Information Security Policy

1257 Words 6 Pages
Information security policy refers to measures taken by a company in an attempt to control the behavior of the labor force. The policy ensures that no inappropriate activities take place within the working environment. As part of the rules that the policy has to abide by is the compliance with the laws and regulation and the ability to create defense in the court (Peltier, 2016). The management must support and administer the policy in a suitable manner. It is imperative to tailor the policy as a way of meeting the needs of the company. Responsibility sharing is one factor that the management of an organization should take into account to ensure effective use of the data systems.
An information security policy goes a long way in reducing risks
…show more content…
The enterprise information security program policy determines the direction and scope of a company’s security measures (Johnson, 2014). The policy acts as a point of reference when developing, implementing and maintaining the security systems. Furthermore, the security program assigns duties to a number of areas associated with information security.
Policy documents ought to give an overview of the company’s philosophy with regard to security. Given that the firm has to evaluate the need for information security, it becomes easy to establish control that will reduce security. According to Peltier (2016), information will also include the organization of the security system and the roles that various individuals will play. Determining the responsibility that members will execute and the ones which the departments are responsible facilitates coordination and therefore makes the policy effective.
Issue Specific Security
…show more content…
The policy is for safeguarding the firewall as it is detrimental to the efficiency of an organization’s operations. Peltier argued security elements of the policy are protocols as well as software and hardware components (2016). The information technology is important as it prevents the penetration of the company systems thereby preventing the manipulation of data. All individuals are responsible for preventing system threats by not sharing passwords.
Information technology experts should install antivirus software that will detect threats to the system. Supervisors should conduct network monitoring to identify areas of risk. Security officers should ensure that only people with approval access the control room. Once the management approves the mechanism of putting a firewall in place, implementation through the use of security codes and key cards for high level authorized personnel (Johnson, 2014). Workers will get training on ways of using the system and detecting threat to ensure that there is no loop hole for data manipulation. In terms of maintenance, the company will update the system; antivirus software’s and change passwords regularly as a way of improving the control

Related Documents