Sunday, July 28, 2019

Information security policy Essay Example | Topics and Well Written Essays - 2500 words

Information security policy - Essay Example The researcher states that as this is an information age, information is now in the form of digits that flows on an electronic computerized network. Organizations are dependent on these digital communication channels for transferring and exchanging classified information such as confidential information, mission critical information and information that is published for the people. As information is a blood life of any organization, it is vital to protect information by implementing physical, logical and environmental controls. In the context of protecting information security, three fundamental factors must be considered to make use of digitized information in an effective manner i.e. Confidentiality, Integrity and Availability. As there is a requirement of protecting this digital information internally and externally, policy is a control that provides necessary steps, procedures and processes to protect information. These are also considered as high level statements derived from th e board of the organization. â€Å"Information security policy is therefore considered an essential tool for information security management†. Different factor that may influence to tailor the policy includes organization size, dependence on information systems, regulatory compliance and information classification scheme. For addressing all issues related to information security via a single policy is not possible, however, to cover all aspects related to information security, a set of information security policy document focusing on different group of employees within the organization is more suitable. This paper will discuss different factors that must be taken in to account when constructing and maintaining an information security policy. However, there are many methods available for constructing an information security policy, the initial step before adopting any one of the methods is to identify the current maturity level of the policy construction process within the org anization. The outputs will be either no information security policy development process in place or there is an extensive policy development process exists. Information Security Mission Statement Nexor Solutions and Nexor Solutions employees are intrinsic and responsible for protecting the physical information assets, confidential data and intellectual property of the organization. Likewise, these physical and intangible assets must be protected from potential threats to Nexor Solutions and Nexor Solutions employees. Consequently, the information security policy for Nexor Solutions is a critical business function that must be integrated within the business operations covering all aspects of Nexor Solutions business procedures, processes and tasks. However, to achieve these objectives, policies and procedures are already in place i.e. Acceptable Use Policy of Nexor Solutions. Information security is the basis for the business that must be integrated into each function of the organiz ation i.e. administrative service, planning and development, sales and marketing and operations, as these functions require precise controls for mitigating the risk from normal business operations. State and federal laws associated with information security and privacy are applicable to Nexor Solutions, as non-compliance will impose fines, stakeholder confidence, audits and direct revenue loss for Nexor Solutions. Overview As information security (Detmar Straub, Goodman et al. 2008) has now become everyone’s business, every employee of Nexor Solutions is accountable making themselves aware with the compliance with Nexor Solutions policies, procedures and standards associated with information security. Likewise, a policy is considered as a tactical control followed by budgets and organizations (Osborne, Summitt, n.d). Information Security is defined as: â€Å"The protection of information systems against unauthorized access to or modification of information, whether in

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.