More Subjects
Your Name
Instructor Name
Course Number
Date
Title: Information Security Policies
A Chief Information Security Officer (CISO) is responsible for implementing policies and procedures to protect the information and data of the organization. These may include implementation of programs for protection, allocation of budget, and other activities related to the protection of the information assets of the organization ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"ORZMIL4y","properties":{"formattedCitation":"(Sohrabi Safa et al.)","plainCitation":"(Sohrabi Safa et al.)","noteIndex":0},"citationItems":[{"id":137,"uris":["http://zotero.org/users/local/WKtM8IGm/items/LHCNEGBU"],"uri":["http://zotero.org/users/local/WKtM8IGm/items/LHCNEGBU"],"itemData":{"id":137,"type":"article-journal","title":"Information security policy compliance model in organizations","container-title":"Computers & Security","page":"70-82","volume":"56","source":"DOI.org (Crossref)","DOI":"10.1016/j.cose.2015.10.006","ISSN":"01674048","journalAbbreviation":"Computers & Security","language":"en","author":[{"family":"Sohrabi Safa","given":"Nader"},{"family":"Von Solms","given":"Rossouw"},{"family":"Furnell","given":"Steven"}],"issued":{"date-parts":[["2016",2]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Sohrabi Safa et al.).
PC Protection Software Policies
The following policies regarding the PC protection software should be implemented within an organization to avoid any data loss due to viruses or errors.
There would be periodical testing of the entire PC by the software to check for any trouble that may be existing in the system. The systems would be checked for corrupted files, virus-infected files and existence of malware on the system.
Any system that is detected to be faulty by the software, would be disconnected from all the resources like the office network and internet, and would be tested remotely to remove any errors that are disrupting the performance.
The data on the infected PC would be recovered on first priority. The tasks of handling the malware and corruption would be the secondary task for the concerned team.
The PC protection software like anti-virus software would be updated as soon as the new updates arrive for the particular software to make sure that it is at an optimal performance level. New software shall be installed and maintained on all the PCs as soon as the approval of them arrives ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a31lAm2V","properties":{"formattedCitation":"(Baker)","plainCitation":"(Baker)","noteIndex":0},"citationItems":[{"id":139,"uris":["http://zotero.org/users/local/WKtM8IGm/items/AK69SJS7"],"uri":["http://zotero.org/users/local/WKtM8IGm/items/AK69SJS7"],"itemData":{"id":139,"type":"book","title":"Evaluating the Necessity of Third-Party Antivirus Software","author":[{"family":"Baker","given":"Erik"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Baker).
Any system that the employees might be using that doesn’t belong to the organization would be given the same treatment as the official systems. This would include the installation of the standard PC protection software. The PCs would also be tested to make sure that it won’t be of any harm to the organizational data.
In case there is an issue detected by the employee then he would be responsible for reporting it immediately to the concerned department for handling.
External Access to Corporate Network Policies
Many large organizations tend to utilize their own networks to make sure that the performance is maximum and that the data is secured from any unauthorized usage. Some of the employees may be given the right to access the network from outside the office environment ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"y2AzWilW","properties":{"formattedCitation":"(Safa and Von Solms)","plainCitation":"(Safa and Von Solms)","noteIndex":0},"citationItems":[{"id":138,"uris":["http://zotero.org/users/local/WKtM8IGm/items/X678UQAE"],"uri":["http://zotero.org/users/local/WKtM8IGm/items/X678UQAE"],"itemData":{"id":138,"type":"article-journal","title":"An information security knowledge sharing model in organizations","container-title":"Computers in Human Behavior","page":"442-451","volume":"57","source":"DOI.org (Crossref)","DOI":"10.1016/j.chb.2015.12.037","ISSN":"07475632","journalAbbreviation":"Computers in Human Behavior","language":"en","author":[{"family":"Safa","given":"Nader Sohrabi"},{"family":"Von Solms","given":"Rossouw"}],"issued":{"date-parts":[["2016",4]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Safa and Von Solms). Policies regarding such concepts are
The external access privileges would only be granted to the designated employees of the organization. These employees would be able to utilize the office network on designated PCs only. The PCs that would be utilized would be properly checked and equipped with the necessary software to make sure that the standards of the corporation are maintained.
The privileges to access the corporate network would be restricted for the employees. Each employee would be using the corporate network for particular tasks while other tasks would not be allowed. The privileges assigned would be on the basis of the task that has been assigned or the designation that the employee holds in the office.
Utilization of the corporate network would be only be for the purpose of the tasks of the corporation and no outside the business tasks would be handled through this network.
It would be the duty of the employee to protect the corporate network through any unauthorized usage from any outsider. This would mean keeping the credentials a secret and not allowing anyone else to handle the tasks related to the business. Failing to do so would result in actions against the employee at fault.
All the tasks shall be done on the official servers and no data shall be saved on the personal PCs that are related to the business.
Works Cited
ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Baker, Erik. Evaluating the Necessity of Third-Party Antivirus Software. 2018.
Safa, Nader Sohrabi, and Rossouw Von Solms. “An Information Security Knowledge Sharing Model in Organizations.” Computers in Human Behavior, vol. 57, Apr. 2016, pp. 442–51. DOI.org (Crossref), doi:10.1016/j.chb.2015.12.037.
Sohrabi Safa, Nader, et al. “Information Security Policy Compliance Model in Organizations.” Computers & Security, vol. 56, Feb. 2016, pp. 70–82. DOI.org (Crossref), doi:10.1016/j.cose.2015.10.006.
More Subjects
Join our mailing list
© All Rights Reserved 2024