Computers and the Internet Security

Computers and the Internet

Security Policies

Even though the significance of information security for businesses is more and more recognized, the difficulty of issues involved means that the size and shape of information security policies may differ widely from company to company. This may depend on a lot of factors, including the size of the company, the sensitivity of the business information they own and deal with in their marketplace, and the numbers and types of information and computing systems they use. For a large company, developing a single policy document that speaks to all types of users inside the organization and addresses all the information security issues necessary may prove impossible. "A more effective concept is to develop a suite of policy documents to cover all information security bases; these can be targeted for specific audiences, making a more efficient process for everyone" (Information Security Policy - A Development Guide for Large and Small Companies, 2007). This paper examines four different security policies that need to be considered when developing and maintaining a good overall information security policy.

Wireless Communication Policy

The purpose of this policy is to secure and protect the information assets owned by a company. Companies provide computer devices, networks, and other electronic information systems in order to meet missions, goals, and initiatives. Companies grant access to these resources as a privilege and must manage them responsibly to maintain the confidentiality, integrity, and availability of all information assets. This policy specifies the conditions that wireless infrastructure devices must satisfy to connect to the company's network. Only those wireless infrastructure devices that meet the standards specified in this policy or are granted an exception by the Information Security Department are approved for connectivity to the company's network (Wireless Communication Policy, n.d.).

Workstation Security Policy

The purpose of this policy is to provide guidance for workstation security for any company's workstations in order to make certain the security of information on the workstation and information the workstation may have access to. "Additionally, the policy provides guidance to ensure the requirements of the HIPAA Security Rule "Workstation Security" Standard 164.310(c) are met. This policy applies to all employees, contractors, workforce members, vendors and agents with a company -owned or personal-workstation connected to the company's network. Appropriate measures must be taken when using workstations to ensure the confidentiality, integrity and availability of sensitive information, including protected health information (PHI) and that access to sensitive information is restricted to authorized users" (Workstation Security Policy, n.d.).

Internet usage Policy

The Internet usage Policy applies to all Internet users or people working for the company, including permanent full-time and part-time workers, contract workers, temporary agency workers, business partners, and vendors who access the Internet through the computing or networking resources. The company's Internet users are anticipated to be familiar with and to conform to this policy, and are also required to use their general sense and exercise their good judgment while using Internet services (Internet usage Policy, n.d.).

Server Audit Policy

The purpose of this policy is to ensure all servers deployed at a company are configured according to the company's security policies. Servers deployed at the company shall be audited at least annually and as prescribed by applicable regulatory compliance. Audits may be conducted to:

Ensure integrity, confidentiality and availability of information and resources

Ensure conformance to company security policies

This policy covers all servers owned or operated by the company. This policy also covers any server present on the company's premises, but which may not be owned or operated by the company. Servers in use for the company support critical business functions and store company sensitive information. Improper configuration of servers could lead to the loss of confidentiality, availability or integrity of these systems (Server Audit Policy, n.d.).

Discussion

In today's high-tech and interconnected world, every corporation needs a well developed security policy. Threats exist from both within the walls of each company as well as from outside sources such as hackers, competitors and foreign governments. The goal of corporate security policies is to identify the procedures, guidelines and practices for configuring and managing security in an environment. By enforcing corporate policy, corporations can reduce their risks and show due diligence to their customers and shareholders (Importance of Corporate Security Policy, 2010).

Before making choices regarding the Information Security strategy, long or short-term, organizations need to have a sound appreciative of their sole risk profile. Risk consists of a mixture of information resources that have value and vulnerabilities that are gullible. The scale of the risk is the product of the value of the information and the amount to which the susceptibility can be exploited. As long as the organization has information that has worth that information and by expansion, the organization will be susceptible to risk. The purpose of any information security control mechanism is to limit that risk to an suitable level. This is also true for policies. "Policies are a risk-control mechanism and must therefore be designed and developed in response to real and specific risks. Thus, a comprehensive risk assessment exercise must be the first phase of the policy development process. The risk assessment should identify the weakest areas of the system and can be used to define specific objectives" (van der Walt, 2010).

Conclusion