The Role of Information Security Policy - 1107 Words

The Role of Information Security Policy The Role of Information Security Policy The failure of organizations to implement a comprehensive and robust information security program can mean the untimely demise for some and costly setbacks for others. At the heart of information security is security policy. Without security policy there can be no security program. Without people, security policies would not exist. They would not be written, implemented, and enforced. Security policies and the adoption of standards provide many benefits as shall be discussed in this paper. Further is discussed how information in systems often falls under different classifications to reflect a degree of sensitivity and how this relates to an†¦show more content†¦In the eyes of customers, failure to protect their information is a violation of trust. Responsible parties will have their reputations diminished and be held accountable for damages or loss. A kind of benchmarking is following the recommended practices of other organizations or industry standards (Conklin et al, 2012† Security Management Models†). In this way organizations can adopt practices that are already proven to work. Federal regulations give the push some organizations need to implement and maintain adequate information security control levels. Mandatory audits help keep these organizations â€Å"honest† and in compliance. 2.0 The Role of Employees in Policy Security policy comes down from the top. The enterprise information security policy (EISP) is a high-level document â€Å"drafted by the chief information security officer (CISO) in consultation with the chief information officer (CIO) and other executives† (Conklin et al, 2012, â€Å"Information Security Policy†). Security information policy, however, has an effect on everyone in the organization. Policies have to be uniformly applied to be effective. If management fails to support policy, the policy is typically ignored. Employees often try to circumvent policy. People are generally resistant to rules and regulations that tell them what to do. The role of security education, training and awareness (SETA) is importantShow MoreRelatedThe Role of Information Security Policy Essay894 Words   |  4 PagesImplementation of policies and standards within an organization are important to maintain information systems security. Emplo yees within an organization play a huge role in the effort to create, execute, and enforce a security policy. Every business requires a different strategy and approach to its security policy, depending on their size and nature of business. Security Policies An organizations security policy describes the companys management intent to control the behavior of their employeesRead MoreUnit 5 Assignment 11371 Words   |  6 PagesObjective †¢ Human resources policies and practices should reduce the human risk factors in information technology (IT) security and information access controls. Decrease the risk of theft, fraud or misuse of information facilities by employees, contractors and third-party users. Scope †¢ the organization’s human resources policies, taken as a whole, should extend to all the persons within and external to the organization that do (or may) use information or information processing facilities.   ThisRead MorePrevention And Training Program Of The Memphis Va Medical Center1090 Words   |  5 Pagesestablishes policy and responsibilities for the Awareness and Training of the MVAMC information and information systems contained at this facility. The Awareness and Training program of the Memphis VA Medical Center (MVAMC) is designed to protect all Information Technology (IT), systems, information, and telecommunications resources from unauthorized access, disclosure, modification, destruction, or misuse. The MVAMC complies with VA Directive 6500, Managing Information Security Risk: VA Information SecurityRead MoreInformation Security Awareness Programs : An Integral Part Of Security Management871 Words   |  4 Pagescompany’s information se curity is not a shortcoming in the technical control environment, rather it is their employees’ inaction or action that leads to security incidents (PCI, 2014). For instance, information disclosure leading to social engineering attack, access to sensitive information unrelated to the employee’s role, not reporting unusual activity are some of the scenarios that could result in compromise of an organization’s information security and privacy. Information security awarenessRead MoreIntroduction. There Are Many Factors To Consider In The1176 Words   |  5 Pagesan environmental and physical security policy. Many may believe that these two components are mutually exclusive; however, there should be careful consideration as to whether or not include the two components as one singular policy, with sections that represent each. As one would expect, the physical aspects of the policy govern physical access to facilities, as well as to information technology resources. The environmental aspects of the policy govern the information technology resources, and thereRead MoreInformation Security And Training And Awareness1215 Words   |  5 PagesInformation Security Role of training and awareness Why training is important? Information security is an exercise for protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Building an Information Security Management System (IS MS) within an organization would be incomplete unless ongoing training and awareness of systems is present, which is essential to embed the principles of IS MS withinRead Morecgmt 400 week 3 individual securing and protecting information1490 Words   |  6 Pagesï » ¿ Securing and Protecting Information Michael Anthony Horton University of Phoenix August 18, 2014 Instructor: Dr. Stephen Jones Securing and Protecting Information The specific purpose of this paper is to describe the authentication process and to describe how this and other information security considerations will affect the design and development process for new information systems. The authentication process is a necessity forRead MoreEmployee Compliance On Information Technology Security Policy Essay1451 Words   |  6 Pages Project 4: IT Audit Policy and Plans Arlecia M Johnson October 12, 2016 Employee compliance on information technology security policy. Employee compliance can be described as a comprehensive review of the employees of a given organization concerning the awareness and adherence to the laid down policies and guidelines. In our case here at Red Clay Renovations, it is about the IT security policies in the Employee Handbook. Well, in order to accomplish this task, we have to narrowRead MoreEmployee Compliance On Information Technology Security Policy Essay1438 Words   |  6 Pagescompliance on information technology security policy. Employee compliance can be described as a comprehensive review of the employees of a given organization concerning the awareness and adherence to the laid down policies and guidelines. In our case here at Red Clay Renovations, it is about the IT security policies in the Employee Handbook. Well, in order to accomplish this task, we have to narrow it down to an interview strategy with questions targeting on the awareness of the key policies and the awarenessRead MoreU.s. Department Of Homeland Security1668 Words   |  7 Pages1. Purpose Among one of the missions of The U.S. Department of Homeland Security is to protect and preserve the security of the Cyberspace in the country. The principal objective of this Security Plan is to give instructions and direction for the Department’s workers and help the Homeland Security to create best practices and strategies in the IT security system. 2. Scope This policy needs to be applied to all users, employees, contractors, suppliers and to all IT resources such as e-mails, files