Math

Developing Security Policies For Protecting Corporate Assets

1. Introduction

The Digital revolution of the 21st Century has not been achieved without its

consequences. Real time business requirements and economic drivers have forced

rapid changes to the methods used to conduct business-to-business and business

to client communication. The Internet has now become a convenient and economic

deployment medium for global business.

With the ever-increasing number of connections and growth of the Internet, security

has become an issue for not only for the corporate environment but also for home

user. This has never been more apparent then after the Code Red worm incident.

All user populations were affected.

Security assurance and user-friendly sites are required if businesses are to be

successful at attracting customers to their Internet sites. It is therefore important to

be able to understand the business requirements and be able to translate these into

a public network presence with security in mind. A security policy is derived to

provide guidelines on how to best conduct business with security, confidentiality,

integrity, and accessibility in mind.

Security is a vast area; therefore it is not possible to cover all aspects in the scope of

this paper. The paper will focus on some aspects of a security policy with an aim to

protect assets from risk.

2. Scope of possible policies

Security policies govern the steps and procedures taken to protect business assets

and confidential information from intrusion via the use of technology or physical

intervention. When considering the possibility of transacting business over public

networks, the goal should be how best to protect corporate ass ets, data integrity and

confidentiality.

Business assets can be considered to be and include items such as valuable and

sensitive data that needs to be kept secure and confidential. For example financial

data, client information or employee contract details....