StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Importance of Information Security Policy - Coursework Example

Cite this document
Summary
This coursework "Importance of Information Security Policy" focuses on Information security policy that ensures the credibility of information by safeguarding it from unauthorized infiltration. The importance of information security policy is essential to all business models. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.6% of users find it useful
Importance of Information Security Policy
Read Text Preview

Extract of sample "Importance of Information Security Policy"

Importance of Information Security Policy Affiliation Importance of Information Security Policy Information security policyensures the credibility of information by safeguarding it from unauthorized infiltration. In today’s high technological world, the importance of information security policy is essential to all business models. Information security policy offer essential support to security professionals who endeavor to minimize the risk profile of an organization and fend off threats, both internal and external. Today’s technological advancements have seen organizations and businesses invest heavily in on-site and off-site storage on data and information. This is a businesses’ intellectual property. This intellectual property, must, however, be accessed by the employees and be transmitted throughout the organization using different mediums. Therefore, safeguarding the access and transmittal of the intellectual property is of paramount importance, hence, the need for a comprehensive information security policy. Information security policy is a compilation of guidelines, procedures and processes, which ensure safety of information in a business or an organization. It aims at helping an organization safeguard its intellectual property from unauthorized access, inspection modification, perusal, use, disclosure, disruption, recording or destruction. It involves all collective activities that protect data, information and information systems. The policy should also include the security of the employees and all stakeholders involved in the organizations. An efficient security policy is an essential pillar of a proper security practice. The trouble, however, is that very few organizations invest ample time to create decent policies; instead they settle for sample policies from the web or borrow from a performing organization’s policy. The result is a security mess that often leaves the organization open to unpredicted security risks. A comprehensive policy, however, should cover all security concerns, from the user and the responsibilities thereof, to the actual information and all the standard security issues. Workman, Phelps, & Gathegi (2013), view the primary role of managers as far as security goes, as providing well-defined procedures of identifying and managing security risks. According to Workman et al.’s (2013) view, security is a behavioral issue. Therefore, a security manager’s aim is the mitigation of risk exposure by employing threat identification procedures, asset appraisal and control, as well as a reduction of losses associated with threats. A manager will, therefore, have to, “survey and classify assets, conduct security reviews perform risk analysis, evaluate and select information security technologies, perform cost/benefit analysis and test security effectiveness” (Workman, et al., 2013, p. 101). These are all factors that should be factored when developing an effective information security policy document. It not only ensures security of information, but also enhances its access and dissemination thereof. Information is useless if not disseminated to the right person at the right time. Therefore, an effective information security policy must bear guidelines on secure information dissemination channels within an organization. Effective dissemination and flow of information is vital to an organizations overall goal achievement. Layton (2007) poses the question whether the information security policy supports the business objectives of the organization. He supports the idea that the information security policy document should not be a restricted circulation document, but rather, be made available to all employees and users. According to him, the information security policy document should also be availed to external third parties of the organization’s security systems. Grama (2011), supporting this idea, argues that communicating the policy to all employees is fundamental in assisting them find resources and effectively follow the policy. This will ensure that all stakeholders are privy to the overall security objectives of the organization. The center of every organization is its intellectual property (Kim & Solomon, 2012). Every business enterprise takes pride in having robust R&D. This ensures enterprise, continuity and growth of the business. This, in turn, means the organization gathers and stores lots of research data and information. This huge amount of data may be comprised, damaged or even lost to any nature of security risk. The risks include acts of malicious sabotage, theft, terrorism and even natural disasters (Richardson & Charles, 2013). An effective information policy, therefore, outlines effective measures of data backup and recovery. If an organization is unable to curb the problem of data loss, then the critical role of research and development would then become futile while the massive research gains goes to absolute waste. This will harm the business in the long run. Many consumers and even employees would be deterred from engaging an organization with compromised security information practices. Therefore, in light of these challenges, developing and maintaining a water-tight and effective security policy ensures and organization of trust, effectiveness in operations, outstanding reputation and success. The security and efficiency of the data within any organization rests solely on the organization’s security policy. This security also affects the handling of third party personal information. In most cases, this information is non-public. Therefore, the trust issue, also reffered to as fiduciary duty, becomes a concern. The handling of this non-public personal information is to be executed in accordance to a strict set of federal, state and organizational regulations. The overall aim of the security policy is to help the management achieve its fiduciary duty, by providing a safe and secure atmosphere (Peltier, 2013). Adherence to these regulations is fundamental in ensuring better relationship between an organization and its clients. In many cases, inability to adhere to these regulations and rules have left many organizations grappling with massive costs arising from claims of breach of the fiduciary duty. Many of these claims arise from clients whose personal details have been unlawfully accessed by third parties. An effective information security policy should boost employee efficiency in an organization. Total security can lead to non-productivity. Therefore, the policy document should be flexible enough to ensure productivity while remaining effective to mitigate security (Vacca, 2013). An effective information security policy is a high-level document that intricately guides all stakeholders, from the top management, the information system custodians, the system administrators and finally the end users. It achieves this important role without, clearly stating the role of each party. An effective information security policy enhances the efficiency and productivity of an employee. The ensuing practices will eventually boost the efficiency of an organization. According to Johnson (2011), well-defined security policies, reflecting the overall reasonable organization’s expectation, are key to employee efficiency. In cases where reduced practicality characterises a security policy, then its upon the management to lower the security policy, but in the context of the business or organization in question (Garzia, 2013). However, the effectiveness of a security policy can be deterred or enhanced, by the way, it is development as well as its implementation. Therefore, an information security policy document should not be restrictive to creativity and innovation. A major hindrance in the effectiveness of a security policy is its medium of dissemination to the involved parties. If a security policy document employs management terminology and technical jargon, instead of a practical reading level, chances are the employee will not understand and will treat the whole policy with indifference. Complex security jargons in a policy document are major hindrances in its effective implementation. As later portrayed, many employees view security details as a waste of time, particularly when the language hinders comprehension. Language, therefore, can be a huge barrier to a policy’s implementation. However, the standards and processes, which emanate from a policy framework, create room for more enterprise and innovation. This is essential in providing actual guidance in a precise manner. An information security policy will not be effective as we have seen earlier if it is not fully understood and implemented in an organization. The effectiveness of the policy, therefore, is dependent on the organization’s personnel participation in the information security activities. They should also be willing to comply with security procedures and policies (Herold, 2010). In a situation where an employee explicitly refuses to comply with policy, the organization should have, incorporated into the employment contract, a framework that calls for the termination of such. Refusing to adhere to policy should be treated as refusal to work. This should amount to grounds for termination, unless, the security policy document does not put the safety interest of the involved parties first. Several measures can, therefore, be viewed as essential to the effective implementation of an information security policy. These measures not only involve the employees, they include third parties such as contractors and consultants. Herold (2010) suggests employee motivation through appraisal and responsibilities. She suggests the inclusion of security assignments to the job description of an employee. This, she insists, not only avoids endangering assets, but also serves to protect the employee, while ensuring adherence to policy. This also creates room for employee accountability for the organization’s information assets. She further suggests that an initial commitment to the security and privacy policy of the organization during employment, and consequently on an annual basis, will ensure that third parties and personnel have exhaustively reviewed the policies and that take responsibility thereof. The incorporation of information security into the job descriptions of employees will enhance motivation and accountability. The personnel will also desire to learn and follow the security and privacy requirements as outlined in the information policy document. All employees and third parties such as consultants and contractors should be made accountable for compliance with security as well as adequate use of policies. This should be aimed at enhancing the protection of the organization’s information as well as its assets. Herold (2010), directs, “job descriptions for security personnel should detail the systems and processes they will protect and control processes for which they are responsible” (p. 41). Layton (2007) considers involvement of management as essential in all levels of a security policy control. Management is essential if the policy control is to be effective. In many instances, organizations often fail to recognize the need to senior management support. Management, however, should not be considered only for the funding support, but for the entire process. This serves as a challenge to the junior staff to take part in the policy implementation process. This should not be viewed as a one-time effort, but rather a continual process. This will ensure appropriate update and review of policies. The effectiveness and applicability of an information security policy should be tested against a matrix of qualifying events, arising from continual monitoring, evaluation and updating. The management should also establish, support and sustain a rewards and penalties program on security and privacy. Where such a measure applies at all levels, risk levels are addressed appropriately favouring business growth. Whereas one cannot eliminate all the risks involved in securing information, proper security and privacy policies are paramount in ensuring applicable regulatory and legal requirements are addressed fully. This not only ensures protection of security assets, but guarantees the privacy of confidential information. All these, however, should be implemented on a scale that ensures that the measures employed are not costly than the risks (Herold, 2010). Grama (2010), views security awareness training as essential, since employees play a major role in the attainment of the organization’s security objectives. She, however, also points out that many employees view security training as a waste of time. In light of this, therefore, using a simple program that appraises results through a consistent and general scale of performance, will challenge the employees to change their perception towards security policy (Herold, 2010). Since the policy is addressing risks facing information, it should also entail a structure for risk assessment and management (Layton, 2007). According to Layton (2007), the information security policy should also reference other policies and standards and control procedures as appropriate. The setting up and updating of security features should be catered for in the security policy. These security features consist of anti-virus application on local computers and servers, backup of crucial data and information and securing them offsite in secure virtual servers, ensuring data, information and business dealings as well as preparing the user fraternity on their responsibilities in the managing of information. These features can be high landmarks in ensuring the overall organizational effectiveness. Whereas no information system can be watertight in matters of security, appropriate policies are a proven strategy that ensures swiftness and efficiency in recovering from faults and improves the general productivity of an organization. In conclusion, information technology and network systems have influenced all aspects of life today. Each one is dependent on technology in one way or the other. People use technology and information stored by an organization, on a varied array of systems, for familiarization and educational purposes. Uses of information vary from communication through a simple phone call, to intricate transaction such as financial dealings in virtual online money markets. Access and delivery of services can not be left out of this group. Given all of the merits above, it becomes paramount to preserve the integrity of information. As stated earlier, information security policies ensure the credibility of information by safeguarding it from infiltration. Compromised information leaves an organization reeling from expensive liabilities and operational costs. Therefore, information security experts recognize the crucial role of ensuring mitigation of this risk. A comprehensive policy will also ensure proper outlining of information backup and recovery plans. This will guarantee business continuity in the occurrence of an unprecedented security breach. Information security policies also help an organization adhere to government laws and regulations, as well as internal security procedures in a bid to protect vital assets, as well as infrastructure. A comprehensive information security policy will help maintain a standard level of information confidentiality, reliability and accessibility. These, in turn, will ensure an organization remains competent in its processes. The organization will also achieve general success in its operations. References Garzia, F. (2013). Handbook of Communications Security. WIT Press. Grama, J. L. (2011). Legal issues in information security. Jones & Bartlett Learning. Herold, R. (2010). Managing Information Security and Privacy Awareness and Training Program (2nd ed.). CRC Press. Johnson, R. (2011). Security policies and implementation issues. Jones & Bartlett Learning. Kim, D., & Solomon, M. (2012). Fundamentals of information systems security. Jones & Bartlett Learning. Layton, T. P. (2007). Information security: design, implementation, measurement, and compliance. Auerbach Publications. Peltier, T. R. (2013). Information Security Fundamentals (2nd ed.). CRC Press. Richardson, T., & Charles, T. (2013). Secure software design. Jones & Bartlett Learning. Vacca, J. R. (2013). COMPUTER & INFORMATION SECURITY HANDBOOK (2nd ed.). Morgan Kaufmann Publishers. Workman, M., Phelps, D. C., & Gathegi, J. N. (2013). Information Security for Managers. Burlington, MA: Jones &Bartlett Learning. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Importance of Information Security Policy Coursework Example | Topics and Well Written Essays - 2250 words, n.d.)
Importance of Information Security Policy Coursework Example | Topics and Well Written Essays - 2250 words. https://studentshare.org/information-technology/1807903-information-security-policy-research-paper
(Importance of Information Security Policy Coursework Example | Topics and Well Written Essays - 2250 Words)
Importance of Information Security Policy Coursework Example | Topics and Well Written Essays - 2250 Words. https://studentshare.org/information-technology/1807903-information-security-policy-research-paper.
“Importance of Information Security Policy Coursework Example | Topics and Well Written Essays - 2250 Words”. https://studentshare.org/information-technology/1807903-information-security-policy-research-paper.
  • Cited: 0 times

CHECK THESE SAMPLES OF Importance of Information Security Policy

Information Security Planning

To provide a safe and working repository of information, it is essential that the company has a well-planned security policy in place.... This would bring about periodic security audits and would also ensure that there is a clear security policy in line with the objectives of the company.... The essay “information security Planning” focuses on information security, which is about taking care of business continuity which involves media backup operation, monitoring of incidents, classifying information and suitably providing access to this information to members of the company....
2 Pages (500 words) Essay

Scenario Neighbourhood Dispute

Q1 What are the national guidelines and legislation that govern the gathering, use and dissemination of information in terms of Equality, Diversity and Human Rights and the requirement for health and Safety?... Q3 How is information and the sources of information graded?... xplain the process of information gradingInformation is graded based on; The sources Reliability: which is the index of the consistent quality of the source reporting the information: Determining factors will be credibility of source, accessibility and reliance....
1 Pages (250 words) Essay

Create a Security Policy

This is a security policy that responds to the financial services of McBride Company by following the loan department and the development of the online loan application (OLA) processes.... This will security policy for McBride Financial Services al Affiliation security policy for McBride Financial Services This is a security policy that responds to the financial services of McBride Company by following the loan department and the development of the online loan application (OLA) processes....
2 Pages (500 words) Essay

Create a Security Policy

When dealing with finances, whether receiving money or preparing loans for the clients, every firm ought to have a security policy which enables it to serve its verify client's details then go ahead and serve them with their services. Some of the information that will have to… Financial statements that show that the client is able to service the loan is very important considering that this is a business operation.... McBride should not take chances with the fact that in the security policy When dealing with finances, whether receiving money or preparing loans for the every firm ought to have a security policy which enables it to serve its verify client's details then go ahead and serve them with their services....
2 Pages (500 words) Essay

Information Policy: Information Privacy and Security

Perhaps the need for Information Policy Information Privacy and Security information security and Privacy is of importance to me because it has augmented in the last few decades due to the explosion of IT.... My concern challenges the government to give valuable insights into the problem of managing information security instead of embracing a legislative approach.... Companies require assistance in creating information security platforms in their entire networks....
1 Pages (250 words) Essay

The Role of Information Security Policy

The author of "The Role of information security policy" paper explores the various measures a company can take to safeguard its information theft and other elements.... hellip; information security is vital to a company since it stores most of its information in large servers, which have the capacity of storing large amounts of data.... information security is divided into two main categories.... IT (information security) is also referred to as computer security....
5 Pages (1250 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us