Protecting the systems is an enormous tasks for the IT departments, they always need to be a couple of steps ahead of the attackers in order to protect the system. One of the most important tasks to protect the company’s systems starts by educating the user and making them aware of security issues and concern that can affect the company. By educating the user on Information system security and prevention, these averts issues like man in the middle, viruses, Trojan …show more content…
Everyone that makes choices and takes actions in situations where classified information loss is a threat invites personal risk into their situation also. An information security policy permits people to take required measures needed; all without concern of punishment. An information security policy forces the protection of data, while it eradicates, or at least lessens, personal accountability for personnel. A risk assessment is a measure that must be completed prior to placing your security policy into place.
Departments whose units handle or manage information assets or electronic resources should conduct formal risk assessments. A risk assessment is a process by which to determine what information resources exist that require protection, and to understand and document potential risks from IT security failures that may cause loss of information confidentiality, integrity, or availability. (University of California Information Technology Services, …show more content…
This is for the reason that these people are the people who will be using the system and overseeing the employees whom will be having access to the data on the network. These people will be able to offer valuable information that can be used in the implementation of the security policy. Every single department will indeed have personal desires that will have to be addressed as well. During the meeting, categories should be laid out that will be covered which needs input from these people. Each topic should be brought up and explained as to why it is needed and the options that are available. People are more enthusiastic to changes when they comprehend the why and how and are given a little proprietorship during the course of the implementation. Countless information security policies in companies miss the mark due to the fact that they do not reflect on the significance of people as an important role in the policy. Focusing on information technology itself is just not enough. Techniques need to be established that show consideration for your personnel while they work together with every component of the information systems they