MMT2 IT strategic solutionTask 3

Topics: Security engineering, Access control, Physical security Pages: 15 (3990 words) Published: August 4, 2015
Running Head: MMT2 Task 3 – Security Policies

 

IT Strategic Solutions – MMT2 Task 3

Evaluating Security Policies
Western Governor’s University

 

1

MMT2 Task 3 – Security Policies

2

A. Evaluation of AEnergy’s Security Policies in Regard to Ethical Issues Security policies constitute a single or group of documents that explicitly define the security safeguards, processes and procedures adopted by an organization to govern access to its premises and systems. Security policies also serve to govern the behavior and activities of internal and external users to whom access to the organization’s network, data or other sensitive information might be granted. In order for security policies to be effective, they must be comprehensive, easy to understand, acknowledged by and readily available those expected to comply with them. They must also be reviewed and updated regularly as the needs of the organization change and in response to new and increasing security threats. One important factor to consider when developing or evaluating security policies is to determine whether any of the policies constitute, in part or as a whole, a violation of widely accepted ethical standards. It is crucial to balance the organization’s need for security with the individual rights of its internal and external clients and employees.

A preliminary review of AEnergy’s security policies reveals that the company is employing enterprise level security procedures to safeguard the employee and client data on its network. Some of the techniques employed include the use of access control lists, system monitoring, strong passwords and trend analysis to ensure only those authorized are able to access sensitive data. The company tracks account usage to ensure that clients and employee cost centers are billed appropriately for their access. The company also classifies its data based on sensitivity and confidentiality to ensure that employees, vendors, partners and clients treat particular pieces of data alike.

MMT2 Task 3 – Security Policies

3

In reviewing these policies with respect to ethical issues, I have chosen the following points of focus:


Availability and accessibility of security policies to employees and external users

It is unethical to expect employees and clients to adhere to security policies if those policies are not made available to them. From the policy documents reviewed it was clear that AEnergy makes every possible effort to ensure users, employees, vendors and clients are aware of the security policies. For example, certain policies are made available on the company’s website to ensure that external clients are able to access and adhere to them. •

Privacy with respect to email or network activity monitoring and tracking

AEnergy’s ability to protect and secure its employee and client data is crucial to its success as a company. It is hence understandable that the company scans outgoing emails, monitors network traffic and activity and employs other safeguards like access cards to secure its data. However those actions could potentially violate the privacy of AEnergy’s employees. For example, the company requires its employees to mark personal emails by placing the word “personal” in the subject line to prevent its systems from scanning and logging those emails for security analysis. However marking such emails simultaneously allows the company to track whether intentionally or not how often particular employees are sending personal emails. It also allows those emails to be singled out and targeted for review in violation of the sender’s privacy by any employee with appropriate access to the company’s email servers. This poses an ethical issue for the company. Network activity monitoring can also violate employee privacy especially when the security policies do not define what kind of activity is acceptable and what is not.

MMT2 Task 3 – Security Policies


4

Use of location...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • MMT2 IT strategic solutionTask 4 Essay
  • MMT2 IT strategic solutionTask 2 Essay
  • MMT2 IT strategic solution task 1 Essay
  • Strategic Plan Part 3 Essay
  • Strategic Management Chap 3 Essay
  • Strategic Management Case 3 Essay
  • Strategic Choices Essay
  • Strategic Management Essay

Become a StudyMode Member

Sign Up - It's Free