A security policy defines how an organization will handle security issues. The document discusses policies around user passwords, internet use, email, software installation, messaging, and devices. It also outlines policies for system administration regarding new employees, departing employees, change requests, security breaches, and virus infections. The document defines access control policies and discusses data classification, disaster recovery, and fault tolerance policies.
A security policy defines how an organization will handle security issues. The document discusses policies around user passwords, internet use, email, software installation, messaging, and devices. It also outlines policies for system administration regarding new employees, departing employees, change requests, security breaches, and virus infections. The document defines access control policies and discusses data classification, disaster recovery, and fault tolerance policies.
A security policy defines how an organization will handle security issues. The document discusses policies around user passwords, internet use, email, software installation, messaging, and devices. It also outlines policies for system administration regarding new employees, departing employees, change requests, security breaches, and virus infections. The document defines access control policies and discusses data classification, disaster recovery, and fault tolerance policies.
• A security policy is a report that characterizes how an organization will deal
with some aspect of security. There can be policies regarding end-user behavior, IT reaction to occurrences, or policies for explicit issues and episodes . • Defining User Policies • Different areas for potential misuse are also secured by user policies, including password sharing, replicating data, leaving accounts signed on while employees go to lunch, and so on. All of these issues ultimately have a significant impact on your system's security and must be clearly illuminated in your user policies. We will currently examine several areas that viable user policies must cover : • ■Passwords • ■Internet use • ■Email usage • ■Installing/uninstalling software • ■Instant messaging • ■Desktop configuration • ■Bring Your Own Device Passwords • Passwords are never to be held recorded in an accessible place. The inclination is that they not be recorded at all, however on the off chance that they are, they ought to be in a protected area, for example, a lock box at your home (not in the workplace directly close to your PC (. • Internet Use • There are several reasons for this. The most clear reason is email. In any case, that is hardly the main reason to have Internet access in a business or academic setting. There is also the Web, and even chat rooms . • Email Usage • Most business and even academic activity presently happens via email . • Instant Messaging • instant messaging can be used for legitimate business purposes. Notwithstanding, it represents a significant security risk. There have been viruses that specifically propagated via instant messaging • Desktop Configuration • changing the background, screensaver, text dimension, and goals. Theoretically speaking, this is not a security hazard. Basically changing your PC's background image cannot compromise your PC's security. Be that as it may, there are different issues included . • Bring Your Own Device • At the point when they associate with your remote system, this presents a large group of new security concerns • Defining System Administration Policies • There must be a strategy for adding users, evacuating users, dealing with security issues, changing any system, and so on. There must also be standards for handling any deviation . • New Employees • Before a new representative starts to work, the IT department (specifically arrange administration) ought to get a composed solicitation from the specialty unit that individual will be working for. • Departing Employees • in the event that you don't make it a habit of making sure about employees' access when they depart, you will eventually have an unfortunate situation that could have been easily avoided. • Change Requests • Specialty units demand access to various assets, server administrators upgrade software and hardware, application engineers install new software, and web designers change the site. • Security Breaches • This could imply that you are the objective of a forswearing of administration (DoS) assault, your framework is contaminated with a virus, or maybe a programmer gets access and obliterates or duplicates touchy data. • Virus Infection • This implies truly unplugging the machines from the system • Defining Access Control • There is consistently a contention between clients' longing for free access to any data or assets on the system and the security chairman's craving to ensure that data and assets. This implies boundaries in policies are not down to earth. • Developmental Policies • Regardless of how great your firewalls, intermediary server, virus examining, and policies are, if your engineers make code that is defective, you will have security breaches. • Data Classification • Characterizing data gives workers direction on the most proficient method to deal with data : • Open data • Private data • DoD Clearances • This is data that may harm national security whenever unveiled. Mystery data will be data that may make genuine harm national security whenever unveiled. • Disaster Recovery • A disaster is any occasion that essentially upsets your association's tasks. A hard drive crash on a basic server is a disaster. • Fault Tolerance • There are three essential reinforcement types we are worried about: • ■ Full: All progressions • ■ Differential: All progressions since last full reinforcement • ■ Incremental: All progressions since last reinforcement of any kind • HIPAA • is a guideline that commands national measures and systems for the capacity, use, and transmission of individual clinical data.