The Role of Information Security
CMGT400
The Role of Information Security Policy Your Name……………………… Date…...................... The Importance of Policies and Standards
For any business, the need to protect its assets is just as important as the need to maintain or increase its bottom line. If a business does not, will not, or can not enact a sufficient security plan that is the equal to or greater than its needs, it may find itself rapidly losing its assets, its monies, or completely out of business. In addition to a robust security policy, there must also be robust standards put into place to clearly define the roles the employees, as well as the management, must play in order to properly enact those roles. Security and unauthorized decryption and access (also known as hacking) are running a perpetual race for primacy. This aforementioned primacy switching hands alternately, white-hat, black-hat, white-hat, black-hat, etc., It is because of this back and forth evolutionary process that a company cannot have just a good security policy for the moment, but the must have a security policy that is scalable and has the growth potential to keep pace with the next new powerful threats that are poised to come down the pike inevitably. There is also a less colorful reason that information security practices must have policies and standards, and that less colorful reason is compliance. There are many government bodies that have been established for just this very important reason. As stated by the Rutgers Office of Information Technology, “The protection and management of of non-public personal information (NPPI) must comply with a variety of state and federal laws. Accurate and reliable reporting according to these laws has an impact on the business and financial health of (any institution). Failure to comply with these guidelines can have direct effects on the business’s ability to do
The Role of Information Security Policy Your Name……………………… Date…...................... The Importance of Policies and Standards
For any business, the need to protect its assets is just as important as the need to maintain or increase its bottom line. If a business does not, will not, or can not enact a sufficient security plan that is the equal to or greater than its needs, it may find itself rapidly losing its assets, its monies, or completely out of business. In addition to a robust security policy, there must also be robust standards put into place to clearly define the roles the employees, as well as the management, must play in order to properly enact those roles. Security and unauthorized decryption and access (also known as hacking) are running a perpetual race for primacy. This aforementioned primacy switching hands alternately, white-hat, black-hat, white-hat, black-hat, etc., It is because of this back and forth evolutionary process that a company cannot have just a good security policy for the moment, but the must have a security policy that is scalable and has the growth potential to keep pace with the next new powerful threats that are poised to come down the pike inevitably. There is also a less colorful reason that information security practices must have policies and standards, and that less colorful reason is compliance. There are many government bodies that have been established for just this very important reason. As stated by the Rutgers Office of Information Technology, “The protection and management of of non-public personal information (NPPI) must comply with a variety of state and federal laws. Accurate and reliable reporting according to these laws has an impact on the business and financial health of (any institution). Failure to comply with these guidelines can have direct effects on the business’s ability to do
References: 1. Rutgers Office of Information Technology. (2011). Retrieved March 27, 2012 from http://rusecure.rutgers.edu/content/importance-it-security 2. Your Role in Information Security. (2005). Retrieved March 27, 2012 from http:// https://security.uwmedicine.org/securitypolicies.asp 3. Conklin, W., & White, G. (2010). Principles of Computer Security (2nd ed.). Chicago, IL: McGraw-Hill.