Week Four CMGT 400

Topics: Access control, Information security, Security Pages: 8 (1604 words) Published: November 24, 2014

Week Four: Role of Information Security Policy
October 20, 2014

Role of Information Security Policy
The process and methods of keeping information confidential, available, and assuring its integrity is referred to as information security systems or INFOSEC. Information security systems include access controls that prevent the entrance or access of a system by unauthorized personnel, information protection regardless of the format or location (email or in a storage capacity), detection and documentation as well as remediation of security breaches. Information security systems covers more than computer information, data protection and information including telephone conversations are included with that security. Information Security Policy

Maintaining information systems security involves policies and standards of which are great importance. The policy definition according to Rouse (2014), reads “In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets.” Technology and employee requirements change throughout time, therefore the security policy is often considered a living document, requiring updates and is never quite finished. The company may include an acceptable use policy within the policy which is a description of the company’s plans for employee education. The education includes protecting the company’s assets, how to carry out and enforce security measures, and tracking how effective the current security policy is so corrections can be made in the future. Information or data is a vital component of any business. The potential of company collapse is high once the data they have becomes compromised, meaning untrustworthy or invaded by an unwanted third party. Businesses depend on the availability and secrecy of their data, which are both important to the company’s performance. Protection of the data which could include confidential information such as credit cards, addresses and private documents along with the fiscal data of the company are all important. In the event of a breach, the company would face fees, penalties, and legal ramifications. Having a data security system in place safeguarded by security plans greatly decreases the possibilities of breaches and compromise during data integration. Technology has become very important in many industries to the control and keeping of systems and documents which in turn is creating more concern with the control and protection of information. The information protection plans have to account for the increasing security difficulties regarding the workers. The inadvertent or deliberate acts and activities that the employees indulge in can be dangerous to the security of the company. To assist with the education when a violation occurs, it’s not uncommon for a company to publically address the situation. By publically informing the workers of the non-conformance or violation, the company highlights the importance of following the policies in turn is to help drive home the importance of the policies in place. As an example of violations, Cisco, which is an American multinational corporation that designs, manufactures, and sells networking equipment, commissioned a third party market research firm, InsightExpress. The third party conducted a worldwide study of employees and IT professionals totaling 2000 respondents. Research discovered that employees around the world are engaging in risky behavior that places corporate and personal data at risk, in spite of the security policies, procedures, and tools the corporations have in place. ("Data Leakage Worldwide: Common Risks And Mistakes Employees Make", n.d.). The list includes:

• Unauthorized application use: 70 percent of IT professionals believe the use of unauthorized programs resulted in as many as half of their companies' data loss incidents. • Misuse of corporate...

References: Rouse, M. (2014). Security Policy. Retrieved from http://searchsecurity.techtarget.com/definition/security-policy
Data Leakage Worldwide: Common Risks and Mistakes Employees Make. (n.d.). Retrieved from http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/data-loss-prevention/white_paper_c11-499060.html ((Paraphrased material and the block citation))
Rouse, M. (2014). role-based access control (RBAC). Retrieved from http://searchsecurity.techtarget.com/definition/role-based-access-control-RBAC
How role-based security can be used to control access to entities in Microsoft Dynamics CRM. (2013). Retrieved from http://msdn.microsoft.com/en-us/library/gg334717.aspx#bkmk_access ((Paraphrased material))
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Cmgt 400 Week 2 Essay
  • CMGT 400 Complete Class Essay
  • CMGT 400 Entire Course Essay
  • Cmgt 400 Week 2 Common Information Security Threats Essay
  • Cmgt week 2 Essay
  • CMGT 400 Week 5 Presentation Essay
  • Essay on CMGT 400 Week 1 DQs

Become a StudyMode Member

Sign Up - It's Free