Information security policy refers to the practice of protecting valuable information and data from unauthorized individuals or corporations who wish to disclose, disrupt or destroy the reputation of the company. Information security is vital to a company since it stores most of its information in large servers, which have the capacity of storing large amounts of data. These servers are if left unprotected, can be targeted by hackers, or rival companies whose aim is to cripple the organization (Kenneth & Claudia, 2014). This form of storage is called electronic data while physical data is the data stored in files and folders. No data is safe unless it is properly protected from both inside and outside influences. The essay shall explore the various measures a company can take to safeguard its information theft and other elements.
Information security is divided into two main categories. They include information assurance, which means that, in case of theft, software malfunction, or natural disasters, there should be an external backup put in place to replace the data. An example of an offsite backup is an external hard disk. IT (information security) is also referred to as computer security. This means protecting any piece of technology with the capacity of storing information. Because in most companies, there are information security specialists whose main work is to safeguard the data and internal systems from any hacking or any other form of cyber attacks.
There are several reasons that would motivate an individual to steal information from the company. They include revenge for dismissal. Employees might feel that they were wrongfully dismissed and may decide to gain revenge against the organization by stealing valuable information and giving it to rival companies. This would be a tragic move, but it mostly depends on if the information was valuable to the other company. Corporate espionage is whereby rival employees infiltrate company to steal its secrets and valuable information for personal gains. Extremist groups or activist groups who question the motives and objectives of a company may target it especially if those objectives violate the environment, religion or culture.
Rival companies usually steal information from other companies to gain a competitive edge. For example if a company announced a new and innovative new product that has not yet been introduced into the market, other companies will try to obtain information while other companies will want to keep the product for themselves. The existence of policies and standards in the maintaining of security systems are vital to the company`s ability of storing large amounts of data. There are several policies and standard that helps an organization safeguard their data and information. They include access control, which usually develops controls and puts in measures for business requirements. It also enhances application access control, network access control and information access control. Security policies main objective is to provide information security direction and support for the management with its business requirements, laws and regulations
Asset management is the policy that enables the achievement, maintenance and security of the company`s assets. It also ensures that every bit of information receives an appropriate level of protection. The organization of information security refers to how information security is managed within the company. This means maintaining the company`s information processing facilities. For example, the organization`s servers. The human resource security policy ensures that employees, and all the company`s associates understand their roles and responsibilities within or outside the organization. It also ensures that employees are conscious of the security threats and how best to respond to them. It also ensures that the passwords are changed in case an employee leaves or changes employment. This action is necessary to avoid any breaches in the company or its networks.
The communications and operations management policy develops and controls the operational procedures. It also overlooks the management of e-commerce services, information exchange, malware back up and protection and service delivery. The physical and environment security policy is put in place to avoid any unauthorized physical access and prevent any interference within the company`s premises. This policy also prevents any form of loss, damage and theft of the organization`s property. The information systems and acquisition policy helps develop controls to create correct processing applications, cryptographic functions and system file securities. It also supports processing security and manages the vulnerability of management systems.
The Business continuity management policy enables the system to neutralize any interruptions caused by system failures that may affect business processes. It ensures the smooth running of the company`s affairs. The compliance policy ensures that no breaches concerning any regulatory, statutory or contractual laws occur. It also ensures the effectiveness of systems and their compliance with organizational security policies. It also makes sure that there is minimal intrusion from the Information systems thus leading to maximization of the audit process (Chen, Ramamurthy & Wei, 2013). Employees play a vital role within the organization since they are the ones who operate and implement these policies. Therefore, it is imperative that all employees know their roles and practice discretion whenever and wherever they are. Employees, suppliers and any other individuals who transact any business with the organization should be educated on the security protocols. They should be issued with employees identity cards and visitor passes to ensure all the individuals within the company can be identified in case of any events.
In very organization, there are different levels of security. This coincides with the different levels of management. Each level of management or department has its own security protocol that is controlled by the company`s security system. Each level has a distinct code embedded in their employee cards that allow them to enter any department within the organization. The security system reads and recognizes the code and authorizes the act. The highest level of security clearance is the company`s top management. It includes the Chief Executive Officer, his deputy and the heads of the various departments within the organization. The middle management comes next and it consists of managers, supervisors, and team leaders. Their security level is restricted to their respective departments. In case they wish to proceed to see the top management, they need to request for clearance. Employees come next and they comprise of messengers, clerks, cooks and security guards. Although they do have security clearance, they are restricted within their working quarters and need higher clearance if they wish to see the top management. Visitors need security clearance passes in order to gain access into the company`s premises. They also have to state the nature of their visit whether its business or pleasure. In whichever case they need to have made an appointment earlier and the details entered into the system
Some of the efforts that an organization can conduct to improve on its information security include, improving the software on which the security system runs. Inspecting the firewalls, this protects the system from hackers and outside influences. All these efforts are important for an organization since they help the organization`s security policy function without a glitch. Therefore, an organization needs to ask itself if it needs information security policies. A company`s worth is its information. Therefore, if the information were to be lost or even worse stolen, it means the company would crumble or use millions of dollars to retrieve it (Sommestad et al, 2014).
In conclusion, I would urge companies to safeguard their information and data. It is paramount and precautions must be taken to ensure the data is safe from both internal and external elements. An organization to ask itself the 5ws, which are the five questions regarding information security. They include, what information security is. Why is it needed? Who is responsible for it, when is the right time to address it and where information security applies. When an organization can answer all these questions, then it can be rest assured that its information and data are safe.
- Chen, Y., Ramamurthy, R., & Wei Wen, K. (2013). Organizations’ Information Security Policy
Compliance: Stick or Carrot Approach? Journal of Management Information Systems
Winter 2012–13, Vol. 29, No. 3, pp. 157–188
Kenneth, K. J & Claudia F, J. (2014). Policy Awareness, Enforcement, and Maintenance:
Critical To Information Security Effectiveness In Organizations. Report Information from Proquest.
Sommestad, T., Hallberg, J., Lundholm, K and Bengtsson, J.(2014). Variables influencing information security policy compliance. Information Management & Computer Security Vol. 22 No. 1, 2014 pp. 42-7
Whitman, M. E., & Mattord, H. J. (2012) Principles of information security Boston, MA: Course Technology. Book
Fugini, M., & Bellettini, C. (2009). Information security policies and actions in modern integrated systems. Hershey, PA: Idea Group Pub. Book
Rainer, R. K., & Cegielski, C. G. (2011). Introduction to information systems. Hoboken, N.J: Wiley. Book