Policies and Procedures Organizations Should Implement to Protect Themselves - Essay Example

? Policies and Procedures That Organizations Should Implement to Protect Themselves Introduction Information about an organization and its operations provides one of the most important success factors for any firm. Private and confidential information, for instance, information about a production procedure, can be a source of competitive advantage for a company over its rivals in the market. As such, organizations need to protect their confidential information from unauthorized people, within and outside the organization. Organizations usually place great accountability and trust in their security professionals to protect their confidential information. Professional ethics plays crucial role in helping information security professional to execute their duty. However, to ensure maximum information security, organizations need to institute relevant legislations to guard against information security breach. This paper explores policies and procedure that organizations should implement to secure their confidential information. It is crucial that security forms an integral part of organizational culture. Protecting the firm from possible information security breach should be a major focus of the company’s operational process. To achieve this, security policies or e-policies provide the fundamental framework for an organization to beef security over its crucial information. Security policies are regulations that outline how organizational information are supposed to be used in executing daily organizational tasks and also dictate who is authorized to access what information. What Are Security Policies or e-policies? A security policy can be referred to as a document that gives guidelines on how an organization intends to protect its physical as well as information technology assets. According to Ciampa (2010), a security policy refers to “a document that outlines the protections that should be enacted to ensure the organization’s assets face minimal risks.”An organization’s security policy is usually referred to as a living document because it is continuously upgraded to meet emerging organizational challenges in the face of organizational change and evolving employee requirements. The security policy of an organization usually reflects on policy implementation requirements and possible corrections in case loopholes are detected (Ciampa, 2010). Recommended Information Security Policies for Organizations Control over Access to Computer Rooms In order to ensure high level security for crucial organizational information, computer rooms should be kept under lock and key at all times. Computer rooms should have doors fitted strongly and manned by security officers at all times. In addition to locking computer rooms, there should be security officers deployed to man the doors to main information areas. Only authorized personnel should access such rooms through user authentication process. Use of Passwords and Authentication Procedures The organization should have documented guidelines to control access over its crucial information areas. All computers in the organization should have passwords in relation to security demands. These guidelines need to be assessed on regular intervals. The guidelines should have password requirement and control the storage of such passwords. All users of information accessing information system of the company must be authenticated. Individuals who are authorized to access company information should have unique blend of usernames and passwords to bar unauthorized personnel or external intruders from gaining easy access to the organization’s private information. Information users are held responsible for the usage of their passwords and usernames, which they should keep secret unless called upon by the chief security officer to disclose such passwords and usernames. Data Encryption Policy The second policy that an organization can establish to protect its valuable information is data encryption. In recent times, there have been numerous data security violations. Loss of important information of an organization can lead to monetary loss as well as deterioration in reputation. As such, it is crucial to protect data at rest as well as those in flight. According to Panek and Wentworth (2010), data encryption refers to “translating data into code that is not easily accessible to users” except for the data owner. Stored data (data at rest) in storage media like disks or tape can be secured through data encryption techniques. Data encryption guard against reading or editing of stored data unless one uses the right decryption key. Algorithms utilized in encryption ensure that no person can access stored data without keying in the correct access code. Data in flight can also be protected from tapping by hackers through encryption at the source or storage network. For data encryption to be effective there must be effective management of decryption key by the users of the protected information (Panek & Wentworth, 2010). How Security Policies Should Be Implemented In Organizations The initial step in protection and enforcement is policy development (Whitman & Mattord, 2012). An organization should focus on identifying and securing information technology resources that are most crucial to the business. This can be done by engaging employees at all levels in order to determine their security needs. After policy development, the organization should then establish and implement a mechanism of reporting information security breaches. The employees of the organization should be encouraged to openly report any violation of security policies to relevant authority. Thirdly, the organization should make it clear in its policies the websites that can be accessed by employees and those that are prohibited. Employees should be made aware of what the company expects from them as they use internet at work. Fourth, the organization should update its security policy regularly to ensure it is relevant and serves the emerging needs of all employees. Lastly, ensure that the policies created are in line with relevant industry laws as well as other corporate policies (Whitman & Mattord, 2012). Conclusion Confidential information about organizations remains crucial competitive tool and must be protected from unauthorized access. In recent times where advance in technology has resulted into numerous information security breaches, every organization needs to have in place some information security policies to safeguard their valuable information. There are critical information about organizations that can cause financial and reputation loss if accessed by unauthorized people and hence must be secured. Organizations can protect their valuable information by controlling access to data, instituting measures to regulate access to physical assets such as computers and encrypting data, both at rest and in flight among other security policy measures. Unless documented and effectively disseminated, employees will remain oblivious to security policies requirements and their role in protecting organizational information. A security policy is crucial for the organization because it minimizes the chances of security violations and loss of data. It facilitates application of best computing and data management practices by employees, thus reducing the likelihood of losing vital organizational information. References Ciampa, M.D. (2010). Security awareness: applying practical security in your world, 3rd Ed. Boston, MA: Cengage Learning. Panek, W. & Wentworth, T. (2010). Mastering Microsoft Windows 7 administration. Indianapolis, Ind.: Wiley Pub. Whitman, M.E. & Mattord, H.J. (2012). Principles of information security, 4th Ed. Boston, MA: Course Technology. Read More