Security Policy
Law and Policy Case Stud
Project: Law and Policy Case Study
Date: 4/9/2013
Policies define a set of rules and procedures that all employees must abide by. It exist, first and foremost, to inform employees of what is and is not acceptable behavior in the organization. Information security is there to make sure that all of the organization's data are safe and secure against attacks. It sets up protocols to follow in order to achieve maximum data integrity, availability, and confidentiality. Policy actually exist in two ways: Government policies and Organizational policies.
According to British Columbia a book written in 2011 about information security, government policies are policies issued by federal, state, local, or tribal government and which provide a framework for government organizations to establish local policies and procedures necessary for the protection of information and technology assets (British Columbia, 2011). Then, come organization policies, which are written to guide an organization's compliance with laws, regulations, and policies. According to Canavan & Diver, Organizational security policies should fulfill many purposes such as protect people and information; set the rules for expected behavior by users, system administrators, management, and security personnel; authorize security personnel to monitor, probe, and investigate; define and authorize the consequences of violation; define the company consensus baseline stance on security; help minimize risk; and finally help track compliance with regulations and legislation (Canavan & Diver, 2007). These two policies, meaning Government and Organization, provide a framework that helps to ensure that potential risks associated with an organization's data are minimized or eliminated.
The first step towards enhancing a company's security according to Danchev from Window securities, is the introduction of a precise yet enforceable security policy, informing staff
Project: Law and Policy Case Study
Date: 4/9/2013
Policies define a set of rules and procedures that all employees must abide by. It exist, first and foremost, to inform employees of what is and is not acceptable behavior in the organization. Information security is there to make sure that all of the organization's data are safe and secure against attacks. It sets up protocols to follow in order to achieve maximum data integrity, availability, and confidentiality. Policy actually exist in two ways: Government policies and Organizational policies.
According to British Columbia a book written in 2011 about information security, government policies are policies issued by federal, state, local, or tribal government and which provide a framework for government organizations to establish local policies and procedures necessary for the protection of information and technology assets (British Columbia, 2011). Then, come organization policies, which are written to guide an organization's compliance with laws, regulations, and policies. According to Canavan & Diver, Organizational security policies should fulfill many purposes such as protect people and information; set the rules for expected behavior by users, system administrators, management, and security personnel; authorize security personnel to monitor, probe, and investigate; define and authorize the consequences of violation; define the company consensus baseline stance on security; help minimize risk; and finally help track compliance with regulations and legislation (Canavan & Diver, 2007). These two policies, meaning Government and Organization, provide a framework that helps to ensure that potential risks associated with an organization's data are minimized or eliminated.
The first step towards enhancing a company's security according to Danchev from Window securities, is the introduction of a precise yet enforceable security policy, informing staff