Course Project
Author Note
Table of Contents
Introduction: 3
Policies for Information Security: 3
Key Elements: 3
Information Security Level: 4
Method for Keeping Policies and Checklist Current: 4
Areas of Responsibility: 5
Access Controls: 6
Authorization and Identification: 6
Data Integrity: 6
Encryption Methods: 6
Remote Access: 7
Removable Media: 7
Data Transfer: 7
Audit Control: 8
Contingency Plan for Information Security: 8
Disaster Recovery: 8
Conclusion: 9
Reference: 10
Introduction:
The following article has concentrated on the information security policy of a multinational organization that operates in various other countries. It has enlightened different aspects of the security policy, such as- the key elements of the security policies, various aspects that is covered by the security policies and so on.
Policies for Information Security:
There are many laws policies have been incorporated in the rulebook by the government to protect the privacy of the business organization. While making the organizational policy, the management of ABC organization must consider the law of the local government. It will be helpful for them to protect the privacy of the organization. As the organization operates in various parts of the world, it is highly required for the ABC management to obey the data protect law of every country to achieve the long term organizational goal.
Key Elements:
Information Security Policy mainly based on three key elements, such as- Policy Statement, Requirements and Use of the Policy.
Policy Statement: Policy statement includes all the required policies for the organization that ensure the safety and privacy of the organization. All the members of the organization are responsible to adopt these policies to operate the organizational function properly (Peltier 2013).
Requirements: Policy statements are mainly based on the requirements of the organization. A business organization deals with several stakeholders. Thus, it demands different type of security level for different stakeholders. Different policies are designed accordingly, such as- policies for users, policies for vendors, policies for the employees who work online and so on (Siponen, Mahmood and Pahnila 2014).
Use: The final and most crucial step is the way of using security policies. It includes all the method that are applicable to restore organizational data, how to maintain security of official data and so on (Siponen, Mahmood and Pahnila 2014).
Information Security Level:
There are three levels of information security, such as- High, moderate and low.
High level indicates severe loss of the organization due to the damage of the assets or the organization is not capable of performing in an appropriate manner due to some serious loss of data (Peltier 2016).
Moderate level indicates that the organization is able to perform but the impact of the organizational function has been reduced to some extent (Peltier 2016).
Low indicates that the organization is able to perform and the impact of the function has been noticeably reduced. However, the number of damage is also low (Crossler, et al. 2013).
Method for Keeping Policies and Checklist Current:
Organizational management needs to consider some factors while designing the security policy and the checklist for the organizational safety, such as:
They must identify the sensitive information of the organization that needs to be preserved.
In order to preserve that information management must select the most critical systems that will be suitable to protect this information.
They must consider state government rule and policy while incorporating security policy within the organization.
They must determine the goal and objective of the security policy to establish the security checklist.
Must evaluate the impact of the security policies of the organization to keep updated the security policy and checklist, as it will help them to identify the loopholes and the responsible areas where they need to focus to stay updated.
Areas of Responsibility:
There are several departments that are responsible to maintain organizational privacy and security, such as- executive directors, board of directs, risk managers, information security managers and so on (Cavusoglu et al. 2015). There are various areas of responsibility that need to be performed by the organizational members. They are as follows:
They must identify the requirement of the organization and design their security policies and structure accordingly.
All the members must have a clear idea about their role and responsibility and how to maintain privacy. They must be informed by the security manager of the organization.
All secret password and code must remain secret from the outsiders, organizational members must be aware of the fact.
They must be careful while using any secret code in public.
All the organizational members need to respect the privacy of the organization.
Access Controls:
Organizational management and security manager of the organization must be aware while sharing any access with other employees. They must only rely on the loyal and experienced employees who are able to handle any kind of difficult situation and associated with the organization for a long time (Von Solms and Van Niekerk 2013).
Authorization and Identification:
Authorization and identification needs to be secret and it needs to be hard to identify, so any common people cannot identify these things easily. Authorization such as username and identification such as password plays crucial role in the organizational privacy and security. It must be kept secret in order to maintain organizational privacy for a long time. Otherwise, the organization may face various difficulties (Yang, Shieh and Tzeng 2013).
Data Integrity:
In order to maintain data integrity, the organizational management must protect their data in the safe place with strong password and secret code. A multinational organization that operates in several other countries must have many crucial data to preserve. Thus, to maintain data integrity, the password of secret code must be unique that are hard to understand instead of null (Ifinedo 2014).
Encryption Methods:
The business organization must maintain two different aspects, one for public and one for private. It will be beneficial to maintain organizational privacy. There are many other viruses that can be used to hack the important data of the organization. Thus, organizational management needs to incorporate modern and efficient techniques for encryption (Safa, Von Solms and Furnell 2016).
Remote Access:
Remote access is highly beneficial to operate the organizational function from the remote distance. However, the organizational management must use this benefit very carefully. Otherwise it may harm the privacy of the organization. Thus, the multinational company must use Integrated Services Digital Network (ISDN) for the remote access. It will help the organizational members to use data from other offices. ISDN must be attached with the wireless or cable or domain. It will be helpful for accessing all the organizational data from the remote areas (Andress 2014).
Removable Media:
Removable media such as DVD, CD, Pen drive, Memory Card can be used to store any kind of organizational data. These devices are easy to use and carry from one place to another place. These Medias are also an integral part of the organizational information security. In order to carry any data or information or important element for presentation from one place to another, these devices are considered as the most useful things. However, members must be aware while carrying these devices; otherwise it may cause loss of data (Safa, Von Solms and Furnell 2016).
Data Transfer:
Data transfer is a method to transfer data from one point to another point or multiple points together. Data are mainly transferred via email and common network printer. In order to transfer any confidential data, the ABC management needs to rely on the loyal modern and scientific techniques to transfer the data properly (Andress 2014).
Audit Control:
Audit plays vital role for every business organization which reflects the achievement of the organization. Thus, there are many laws and policies for the audit control. However, the operational managers and the auditors must monitor all the activity and they need to make a checklist to prevent any kind of fraud (Andress 2014).
Contingency Plan for Information Security:
The organization must develop and adhere to the contingency plan for information security.
They must identify the requirement of the organization that are associated with the contingency plan.
Management must provide training to their organizational members regarding their role and responsibility according to the plan.
They must exercise all the policies and method regularly.
Disaster Recovery:
The organizational management must appoint a risk management team who will be responsible to resolve the organizational issues.
They must monitor the organizational operation to avoid any kind of disaster.
The risk management team must identify the reason of disaster in order to resolve the issues.
They must communicate with the higher authority about the issues and implement required changes within the organizational structure to ensure bright future of the organization.
They must involve all the organizational member in the process and encourage them to adopt the strategies to avoid any kind of future risk.
Conclusion:
As per the previous discussion, it can be stated that organization ABC must concentrate on few aspects while designing the data protection policy for the organization, such as: they must consider the local government policies in order to strengthen their privacy policy; risk management and disaster management team must be appointed to protect the organization from any kind of fraud or cheating and maintain the organizational safety; they must incorporate modern and scientific techniques to ensure the privacy level; apart from that they must rely on their loyal employees for any kind of access of the security code or password.
Reference:
Andress, J., 2014. The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress.
Cavusoglu, H., Cavusoglu, H., Son, J.Y. and Benbasat, I., 2015. Institutional pressures in security management: Direct and indirect influences on organizational investment in information security control resources. Information & management, 52(4), pp.385-400.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security, 32, pp.90-101.
Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations. computers & security, 56, pp.70-82.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.
Yang, Y.P.O., Shieh, H.M. and Tzeng, G.H., 2013. A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Information Sciences, 232, pp.482-500.