How to create a good information Security Policy
Order ID# 45178248544XXTG457 Plagiarism Level: 0-0.5% Writer Classification: PhD competent Style: APA/MLA/Harvard/Chicago Delivery: Minimum 3 Hours Revision: Permitted Sources: 4-6 Course Level: Masters/University College Guarantee Status: 96-99%
How to create a good information Security Policy
Information security policy is a set of rules that enacted by an organization to ensure that all user or networks of the IT structure within the organization domain are abide by prescription regarding the security of a data store digitally within the boundaries the organization stretches it authority. Information security policy govern the protection of information in which one of the many assets the organization need to protect. The objective of this organization strives to compose a working information security policy needs to have well defined objective concerning security and strategy on which management have reached an agreement. Any existing dissonances in this context may render the information security policy dysfunctional. The most important thing that a security professional should remember is that is knowing the security management practices would allow him to incorporate them into the documents he is entrusted to dreft,and it is guarantee for completeness, quality and workability. Implication of policy language is one of the things that may smooth away the differences and guarantee consensus among management staff. Consequently, ambiguous expression are to be avoided and also beware also of the correct meaning of the term or common words.
Since there is several elements of highly effective security policies and with cybercrime on the rise. One should protect a corporation information and assets. Your bible should be security policy document that outline what plan to protect. You can prepare a security document in-house or outsource the project to security consultant. The first step in any project to prepare a security policy document is to determine what elements to include in your policy. Be sure to consider all the key element your IT staff manages. These are the seven elements.
- Security Accountability that stipulates the security roles and responsibility of general users, key staff and management. Creating accountability in these employee categories helps your organization understand and manage expectations and provides a foundation for enforcing all other ancillary policies and procedures.
- Network services policies will generate for secure remote access. IP address management and configuration, router and switch security procedures, and access list stipulation. Indicate which key staff need to review changes procedure before they are implemented. For example, your security should be reviewing all proposed ACL changes before your network administrators implement the changes.
- System policies that host security configuration for all mission that have critical operation systems and servers. Include which service should be running on which network, account management policies, password management policies, messaging, database, anti-virus, host-based intrusion detention and firewall policies.
- Physical security that shows how to build the card key reader that is used to secured, where internal cameras should be installed, how visitor should be handled, and what inventory rules and regulation your shipping and receiving folks should follow. Though this might seem a bit afield of a discussion of IT security.
- Incident handling and response procedures follow the event of a security breach or incident which will include policies such as to evaluate a security a security incident.it show how the incident should be reported, how the problem should be eradicated, and what the key personnel your organization should engage in the process.
- Behavior and acceptable use policies stipulate what type of behavior is expected of employees and your management team, and what forms and documents need to be read, reviewed, and filled out and followed. Employees should be required to read and sign the acceptable use policy so that management has option to take disciplinary action in the event that the policy is violated.
- Security training define the security training plan for key staff who manage day to day security operation in order to sustain your security policy and keep your security staff current with the and configure.
Every employee needs s to understand his or her obligation to protect company data. Employee also need clear expectation about behavior when it come to the interaction with data. Your data security policy needs to be published, understandable and enforceable, and should be outline practice that help safeguard employee, customer, company and third-party business and sensitive information. As with many complex programs that deal with sophisticated product or topic, there are usually essential element that form the foundation of a plan as follows.
- Establish Password Management that establish for all employee or temporary workers who will access corporate resources. In general password complexity should be establish according to the job functions and data security requirement
Scott A. (2013)” How to create a good information Security Policy “Retrieved on 04/06/2014.
Perkins J. (2013) Information Security Policy “Retrieved 04/06/2014.
Timms N. (2014)” Secure network: How to develop an information Security Policy “Retrieved on 04/06/2014