Professional Documents
Culture Documents
UNIT 5 MORE
UNIT 5 MORE
UNIT 5 MORE
An information security policy is a documented statement of rules and guidelines that need to
be followed by people accessing company data, assets, systems, and other IT resources. The
main purpose of an information security policy is to ensure that the company’s cybersecurity
program is working effectively.
The security policy doesn’t have to be a single document, though. A more sophisticated,
higher-level security policy can be a collection of several policies, each one covering a
specific topic. It’s quite common to find several types of security policies bundled together.
What should be included in a security policy? For starters, information security policies may
consist of acceptable use, confidential data, data retention, email use, encryption, strong
passwords, wireless access, and other types of security policies.
What are the benefits of information security policies? Why do we need to have security
policies? Here are 5 reasons:
If security policies are in place, any onboarding employee can be quickly acquainted
with company rules and regulations. They define not only the roles and
responsibilities of employees but also those of other people who use company
resources (like guests, contractors, suppliers, and partners).
Security policies are like contracts. They are to be acknowledged and signed by
employees. This means no employees shall be excused from being unaware of the
rules and consequences of breaking the rules. Should an employee breach a rule, the
penalty won’t be deemed to be non-objective. Security policies can also be used for
supporting a case in a court of law.
Security policies form the foundations of a company’s cybersecurity program. These policies
are not only there to protect company data and IT resources or to raise employee cyber
awareness; these policies also help companies remain competitive and earn (and retain) the
trust of their clients or customers. Think about this: if a bank loses clients’ data to hackers,
will that bank still be trusted? Eventually, companies can regain lost consumer trust, but
doing so is a long and difficult process.
………………………………………………………………………………………………..
Indian Cyber Law is a legal framework in India that governs activities in cyberspace,
including the internet, digital communication, and electronic commerce. With the rapid
advancement in technology and the increasing reliance on digital platforms for
communication, business, and information exchange, the need for a robust cyber law
framework has become essential.
The cornerstone of Indian Cyber Law is the Information Technology Act, 2000 (IT Act). This
Act was enacted to provide legal recognition for transactions carried out by means of
electronic data interchange and other means of electronic communication, commonly referred
to as electronic commerce. The IT Act aims to facilitate electronic governance by providing
legal recognition to electronic records and digital signatures.