Professional Documents
Culture Documents
Question 1: Explain The Need For IT Security Policy in An Organization
Question 1: Explain The Need For IT Security Policy in An Organization
Information Security is the sum of technologies and resources that are deployed
and implemented within an organization in order to protect information assets. The three
principles of Information Security Are Confidentiality, Integrity and Accessibility (CIA). In
simple words, an information security policy is a collection of statements and directions,
developed to guide the behavior of employee within an organization to maintain security.
Purpose: It defines; why does the organization needs the policy for example a
company might need policies for information security.
Scope: An information security policy should address all data, programs, systems,
facilities, other tech infrastructure, users of technology and third parties in a given
organization. The policy should cover up all the aspects in an organization without
failure.
Information Security Objectives: The process of maintaining Confidentiality,
Integrity and Availability of data should be the main objective of InfoSec.
Authorization and Access Control: This step is about maintaining the balance
between allowing access to users who need to use the data as part of their job as
well as denying the unauthorized access.
Classification of data: It can be arranged into three classes; High Risk,
Confidential and public class.
Data Support and Operation: It defines data backup and regulation.
Security Awareness Sessions: The employees must be well trained and aware
about how to collect/use/delete data, maintain data quality, records management,
confidentiality, privacy, appropriate utilization of IT systems, correct usage social
networking with a suitable training sessions.
Responsibilities, rights and duties of personnel: The things that are considered
in this area generally focuses on the responsibility of persons appointed to carry
out the implementation, education, incident response, user access reviews and
periodic updates of an information security policy.
References to relevant legislation: A security policy for an organization must be
built under the acts and laws of the particular nation.