Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
By enforcing corporate policy, corporations can reduce their risks and show due diligence to their customers and shareholders (Importance of Corporate Security Policy, 2010).
Before making choices regarding the Information Security strategy, long or short-term, organizations need to have a sound appreciative of their sole risk profile. Risk consists of a mixture of information resources that have value and vulnerabilities that are gullible. The scale of the risk is the product of the value of the information and the amount to which the susceptibility can be exploited. As long as the organization has information that has worth that information and by expansion, the organization will be susceptible to risk. The purpose of any information security control mechanism is to limit that risk to an suitable level. This is also true for policies. "Policies are a risk-control mechanism and must therefore be designed and developed in response to real and specific risks. Thus, a comprehensive risk assessment exercise must be the first phase of the policy development process. The risk assessment should identify the weakest areas of the system and can be used to define specific objectives" (van der Walt, 2010).
Conclusion
A security policy is basically a plan, outlining what the company's critical assets are, and how they must and can be protected. Its chief purpose is to provide staff with a brief summary of the adequate use of any of Information Assets, as well as to clarify what is considered as permissible and what is not, therefore engaging them in securing the company's critical systems. In order to comprehend the significance of a security policy, staff needs to be conscious and completely understand the penalties of violating the policy, thus exposing critical systems to a spiteful attacker, or causing unintentional damage to other companies worldwide. Violations should be handled consequently; those who in one way or the other breach upon the security policy should be made aware that they may face being put through a trial period, which comprises the limited use of some of the company information assets until they can show they are capable to act in a secure manner...
They should also be aware that in some severe cases they also may risk being fired or even prosecuted (Danchev, 2003).
Organizations must be prepared to enforce every stipulation the policy makes so policies must be focused and specific. Security administrators need to define objectives for their particular organization, based on the value of that information and the specific risks that information faces (van der Walt, 2010). The aforementioned policies do just this. They are all concerned with the risks that are involved both internally and externally for any company. Companies let entities both internally and externally access company information and so there is a need to have security policies in place in order to minimize any risk that might be present.
References
Danchev, D. (2003). Building and Implementing a Successful Information Security Policy.
Retrieved from http://www.windowsecurity.com/pages/security-policy.pdf
Importance of Corporate Security Policy. (2010). Retrieved from http://securityresponse.symantec.com/avcenter/security/Content/security.articles/corp.
security.policy.html
Retreived from http://www.sans.org/reading_room/whitepapers/policyissues/information-security-p olicy-development-guide-large-small-companies_1331
Internet Usage Policy. (n.d.). Retrieved from http://www.sans.org/security-resources/policies/internet-usage-policy.pdf
van der Walt, C. (2010). Introduction to Security Policies, Part One: An Overview of Policies. Retrieved from http://www.symantec.com/connect/articles/introduction-security-policies-part-one-overview-policies
Wireless Communication Policy. (n.d.). Retrieved from http://www.sans.org/security-resources/policies/Wireless_Communication_Policy.pdf
Internet Security, risks internet security presents field information technology implementing solutions address challenges. The paper 15 pages length ( including title reference page). 1. Title Page: Include, paper title, title, instructor's, date. Internet security In today's advanced technological world, online users are faced with a myriad of problems and risks. Any online user is vulnerable to Trojans, viruses, worms, spyware, and malware. The user is exposed to sniffers, spoofing software, and phishing.
Internet Security Measures- An Assessment The world of the Internet is truly an amazing and wonderful place where any information on any topic is available, right at your fingertips, with the mere click of a button. The Internet is very much like a huge city where high rises filled with honest people and slums filled with the lower classes coexist side by side; where there are both good people as well
Internet Security With the increasing awareness and use of the internet, organizations and individuals are facing newer security issues each day. Everyday people purchase goods on the internet and any hacking as a "joke" could cause the customer's credit card information to fall in the wrong hands. Misuse of such had been on a rise recently all over the world. Governments have now started to enforce strict internet laws to minimize
Internet Security for Wi-Fi Hotspots In configuring the Wi-Fi router in our home previous to taking this course, the selection of 128-bit encryption was chosen, and keys created to ensure the security of the connection and network from outside use. As our home is in a densely populated neighborhood, our concern was the potential of a drastic reduction in performance given how many people could be on the connection potentially at
All of those sites were U.S. government sites. The July 6 update increased the number to 21 U.S. sites. On July 7, the South Korean sites were added and on July 8, the total number of sites reached 26 ("No Sign of N. Korea Backing," 2009) The U.S. Websites were back up and running within a day of the attack. The South Korean sites took more time to recover ("Cyberattacks
However, most companies acknowledge that the benefits of employee Internet usage outweigh the difficulties, and continue to offer Internet access to their employees, who also perceive it as a benefit. The term abuse also means different things to different people, and so, businesses must define abuse before they accuse their employees of abusing their Internet access. One writer defined abuse this way, "Internet abuse in the workplace is defined as