14 Jun Management Information Security
nformation security policy is very important for any organization. Every organization is faced by risks that may lead to data loss or unauthorized access to company’s data causing problems. An effective security policy involves prevention, detection, and response in case a security breach occurs. The main aim of a security policy is not eliminating the threats but doing away with the know threats and minimizing losses that would result in case of intrusion.
Source of resources for the Information security policy
The resources for building an information security policy are people, finances, and information resources which can be sourced internally and externally. Information resources will be provided by the organization. They include computers and storage devices. People include the Information security manager who is to oversee the implementation of the policy (Karyda, Kiountouzis & Kokolakis, 2005). This will be me and we probably can get another person for assistance. Thirdly is the internet service provider who will be sourced from outside. This will not be part of the organization; he/she will remain a third party. The organization will also provide the financial resources need for the policy.
Important Items in the Information security policy
The most important items that I would include in the new policy is classification of data and Authority and Access control policy.
Classification of data
Data in any organization have different value. For this reason, there may be the need for separation and each kind may require special handling. I would therefore include an information classification system to help in data protection which is very important. Protecting all the data include insensitive one may overburden the organization’s resources. There is therefore the need to classify data in high risk, confidential and public class (Wood & Lineman, 2009). High risks data is that which is even protected by the law including personnel, financial and payroll data. Confidential data is that which is not included in the law, but data owners find it necessary to protect it against unauthorized access. Finally, public data is that which is that which can be distributed and accessed freely. Classifying this data is necessary to avoid overburdening the resources and at the same time maintain data confidentiality and integrity.
Authority and Access control policy
It is very important to define who should access what data and who should not access it. The information security policy should specify this clearly. The management should access all the data, but the middle and low-level staff should be bound not to access some data or even share. The senior level managers should be given the role of giving other staff the permission to access and share any information (Sandhu & Samarati, 1994). The information security policy should address every position in the organization and their authoritative status.
References
Karyda, M., Kiountouzis, E., & Kokolakis, S. (2005). Information systems security policies: a contextual perspective. Computers & Security, 24(3), 246-260
Sandhu, R. S., & Samarati, P. (1994). Access control: principle and practice. IEEE communications magazine, 32(9), 40-48.
Wood, C. C., & Lineman, D. (2009). Information Security Policies Made Easy Version 11. Information Shield, Inc.
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Writedemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.