MMT2 IT strategic solutionTask 3
IT Strategic Solutions – MMT2 Task 3
Evaluating Security Policies
Western Governor’s University
MMT2 Task 3 – Security Policies
A. Evaluation of AEnergy’s Security Policies in Regard to Ethical Issues
Security policies constitute a single or group of documents that explicitly define the security safeguards, processes and procedures adopted by an organization to govern access to its premises and systems. Security policies also serve to govern the behavior and activities of internal and external users to whom access to the organization’s network, data or other sensitive information might be granted. In order for security policies to be effective, they must be comprehensive, easy to understand, acknowledged by and readily available those expected to comply with them. They must also be reviewed and updated regularly as the needs of the organization change and in response to new and increasing security threats. One important factor to consider when developing or evaluating security policies is to determine whether any of the policies constitute, in part or as a whole, a violation of widely accepted ethical standards.
It is crucial to balance the organization’s need for security with the individual rights of its internal and external clients and employees.
A preliminary review of AEnergy’s security policies reveals that the company is employing enterprise level security procedures to safeguard the employee and client data on its network.
Some of the techniques employed include the use of access control lists, system monitoring, strong passwords and trend analysis to ensure only those authorized are able to access sensitive data. The company tracks account usage to ensure that clients and employee cost centers are billed appropriately for their access. The company also classifies its data based on sensitivity and confidentiality to ensure that employees, vendors, partners and clients treat particular