Law and Policy - Case Study Example

Information security in an organization involves ensuring that only people with rights to read, change, broadcast and use it have access to it. Different organizations have their own policies which guide the implementation of any new system. Policies in an organization need employees to comply with them. Policies describe the rules and procedures for organization employ to comply with (Kiefer, Wu, Wilson & Sabett 2004). The need for information security is to primarily protect information from any unauthorized party.

Several threats can pose to make information insecure. There is a need to ensure information is secure while ensuring that the policies and legal guidelines of the organization and the surrounding environment are adhered with (Kiefer, Wu, Wilson & Sabett 2004). Government and organizational policies dictate the implementation of an information security system. The government policies are determined and issued to organizations depending on the type or kind of governing environment within the organization’s operation.

The government can be federal, state, local or tribal. The on the type of the business industry, the government policies act as a framework for organizations’ administration or management to comply with in order to secure information and information systems (Straub, Goodman & Baskerville 2008). The need for government policies is to control and regulate the relevant market in order to avoid conflicts which might arise among the industry players. The government policies give a procedure and guidelines for organizational governments to follow when implementing information security systems.

Organization policies are devised by the organization as a guideline when implementing a new system. The policies are devised to ensure that laws, regulations and policies are complied to. The policies provide a framework for relevant restrictions and privileges for use of information for every employ. The organization policies strive to ensure that people and information are protected (Straub, Goodman & Baskerville 2008). This is normally accomplished by setting the rules for access of information for each and every employee use of information (Straub, Goodman & Baskerville 2008).

Organizational policies assists the organization in complying with governmental policies in order to avoid violation of the latter’s policies. The policies include the rules which control the actions of information users and management. The policies include authorization privileges for use of information, need for probe, monitoring and investigation on the use of information. The policies also include information infringement consequences, the information security baseline position by the organization.

The policies restrict users from accessing what they are not supposed to in order to reduce risk and tampering of information (Straub, Goodman & Baskerville 2008). Organizations need information security policies in order to eradicate or minimize any looming risks associated with the use of information. The eminent risks can be unauthorized access to organization information either internally or externally. The policies set the laws required before the use of any information or implementation of