Information Security and Protection – the Importance of Policies and Standards
Essay Preview: Information Security and Protection – the Importance of Policies and Standards
Report this essay
Information Security Policy
The Importance of Policies and Standards
For any business, the need to protect its assets is just as important as the need to maintain or increase its bottom line. If a business does not, will not, or cannot enact a sufficient security plan that is the equal to or greater than its needs, it may find itself rapidly losing its assets, its monies, or completely out of business. In addition to a robust security policy, there must also be robust standards put into place to clearly define the roles the employees, as well as the management, must play in order to properly enact those roles.
Security and unauthorized decryption and access (also known as hacking) are running a perpetual race for primacy. This aforementioned primacy switching hands alternately, white-hat, black-hat, white-hat, black-hat, etc., It is because of this back and forth evolutionary process that a company cannot have just a good security policy for the moment, but they must have a security policy that is scalable and has the growth potential to keep pace with the next new powerful threats that are poised to come down the pike inevitably.
There is also a less colorful reason that information security practices must have policies and standards, and that less colorful reason is compliance. There are many government bodies that have been established for just this very important reason. As stated by the Rutgers Office of Information Technology, “The protection and management of non-public personal information (NPPI) must comply with a variety of state and federal laws. Accurate and reliable reporting according to these laws has an impact on the business and financial health of (any institution). Failure to comply with these guidelines can have direct effects on the businesss ability to do business and continue its mission.”
The Role of the Employee
With all the elements that have to be taken into account when defining a suitable information technology security plan, the planners can fail to think of one potential devastating threat: people. Now while outside people (or users) are always looked at as being possible assailants to the information system, inside people (or the employees) can be overlooked because they are usually considered to have the best interests of the company at heart.
Now this is not to say that a companys employees are out to destroy the company they work for. Sometimes, it is quite the farthest thing from an employees mind. It is usually negligence, carelessness, and the attempted circumvention of established guidelines that usually causes the most problems. According to Center on Human Development and Disability (2010), things like: “reporting all suspected security and/or policy breaches to an appropriate authority, not disabling firewall and/or anti-virus applications, protecting access accounts, privileges, and associated passwords, accepting accountability for individual user accounts, and above all, maintaining confidentiality, are all accepted ways for employees to aid in the fight to protect their companys assets.”
Security Access Levels
Security access levels are a vital portion of securing an information security system and there are many ways to define them. The first one that may spring to