as well as software and hardware components (2016). The information technology is important as it prevents the penetration of the company systems thereby preventing the manipulation of data. All individuals are responsible for preventing system threats by not sharing passwords.
Information technology experts should install antivirus software that will detect threats to the system. Supervisors should conduct network monitoring to identify areas of risk. Security officers should ensure that only people with approval access the control room. Once the management approves the mechanism of putting a firewall in place, implementation through the use of security codes and key cards for high level authorized personnel (Johnson, 2014). Workers will get training on ways of using the system and detecting threat to ensure that there is no loop hole for data manipulation. In terms of maintenance, the company will update the system; antivirus software’s and change passwords regularly as a way of improving the control