Security Policy

As sad as it is to say, the possibility of having our data exposed to a malicious attacker nowadays is constantly increasing. This is mainly due to the fairly high number of ‘security illiterate’ staff also having access to sensitive and sometime even secret business information. As such, Information Security has come to play an extremely vital role in today’s fast moving but invariably technically fragile business environment. To that effect, the importance of establishing good security policies cannot be overstated. This does not only serve to enhance a company’s daily business procedures and transactions, but also to ensure that the much needed security measures are implemented with an acceptable level of security. A security Policy is basically a plan outlining a company’s critical assets are and how they must (and can be) protected. Its main purpose is to provide staff with a brief overview of the ‘acceptable use’ of any of the information assets as well as explaining about conduct and what is deemed as allowable and what is not. The main reasons behind the creation of a formal security policy is to set the company’s security foundations and to explain to staff how they are responsible for the protection of secured information and communications while they are online. The start procedure for a strong policy requires a complete exploration of the network, as well as every other critical asset, so that the appropriate measures can be effectively implemented. Everything starts with identifying the critical information resources.

As building a good security policy further provides the foundations for the successful implementation of security related projects in the future, this is without a doubt the first measure that must be taken towards enhancing security as a way to reduce the risk of the unacceptable use of any of the information resources. In this particular scenario, a formal security policy is proposed for an International company with 75,000 employees,...