Curriculum Development Related to Information Security Policies and Procedures - Case Study Example

For providing improved functionality for the organization, policies and procedures must be defined. They play a vital role for an organization’s smooth functioning. In order to implement policies and procedures, group discussions are required for constructing and implementing them in a real world scenario. The first requirement is to differentiate both of them. A security policy comprises in the form of a document or rules that specify the statement ‘What must be done’ in order to assure security measures in the system or the network.

Whereas, procedures are associated with the rules and practices that are implemented in order to impose the rule. For instance, in a network security scenario, where there is a requirement for preventing the wireless network, anonymous access must be blocked. Likewise, the security policy document will define ‘What needs to be done’ to block anonymous access for a wireless network. Whereas, the procedures will define the practices and rules that needs to be followed in order to block the anonymous access ("Curriculum development related to information security policies and procedures ").

After differentiating both the security policies and procedures, these two are associated with development and administration in an organization. The term security in terms of development and administration is more like a management issue rather than a technical issue in an organization. The justification is to utilize and classify employees of an organization efficiently. Moreover, from the management perspective, discussions take place for describing various vulnerabilities and threats along with the creation of policies and procedures that may contribute for the achievement of organization goals.

After the discussions and alignment of policies and procedures to contribute for organization’s success, the development process is initiated at a high level, and afterwards implemented at lower levels within an organization. The conclusion reflects the development of policies and procedures, requirement of an approval from concerned personnel and then implementing them smoothly for the employees ("Curriculum development related to information security policies and procedures "). On the other hand, initiation of these security policies is easy and not expensive, but the implementation is the most difficult aspect.

If the development and administration do not comply effectively, or fails to establish awareness between employees related to the policies and procedures, the disadvantages may affect inadequately for the organization. For instance, an attack from a social engineering website such as ‘Facebook’, ‘twitter’, or ‘MySpace’ may extract sensitive information from senior or trusted employees of an organization. If the policies and procedures were understood or implemented properly, employees will be well aware of not providing any credentials or they will verify authorization before providing information on the sites.

Moreover, privacy and trust is a debatable topic that is also referred as identity theft. A good definition of identity theft is available in network dictionary that states as, “Identity theft is a crime in which an imposter obtains key pieces of personal information, such as Social Security or driver’s license numbers, in order to impersonate someone else. The information can be used to obtain credit, merchandise, and services in the name of the victim, or to provide the thief with false credentials”.

Many organizations have suffered security breaches initiated from a social networking site. There is a requirement for creating awareness between employees by developing policies and procedures related to the attacks associated with social engineering sites along with coping up these attacks. There is a requirement of identifying critical information systems within the organization. All the users must be