Scribd Logo
Upload

Welcome to Scribd!

  • Question 1: Explain The Need For IT Security Policy in An Organization

    Uploaded by

    Subesh Khadka Networking and IT Security
    9 views3 pages
    The document discusses the need for IT security policies in organizations. It provides examples of how a security policy helps minimize risks like data loss. The process of creating and implementing a security policy can be considered a project that involves key parties. Pain points are specific customer problems an organization aims to address, while triggering events are occurrences that cause security events to happen if unaddressed. Finally, the document lists some general security policies organizations should implement, such as defining data classification, access controls, and employee responsibilities.

    Original Description:

    Original Title

    5

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses the need for IT security policies in organizations. It provides examples of how a security policy helps minimize risks like data loss. The process of creating and implementing a security policy can be considered a project that involves key parties. Pain points are specific customer problems an organization aims to address, while triggering events are occurrences that cause security events to happen if unaddressed. Finally, the document lists some general security policies organizations should implement, such as defining data classification, access controls, and employee responsibilities.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    9 views3 pages

    Question 1: Explain The Need For IT Security Policy in An Organization

    Uploaded by

    Subesh Khadka Networking and IT Security
    The document discusses the need for IT security policies in organizations. It provides examples of how a security policy helps minimize risks like data loss. The process of creating and implementing a security policy can be considered a project that involves key parties. Pain points are specific customer problems an organization aims to address, while triggering events are occurrences that cause security events to happen if unaddressed. Finally, the document lists some general security policies organizations should implement, such as defining data classification, access controls, and employee responsibilities.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    Question 1: Explain the need for IT Security Policy in an organization.

    Provide scenarios through which the aforementioned need for a security


    policy is made clear.

    Information Security is the sum of technologies and resources that are deployed
    and implemented within an organization in order to protect information assets. The three
    principles of Information Security Are Confidentiality, Integrity and Accessibility (CIA). In
    simple words, an information security policy is a collection of statements and directions,
    developed to guide the behavior of employee within an organization to maintain security.

    The key aim of developing IT Security Policy is to provide necessary direction to


    the employees within an organization concerning the security. Here are few core reasons
    about the necessity of information security policies.

     Information security policy defines the requirement for an organization’s


    employees from perspective of security.
     Information security policies are the mechanism that assists legal and ethical
    responsibilities of an organization.

    Information security policy must include Access Control, data classification,


    password management, data encryption, backup, sever and physical security.
    For example, an organization has implemented the CIA triad security principle and the
    employees follow the policy guidelines carefully, then the risk of losing data and
    information is highly minimized.

    Question 2: Can we consider the process of creating and implementing an


    IT Security Policy, a project? Justify your answer. If yes, what key parties are
    involved in the entire process and what can be their roles in the entire
    process?

    Yes, the process of creating and implementing an IT Security Policy can be


    considered as project. In fact, this process is a vital step towards a secure system. The
    first and foremost aim of creating a security policy is to minimize the risk of losing data
    and information on a system by bounding the users and employees in a certain group of
    statements. And a security policy identifies all of a company's assets as well as all the
    potential threats to those assets. Hence an organization can achieve their goals after a
    successful and secure policy.

    Question 3: What are Pain points and Trigger Events?

    A pain point is a specific problem that prospective customers of your company is


    experiencing. To put it simply, pain points are problems. Increasing Volume and
    Complexity of Threats, Lack of Security Resources and Threat Prioritization can be three
    major cybersecurity pain points.

    A triggering event is an occurrence which causes another event to occur if the


    first event is breached. Triggering Events include theft or loss of a computing device,
    multiple failed attempts to gain system access, attempts to use old credentials, access
    attempts that are outside of normal business hours, unauthorized access to a system
    containing protected data, employee snooping or information capture etc.

    Question 4: List down some general security policies which an organization

    must look into and implement.

     Purpose: It defines; why does the organization needs the policy for example a
    company might need policies for information security.
     Scope: An information security policy should address all data, programs, systems,
    facilities, other tech infrastructure, users of technology and third parties in a given
    organization. The policy should cover up all the aspects in an organization without
    failure.
     Information Security Objectives: The process of maintaining Confidentiality,
    Integrity and Availability of data should be the main objective of InfoSec.
     Authorization and Access Control: This step is about maintaining the balance
    between allowing access to users who need to use the data as part of their job as
    well as denying the unauthorized access.
     Classification of data: It can be arranged into three classes; High Risk,
    Confidential and public class.
     Data Support and Operation: It defines data backup and regulation.
     Security Awareness Sessions: The employees must be well trained and aware
    about how to collect/use/delete data, maintain data quality, records management,
    confidentiality, privacy, appropriate utilization of IT systems, correct usage social
    networking with a suitable training sessions.
     Responsibilities, rights and duties of personnel: The things that are considered
    in this area generally focuses on the responsibility of persons appointed to carry
    out the implementation, education, incident response, user access reviews and
    periodic updates of an information security policy.
     References to relevant legislation: A security policy for an organization must be
    built under the acts and laws of the particular nation.

    You might also like