Saturday, November 2, 2019

Information Security and Ethics Essay Example | Topics and Well Written Essays - 1000 words

Information Security and Ethics - Essay Example Professional ethics plays crucial role in helping information security professional to execute their duty. However, to ensure maximum information security, organizations need to institute relevant legislations to guard against information security breach. This paper explores policies and procedure that organizations should implement to secure their confidential information. It is crucial that security forms an integral part of organizational culture. Protecting the firm from possible information security breach should be a major focus of the company’s operational process. To achieve this, security policies or e-policies provide the fundamental framework for an organization to beef security over its crucial information. Security policies are regulations that outline how organizational information are supposed to be used in executing daily organizational tasks and also dictate who is authorized to access what information. What Are Security Policies or e-policies? A security poli cy can be referred to as a document that gives guidelines on how an organization intends to protect its physical as well as information technology assets. According to Ciampa (2010), a security policy refers to â€Å"a document that outlines the protections that should be enacted to ensure the organization’s assets face minimal risks.†An organization’s security policy is usually referred to as a living document because it is continuously upgraded to meet emerging organizational challenges in the face of organizational change and evolving employee requirements. The security policy of an organization usually reflects on policy implementation requirements and possible corrections in case loopholes are detected (Ciampa, 2010). Recommended Information Security Policies for Organizations Control over Access to Computer Rooms In order to ensure high level security for crucial organizational information, computer rooms should be kept under lock and key at all times. Com puter rooms should have doors fitted strongly and manned by security officers at all times. In addition to locking computer rooms, there should be security officers deployed to man the doors to main information areas. Only authorized personnel should access such rooms through user authentication process. Use of Passwords and Authentication Procedures The organization should have documented guidelines to control access over its crucial information areas. All computers in the organization should have passwords in relation to security demands. These guidelines need to be assessed on regular intervals. The guidelines should have password requirement and control the storage of such passwords. All users of information accessing information system of the company must be authenticated. Individuals who are authorized to access company information should have unique blend of usernames and passwords to bar unauthorized personnel or external intruders from gaining easy access to the organizatio n’s private information. Information users are held responsible for the usage of their passwords and usernames, which they should keep secret unless called upon by the chief security officer to disclose such passwords and usernames. Data Encryption Policy The second policy that an organization can establish to protect its valuable information is data encryption. In recent times, there have been numerous

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.