Information Security Policy

Great Essays
Information security policy refers to measures taken by a company in an attempt to control the behavior of the labor force. The policy ensures that no inappropriate activities take place within the working environment. As part of the rules that the policy has to abide by is the compliance with the laws and regulation and the ability to create defense in the court (Peltier, 2016). The management must support and administer the policy in a suitable manner. It is imperative to tailor the policy as a way of meeting the needs of the company. Responsibility sharing is one factor that the management of an organization should take into account to ensure effective use of the data systems.
An information security policy goes a long way in reducing risks
…show more content…
The enterprise information security program policy determines the direction and scope of a company’s security measures (Johnson, 2014). The policy acts as a point of reference when developing, implementing and maintaining the security systems. Furthermore, the security program assigns duties to a number of areas associated with information security.
Policy documents ought to give an overview of the company’s philosophy with regard to security. Given that the firm has to evaluate the need for information security, it becomes easy to establish control that will reduce security. According to Peltier (2016), information will also include the organization of the security system and the roles that various individuals will play. Determining the responsibility that members will execute and the ones which the departments are responsible facilitates coordination and therefore makes the policy effective.
Issue Specific Security
…show more content…
The policy is for safeguarding the firewall as it is detrimental to the efficiency of an organization’s operations. Peltier argued security elements of the policy are protocols as well as software and hardware components (2016). The information technology is important as it prevents the penetration of the company systems thereby preventing the manipulation of data. All individuals are responsible for preventing system threats by not sharing passwords.
Information technology experts should install antivirus software that will detect threats to the system. Supervisors should conduct network monitoring to identify areas of risk. Security officers should ensure that only people with approval access the control room. Once the management approves the mechanism of putting a firewall in place, implementation through the use of security codes and key cards for high level authorized personnel (Johnson, 2014). Workers will get training on ways of using the system and detecting threat to ensure that there is no loop hole for data manipulation. In terms of maintenance, the company will update the system; antivirus software’s and change passwords regularly as a way of improving the control

Related Documents

  • Improved Essays

    Business objectives in creation of establishing IT policies may have certain goals and an objective which serves as stepping stones for great accomplish. The hallmark of every successful safety and health program is top management’s active and aggressive commitment. Company that is successful in meeting goals and objectives can attract more investors or shareholders. Company’s statistics help gauge their success against competitors. Employees are provided to have freedom to carry out their job and make decision with defined boundaries.…

    • 723 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    Nt1330 Unit 2

    • 369 Words
    • 2 Pages

    The business requirements of the access control must be established and documented. Access control rules and rights for each user or group of users should be clearly stated in a policy statement about access All employees, contractors and third party users of information systems and services should be required to record and report any allegations or findings of security weaknesses in the system or the services. This aims to ensure that information security events and weaknesses detection of information security can be dealt with in a timely and…

    • 369 Words
    • 2 Pages
    Improved Essays
  • Superior Essays

    Footlocker Code Of Ethics

    • 970 Words
    • 4 Pages

    The company that I have decided to discuss is footlocker. Footlocker is an established company known for their wide variety of trainers. The company was introduced in 1974 and it was founded in 1988 as a separate business, known as the Woolworth Company. The company is a global business owned by Ken C.Hicks. Footlocker is a public limited company so the business information and trading is free to others.…

    • 970 Words
    • 4 Pages
    Superior Essays
  • Improved Essays

    Nt1310 Unit 9 Final Paper

    • 586 Words
    • 3 Pages

    At no time should the workstation be used for personal email use, (i.e. sending or receiving), or social networking sites. The company has a secondary Internet Service Provider (ISP), and that should be used for personal email and social networking via your personal devices, such as cell phones and tablets. Again, you are not permitted to send company information using personal devices or email/social media. Key Control Maintaining constant watch over who has access to what electronic and physical key access is imperative.…

    • 586 Words
    • 3 Pages
    Improved Essays
  • Decent Essays

    Information security policy is to protect the data and assets. We can apply policies to the users. What to access and what not to access. These security policies can protect the networks, computers, applications of the company.…

    • 342 Words
    • 2 Pages
    Decent Essays
  • Decent Essays

    Nt2580 Unit 7

    • 395 Words
    • 2 Pages

    There is panel control where a unit/equip is available in front of their cameras and other apparels to diagnose and give disposable information about the concern. Most often, this kind of security is to ensure that sensitive areas can only be accessed by authorized persons only, they control the equipment, data, electronic information of the organization from breaching or any other violence. D.B Parker proposed three additional elements for Information Security: Firstly, we have authenticity which accounts on the veracity of the information stored by the control or the website manager. It ensure that the members registered in the organization are who they state to be. We have possession and control, this is the control of the documents and all information saved in a computer or on a chip with encrypted code or information.…

    • 395 Words
    • 2 Pages
    Decent Essays
  • Improved Essays

    The vulnerabilities identified in part 1 assignment was mitigated by recommending the right solutions. In part2, the network security analyst identified and proposed solutions for the right network devices to protect the accounting firm's network from intruders and external cyber threats. In this final assignment section, the network security analyst of the accounting firm will propose the application/end-user security recommendation to protect the company’s sensitive information. The analyst will also ensure that the proper procedure and policies are in place to take care of network security and employees should be trained and aware of those policies from possible threats including cyber-attacks.…

    • 730 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    4. CORRESPONDING DUTIES: As a user of the company network you have the following obligations: 1) To answer for your personal account granted to you by CRI company. 2) To keep confidentiality of company’s information, maintaining its integrity and keeping information from being accessed by non-authorized users.…

    • 1019 Words
    • 5 Pages
    Improved Essays
  • Improved Essays

    Developing data analytics to monitor and screen cybersecurity threats and react to threat attacker episodes and review log activities (Bergquist, 2016). Technical recommendations to boost security without significantly increasing personnel management can be achieved by incorporating security frameworks reviews, examining any area(s) of weakness or vulnerabilities and implementing security controls. Business partners of ABC Healthcare such as banks, vendors, and collection agencies will continue to thrive with the integration of proper security measures without introducing significant overhead and complexity. Integrating data sharing polices can protect the information and ultimately reduce the level of access to individuals information. To tackle information security infringements, ABC healthcare business partners must concentration on the collaboration of security control with ABC Healthcare to enforce security regulations such as data encryption, data sharing and disposal policies, and educate personnel by…

    • 782 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    - Securing workstations with screen lock or logout screens before leaving the workstation to prevent unauthorized access. - Allow a password-protected screen saver with a short timeout period to ensure that workstations will be protected. - Password need to comply with the Company’s Password requirements. - Ensuring that the workstation is used for intended purposes only. - Employees need to avoid installing unauthorized software on workstations.…

    • 636 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    The security policies should outline what employees are expected of in regards to complying with the security policies and the consequences…

    • 740 Words
    • 3 Pages
    Improved Essays
  • Great Essays

    Annotated Bibliography

    • 1797 Words
    • 8 Pages

    As seen with the case in which someone has to put a password to an Email account, confidentiality is a matter that is of great concern in many scenes of life . Cybersecurity is quite applicable as a tool that offers security when it comes to transfer of data though networks and between different people in one connection. For instance, cybersecurity is a tool used to ensure that the information shared among workers within an institution, through a connection of computers and computer systems, is not accessed by people who do not belong to this organization. In many cases, people will try to enter forcefully and access such confidential information without the consent of the organization. Cybersecurity helps such organizations in installing systems where access will be denied to non-members, and allowed to members since they make use of passwords and other security mechanisms installed within the computers and the connections .…

    • 1797 Words
    • 8 Pages
    Great Essays
  • Improved Essays

    Introduction The reason for the article is to stress the importance of information security to any organization. The problem presently is that many organizations either do not have enough security or they have a lack of interest in the security measures as it pertains to their individual organization. The solution to this is that organizations must ensure they have a proper balance and remain vigilant at all times. This means remaining flexible as well as adaptable to the situation of the day.…

    • 967 Words
    • 4 Pages
    Improved Essays
  • Great Essays

    Acceptable Use Policy

    • 1212 Words
    • 5 Pages

    Any and all information that is on the system which may be sensitive in nature, must be encrypted and stored securely so there is no unauthorized access to the information. The accomplishment of this should be done in a way that does not prevent authorized users from being able to access the information. (Example Acceptable Use Policy for IT Systems,…

    • 1212 Words
    • 5 Pages
    Great Essays
  • Improved Essays

    Information security is an extremely important concept so when protecting information in an organisation there is three core principles to follow to maintain the utilization, flow and storage of data this is also known as the CIA triad these are the three main objectives of information security and they are:…

    • 1392 Words
    • 6 Pages
    Improved Essays