Premium Essay

Aspects of an Effective Security Policy

In:

Submitted By DeanPopma
Words 2348
Pages 10
Aspect of an Effective Security Policy

Outline
I. Introduction
A. Reason behind an effective security program
1. Reliance on information technology 2. Maintaining profitability B. Areas of concern for effective security programs 1. Information Security 2. Personnel Security 3. Physical Security
II. Responsibility
A. Chief Information Officer or Chief Information Security Officer 1. Feasibility for small businesses B. Employee responsibility III. Program implementation A. Risk assessment
B. Security Policy
C. Training 1. Insider Threat
IV. Disaster Recovery Plan A. Why have a DRP B. Seven steps of planning
V. Conclusion

Aspects of an Effective Security Policy
Today almost every business from large cooperation’s to your local small business owner, Aunt Nancy’s homemade quilts, rely heavily on information technology to develop sales strategies, promote their product by reaching out to consumers via social media, sell and distribute their goods, develop new products, and run daily operations from accounting to time cards. The scale at which they use technology may vary, but the need for each business large or small, to incorporate an effective security program is key to keeping their systems up and running while at the same time providing enough freedom to themselves or their employees to remain competitive and productive. In short too much security may result in a loss of business and profits, not enough security, the same thing can happen and much worse. For an effective security program to be establish and work, a business must incorporate a security policy that works for it. I will be covering some of the steps required by any business to successful incorporate a security program. Keep in mind that no two businesses are alike and so no one security policy will work for every business. So the

Similar Documents

Premium Essay

Security Pllus Exam Essentials

...able to describe the various aspects of information security. Ensuring a secure network involves good design, implementation, and maintenance. The information in your organization is potentially vulnerable to both internal and external threats. Identify these threats and create methods of countering them before they happen. Be able to identify the potential physical, operational, and management policy decisions that affect your information security efforts. It isn’t good enough to have a plan if the plan is unsound or has gaping holes. You must make sure that the plans you develop and the procedures you follow to ensure security make sense for the organization and are effective in addressing the organization’s needs. Be able to explain the relative advantages of the technologies available to you for authentication. You have many tools available to establish authentication processes. Some of these tools start with a password and user ID. Others involve physical devices or the physical characteristics of the person who is requesting authentication. This area is referred to as I&A. Be able to explain the relative capabilities of the technologies available to you for network security. In most situations, you can create virtual LANs, create connections that are encrypted, and isolate high-risk assets from low-risk assets. You can do so using tunneling, DMZs, and network segmenting. Be able to identify and describe the goals of information security. The three primary goals...

Words: 5056 - Pages: 21

Premium Essay

Byod Pr Cope?

...purchase (and use) whichever device they prefer, and it reduces company’s expenditure on purchasing equipment, and on carrier costs. However, BYOD may incur further costs on the company and leave it exposed to security threats . On the costs front, employees bear the costs of the devices without benefiting from their company’s buyer power (to secure discounts, for example). Furthermore, in BYOD, companies usually pay for data packages for devices that are completely owned by the employees, and since devices are used for personal use, unexpected payments might occur. Thus those data packages may not always completely cover business usage. On the administration side, BYOD may require MDM (Mobile Device Management) services, which are usually provided by a third party, to ensure compliance with organization policy, handle mobile security, and separate between ‘business’ and ‘personal’ usage of the device. MDM services are also required in COPE. Furthermore, IT helpdesk may be inefficient under BYOD policy ; with a wide range of devices used and no standard device policy, help desks may either be less productive due to inability to support devices, or take longer time to complete services due to inexperience with particular apps and/or devices. BYOD approach bears significant security concerns. The primary risk is that personal devices might infect the company network with malware. Additional risk to confidential data comes from lost devices that might provide access to company’s database...

Words: 699 - Pages: 3

Premium Essay

Kayworth and Whitten 2010 Misqe

...Effective Information Security Requires a Balance of Social and Technology Factors EffEctivE information SEcurity rEquirES MIS Uarterly a BalancE of Social and tEchnology xecutive factorS1,2 Q E Tim Kayworth Baylor University (U.S.) Dwayne Whitten Texas A&M University (U.S.) Executive Summary 2 Industry experts have called for organizations to be more strategic in their approach to information security, yet it has not been clear what such an approach looks like in practice or how firms actually achieve this. To address this issue, we interviewed 21 information security executives from 11 organizations. Our results suggest that a strategically focused information security strategy encompasses not only IT products and solutions but also organizational integration and social alignment mechanisms. Together, these form a framework for a socio-technical approach to information security that achieves three objectives: balancing the need to secure information assets against the need to enable the business, maintaining compliance, and ensuring cultural fit. The article describes these objectives and the security alignment mechanisms needed to achieve them and concludes with guidelines that can be applied to ensure effective information security management in different organizational settings. INFORMATION SECURITY HAS BECOME A STRATEGIC ISSUE Information security continues to be a major concern among corporate executives. The threat of terrorism,...

Words: 7959 - Pages: 32

Premium Essay

Is Professionals

...emprises now days. Information security (IS) is important to secure this system and ensures the balance in information risk and information control. “Principles of Information Security, 4th Edition” is the book which provides balance information about information security in modern enterprises, risk management, security technology and Information security professionals with their roles in managing risk in information security (Whitman & Mattord, 2011). The study of this book makes us capable to evaluate the top five IS professionals and their respective roles in information security. Top Five IS Professionals and Their Roles and Responsibilities In top five IS professionals Chief Information Officer (CIO). CIO is the leading IS professional as he led other on the way to adopt the strategies to mitigate Information risks in order to manage the information system of the company. The main responsibility of CIO is to guide the chief executive officers and president of the company in information management matters and advise them in order to take effective decisions to implement information security system (Siponen, 2000). The leading position and decision making power of CIO make it capable to take important information management decisions. This is the major reason to rank him as the fist important IS professional. Chief Information Security Officer (CISO) is the second most important IS professional. CISO is also called manager of IT security. CISO directly report to CIO...

Words: 587 - Pages: 3

Premium Essay

Cmgt 582 Team Paper

...Hospital Risk Assessment & Security Audit Patton-Fuller Community Hospital Risk Assessment & Security Audit Risk assessment and threat assessment should go hand-in-hand.The outcome of the risk assessment and threat assessment should provide recommendations that maximize the protection of confidentiality, integrity and availability while still providing functionality and usability. The purpose of a risk assessment is to ensure sensitive data and valuable assets are protected. An organization should take a hard look at who has access to sensitive data and if those accesses are required. The security audit should monitor the companies systems and users to detect illicit activity.The security audit should include searches for security events and the abuse of user privileges, along with a review of directory permissions, payroll controls, accounting system configurations, ensure backup software is configured, and backups are completed as required, review network shares for sensitive information with wide-open permissions. During the security audit, a report of offices should be conducted to ensure security policies and procedures are followed. Security Management Currently, PFCH has a Chief Compliance Officer in place to ensure the hospital meets all laws and regulations regarding patient privacy. The CCO is responsible for developing, implementing, and maintaining a system-wide Corporate Compliance program. The COO also oversees the Security Officer, the Director of Medical...

Words: 3451 - Pages: 14

Premium Essay

It456 Db2

... Security Architecture Design IT456_DB2 Security architecture is an important aspect of any security system safeguarding an organizations data, employee/client demographic information and many other vital data. Deployment of an effective scalable network security system requires proper design according to the risk analysis and employing security principles in best practices and maintaining a satisfactory level of compliance. www.disa.mil/.../mil Should any of the key areas of the security infrastructure be compromised it will have devastating effects on the reliability, availability, viability of operational abilities and integrity of data. As well the system vulnerabilities are more easily. Attacks are carried out on these compromised infrastructures including industrial espionage, revenge, financial gain, and terrorism. ISSA.com/security Some of the principles used in the design of a secure Infrastructure are compartmentalization of information, principle of least privilege, weakest link, defense in depth, authentication password security, antivirus, packet filtering,, firewalls, policies both permitting and restricting activities, DMZ’s and designing the security around and for the most critical systems. Do not forget the ever more important intrusion detection...

Words: 727 - Pages: 3

Premium Essay

Cyber Security: Physical and Digital Security Measures

...Cyber Security: Physical and Digital Security Measures Abstract Due to the issues associated with cyber security and the appropriate application thereof, this paper will strive to address different cybersecurity measures that may be employed, both physically and digitally. It will identify what cyber security is, measures that may be taken, the tools needed to ensure implementation, and provide information regarding the different resources and programs necessary to work to effect greater success in the application thereof. Keywords: cyber security, physical security, digital security, security measures, definition, tools, resources Cyber Security: Physical and Digital Security Measures Introduction In spite of the increasingly prevalent use of technology in today’s digital world, many organizations find the concept of cyber security to be somewhat of a mystery. As a result of a lack of knowledge or an inability to appropriately apply that knowledge, companies like Target, Home Depot, and even Sony, among others, find themselves faced with security nightmares that could have just as easily been avoided (Yang & Jayakumar, 2014; Home Depot, 2014; Steinberg, 2014). In order to be able to approach cyber security properly, an organization must both have the knowledge necessary to implement a system designed to secure their digitized data and must have the ability to apply that knowledge within the constructs of their systems in order to ensure that a breach does not...

Words: 3485 - Pages: 14

Premium Essay

Kudler Fine Foods Frequent Shopper Program

...specialty food items both imported and domestic. There are three stores in the San Diego area, they are in La Jolla, Del Mar and Encinitas. The departments within each store are: • Fresh Bakery and Pastries • Fresh Produce • Fresh Meat and seafood • Condiments and packaged Foods • Cheeses and Specialty Dairy Products The founder and owner Kathy Kudler put in a service request to develop a system that tracks customer purchases. This system will award loyalty points in a frequent shopper program. Before they implement the program Kudler Fine Foods will need to research several business considerations to ensure they keep their customer’s information safe and secure. These considerations include legal, security and ethical implications. In this paper I will detail the legal, security and ethical considerations of e-commerce. The paper will also detail a point-of-sale system that will be used to track Kudler’s customer’s purchases and award points. In conclusion a description of the financial analysis that will show why the expenditure or this program is justified for use at Kudler Fine Foods. Frequent Shopper Program Kudler Fine Foods would like to develop a frequent shopper program. A program such as this will track a customer’s purchases at the point of sale and reward them with points. The customer can use accumulated points to be redeemed later for gift items or other products. Not only will this program award loyalty points, but it will also allow Kudler Fine Foods to define...

Words: 1502 - Pages: 7

Premium Essay

Jjjjjj

...Introduction to the Management of Information Security Chapter Overview The opening chapter establishes the foundation for understanding the field of Information Security. This is accomplished by explaining the importance of information technology and defining who is responsible for protecting an organization’s information assets. In this chapter the student will come to know and understand the definition and key characteristics of information security as well as the come to recognize the characteristics that differentiate information security management from general management. Chapter Objectives When you complete this chapter, you will be able to: • Recognize the importance of information technology and understand who is responsible for protecting an organization’s information assets • Know and understand the definition and key characteristics of information security • Know and understand the definition and key characteristics of leadership and management • Recognize the characteristics that differentiate information security management from general management INTRODUCTION Information technology is the vehicle that stores and transports information—a company’s most valuable resource—from one business unit to another. But what happens if the vehicle breaks down, even for a little while? As businesses have become more fluid, the concept of computer security has been replaced by the concept of information security. Because this new concept covers a...

Words: 2580 - Pages: 11

Premium Essay

Proton Saga 1.3 Flx

...E-Business Strategy 1 Internet Marketing Plan for River Island E-Business Strategy 2 Table of content Introduction…………………………………………………………………………………..3 Impact of E-Business strategy on Business…………………………………………………..4 Expectation of Internet Customers……………………………………………..……4 Integration with the Existing business processes……………………………………..5 Analysis of Logistics Processes………………………………………………………5 Resources required for Website maintenance and support…………………………...5 Implementation Strategy……………………………………………………………………..6 Planning for Website designing……………………………………………………....6 E-marketing and Promotion strategy……………………………………………..…..7 E-supply Chain Management Strategy…………………………………………..…...7 Integration with the Existing System…………………………………………..…….8 Protection of Business………………………………………………………………..………8 Risk from E-business and measures to control…………………………..…………..9 Future Development in E-Business………………………………………………..…………9 Mobile technology and impact of XTML on E-business………………….…………9 Impact of supply chain integration and e-business on international competencies…10 Conclusion and Recommendation…………………………………………………………..10 References…………………………………………………………………………………..11 E-Business Strategy 3 Introduction With the increase enhancement in the field of technology, it has been considered essential by the businesses to implement such technology in their business processes. Further, the increasing demand from the customers regarding the better quality of products and ...

Words: 3605 - Pages: 15

Premium Essay

Information Technology

...Security Policy M CMGT/441 July 14, 2014 Instructor: Introduction This paper will illustrate the needs of a security policy for McBride Financial Services and discuss the issues of implementing the online loan application. A security policy is an essential tool for any organization, these security policy are designed to protect valuable asset of organizations such as data, demographic of clients, account numbers, and other valuable information (Stalling, Brown, Bauer, & Howard, 2008,). The online application will benefit with a security policy set in place. Security Policy The security policy has three essential parts that are the bases on establishing a well designed security policy. These principles are known as confidentiality, integrity, and availability. An organization will rely on the core principles of an effective information security system. (“Information Security, 2014”). Confidentiality. The collection of data such as but limited to; information about employees, customers, products, research and financial status, this information are stored electronic computers for sending or stored for later use (“Information Security, 2014”). Integrity. According to “Information Security” (2014), “means maintaining and assuring the accuracy and consistency of data over its entire life-cycle”. The concept of this security aspect is to ensure that the organization’s data is not modified by an unauthorized person (“Information Security, 2014”). Availability. The...

Words: 383 - Pages: 2

Premium Essay

A Risk Analysis for Information Security and Infrastrucure Protection

...A Risk Analysis for Information Security and Infrastructure Protection Special Topics in Criminology and Criminal Justice Columbia Southern University January 03, 2012 A Risk Analysis for Information Security and Infrastructure Protection OBJECTIVE The sole purpose for performing a risk analysis for IT systems is to ensure businesses and or organizations, whether small or large to accomplish its missions by better securing the IT systems that store, process, or transmit organizational information. The primary function of risk analysis is to identify and correct the vulnerabilities and threats of an IT system. It enables management to make well-informed risk management decisions and justify the spending that is part of an IT budget. This also assists management in authorizing or accrediting the IT systems based on the performance results of a risk analysis. TARGET AUDIENCE Risk analysis will encompass a basic guide for experienced and inexperienced, technical and non-technical personnel who support or use risk analysis for their IT systems. This will included a detail listing and job description of personnel based on the National Institute of Standards and Technology (NIST) research: Senior management and mission owners make decisions about the IT security budget, and they ensure the implementation of risk management for agency systems and the security provided for the IT systems. The Designated Approving Authority (DAA) is responsible...

Words: 1308 - Pages: 6

Premium Essay

Australian Cyber Security Framework Essay

...The Australian Cyber Security Capability Framework (CSCF) & Mapping of ISM Roles by Australian Government Information Management Office (AGIMO) formalizes training, certification, competency and development requirements for staff employed within the IT Security profession [14]. The 20- pages Framework has a two level structure with six main categories of capability: Service Delivery; IT Business Management; Business Change; Solutions Development; Solutions Implementation; and Service Support. The Security domain sits within the Service Delivery area and it is broken down into four capability groupings: Service Delivery; IS; Technology Audit; and Emerging Technology Monitoring. The competencies are mapped onto the Framework based on complexity...

Words: 911 - Pages: 4

Premium Essay

Alternating State Government It Security Policies

...Alternating State Government IT Security Policies University of Maryland University College Europe Instructor: Professor Cybersecurity in Government Organizations CSIA 360 24 April 2016 The purpose of IT Security Policies within the state governments IT security policies are the foundation that any business or government should have implemented with their IT systems before the systems are going to be accessed or in other terms used by users and or customers. The successful implementation of such IT security policies are necessary for the infrastructure of IT systems that are going to be operated safely. IT security policies normally are papers that address the requirements of the system’s rules that are to be fulfilled, which usually is a defined set of rules. The individual IT security policy addresses a specific area in detail like such as an acceptable user policy that outlines how the system is to be used with what each user can perform on the system (SANS, 2016). Each individual state is responsible for implementing its own IT security policy because there is no precise must do practice in place when it comes to fulfilling IT security policies for the state governments. State agencies and offices are responsible for their own IT security policies. Each state addresses IT security policies and the associated problems with implementing these, but two states barely mention the topic, which reflects with rare information concerning their cybersecurity plans...

Words: 1515 - Pages: 7

Premium Essay

Risk Mananament

...The concept of security has many associations. It can include safety to individuals, the society, groups that include status, religion and colour, businesses and any other legitimate organizations. The concept of security has been an issue across generations both in animal and human societies. The often quoted sentence ‘survival of the fittest’ comes to mind in this instance. This suggests that individuals and groups (of any order) will resist and create conflict in order to survive in a particular environment, whether it is within a family, society, politics, or a business environment. Whatever the reasons may be or legitimacy of the conflict, it is up to the receiving party to ensure that they survive and grow in spite of security issues. In the business world, competition often produces security problems. The concept of globalization, the growth and expansion of multinationals has resulted in new security threats that are related to political and religious factors. In other words, business organizations can be subject to threats from local businesses, political parties, and terrorist organizations. Local businesses can create problems because the new entrants are seen as a threat and competition to their existing businesses activities. Political parties that are not in power may pose a threat because they oppose the ruling party and not the business enterprise. Terrorism and other forms of violence may occur against specific business organizations since they are seen as a representative...

Words: 5050 - Pages: 21