Maintaining the information security is core part of the business today. Many businesses today maintain the security as an essential part of their business. It is also important for business to maintain the availability, integrity and confidentially of information in order to remain in business. Failing to maintain those three core values of information security might lead to unsuccessful business.
Some of the important information like manufacturing records, sales, financial, customer, employee records are kept on computers. But how safe are all these information. In today’s digitized world, with the access of Internet this information can be easily stolen from any parts of the world. Some of our confidential information can be compromised. Business might implement strong security technologies to avoid any kinds of hack. But how about the policies and procedures that will help keep your business/organization’s information confidential? It is very important to create and implement several security policies to define the overall security strategy.
All the business must have an information security policy that covers Enterprise information security policy, Issue-specific security policy (ISSP) and System-specific security policies. An Enterprise information security policy will focuses on issues relevant to every aspect of an organization. It sets the strategic direction, scope and tone of an organization’s security efforts. An Issue-specific security policy security policy provides detailed, targeted guidance to instruct all members of the organization in the use of resources. It focuses on specific department, network services, and function. A system specific security policy focuses on individual systems or types of systems and prescribes approved hardware and software, outlines methods for locking down a system, and even mandates firewall or other specific security controls (Marcelo Ferreira’s linkedin post).
No matter how large or small your organization is, it is very important to have a information security policy in place. It will provide a framework to keep your company at a desired security level by assessing the risks you or your organization might face. Think about this, your organization’s information is crown jewels of your business. You wouldn’t want someone to steal your crown jewels, right? You want to keep it safe and secure. I strongly believe, every organization should have a strong information security policy.
Reference:
Ferreira, M (n.d.). Why having an information security strategy is important for an organization. Retrieved from URL: http://www.linkedin.com/
Kadam, A (n.d.). Why information security is important for your Organization. Retrieved from URL: http://www.
No comments:
Post a Comment