Information security policies
Security policies form the foundation of a security infrastructure. An information security policy defines the basic security requirements and rules to be implemented in order to protect and secure the organization’s information systems.
Without them, it possible to protect the company from possible lawsuits, lost revenue, and bad publicity, not to mention the basic security attacks.
A security policy is a high-level document or a set of documents that describe, in detail, the security controls to implement in order to protect the company. It maintains confidentiality, availability, integrity, and asset values.
A security policy also protects the company from threats such as unauthorized access, theft, fraud, vandalism, fire, natural disasters, technical failures, and accidental damage. in addition, it protects against cyber-attack, malicious threats, international criminal activity foreign intelligence activities, and terrorism.
Policies are not technology-specific and accomplish three things:
- They reduce or eliminate the legal liability of employees and third parties.
- Which protect confidential and proprietary information from theft, misuse, unauthorized disclosure, or modification.
- They prevent wastage of the company’s computing resources.
All security policies must be documented properly and they should focus on the security of all departments in an organization. Management should take into consideration the areas in which security is most important and prioritize its action accordingly.
But prioritize its actions accordingly, but it is very important to look into each department for possible security breaches and ways to protect against them.
The following information security systems in an organization might require more attention in term of security:
- Encryption mechanisms
- Access control devices
- Authentication systems
- Antivirus systems
- Web sites
- Routers and switches
There are two types of security policies: technical security and administrative security policies. Technical security policies describe the configuration of the technology for convenient use; administrative security policies address how all persons should behave. All employees must agree to and sign both the policies.
In an organization, high-level management is responsible for the implementation of the organization’s security policies. High-level officers involved in the implementations of the policies include the following:
- Director of information security
- Chief Security Officer
The following are the goals of security policies:
- To maintain an outline for the management and administration of the network security
- Protect an organization’s computing resources
- To eliminate legal liabilities arising from employees or third parties
- Prevent wastage of company’s computing resources
- To prevent unauthorized modifications of data
- Reduce use caused by illegal use of the system resource
- Differentiate the user’s access rights
- Protect confidential, proprietary information from theft, misuse, and unauthorized disclosure
Types of Security Policies
A security policy is a document that contains information about the way the company plans to protect its information assets from known and unknown threats. This policy maintains the confidentiality, availability, and integrity of information. The four major types of security policy are follows:
Promiscuous Policy: This policy does not impose any restrictions on the usage of system resources.
Permissive Policy: Policy begins wide-open and only the known dangerous services/attacks or behaviors are blocked.
Prudent Policy: A prudent policy forbids everything. There is a restriction on all use of company computers, whether it is the system usage or network usage.
That’s it on this topic if you need more information about it you can comment below. We will help you as soon as possible. If you want to learn Hacking you should check this.
– Ajinkya Kadam