security plan and procedures

Security in many organizations today is focused on technology and tools; this can be a benefit to organizations as much as it can be a risk. It can be benefit because it can facilitate things for the organization but, it can be harmful because it can backfire, it can facilitate the organizations percentage of being breached by a malicious hacker from either inside or outside the organization. Organizations don’t seem to focus enough on business requirements, physical and information assets, and risk assessment, this can be harmful since these are very important things you need when you have your own organization/company. In this paper I will be talking about the security plans and procedures for important things to an organization such as; E-mail, Acceptable use, Physical security, and last but not least Incident response.
Security plan and procedures security measures can save a significant amount of money for any organization in the long run. A company's/Organization’s security plan consists of security policies. Security policies give specific guidelines for areas of responsibility, and consist of plans that provide steps to take and rules to follow to implement the policies. Policies should define what you consider valuable, and should specify what steps should be taken to safeguard those assets. Policies can be drafted in many ways. One example is a draft policy for different sets of assets, including e-mail policies, password policies, Internet access policies, and remote access policies, acceptable use policies, physical security policies and incident response policies. Policies can be defined for any area of security. It is up to the security administrator and IT manager to classify what policies need to be defined and who should plan the policies. There could be policies for the whole company or policies for various sections within the company. In the next paragraphs I will be discussing the following policies; email, acceptable use, physical