Implementing Security Policy in Organizations
The issue of Information system security is gaining importance in an organization and the growth, and domination of the business highly depends on it. A practical approach is gradually substituting the imprudent method of managing security. The Information Technology infrastructure nowadays is becoming more complex, complicated and diverse, whereas the exposure of a business to security threats is increasing due to its weakness. This issue calls for planning and development of security measures to protect the systems and prevent attacks throughout the organization’s infrastructure that includes network, servers, terminals, software infrastructure, emails, and databases. The aptitude of the measures is dependent on some factors such as the architectural plan of the IT system and the management level. The management of every organization should take part in ensuring that the security countermeasures are well planned and that the operations around it get carried out as per the devised plan. Security policy produces a structure to defense plans that attempt to place the measures for efficient protection. The policy establishes a process to identify the organization’s weak points, the threat of an organization and unravel the difficulty of the IT infrastructure to offer better alternatives to improve the security level. It provides various techniques for better development and management of the security control measures; it allows development of the operational plans for optimizing the limited resources and efforts. By developing strategic measures to counter security issues, the organization benefits a lot, not only at the moment but also for years to come. This document attempts to explain some of the IT security strategies that when properly utilized, they will be the useful tool for ensuring that the organization is secure from all the possible threats. The document also tries to explain the importance of the IT security strategies to the organization.
Information Technology Security Strategies
The most organization defines security policy as a document(s) describing the security measures used in organizations. The security policy does not specify the particular technologies to use but rather describes the conditions that are helpful in ensuring that the organization’s assets are safe and that the business conducts its operation without commotions. IT policies cover the data, network and computing devices of the organization. A good IT policy must cover areas such as resource utilization, and limitation of legal liability, preservation, and protection of information. The strategies in ensuring the security of information systems should cover all the areas in the IT since if a single part is left out, the attackers will use it to intrude the organization’s IS and destroy or take what they want. Some measures that should get implemented are one or more of the following.
Password policies are usually developed to manage authorization of users in organizations. With strong and protected passwords, attackers will not easily enter the system and possibly use other person’s accounts to alter data or steal information. Some of the strategies used in password policies include the use of strong passwords, usually a minimum of eight characters and consisting of a combination of letters (uppercase and lowercase), numbers and special characters. Besides, some systems provide limited chances (possibly three) of password input trials and after failing to provide the correct password after the last attempt, the account is locked. Other systems provide multiple passes to verify that a person is worth authorizing. There are different types of security authentications. The common one is the use of passwords. Others include the biometric authentication, a technique which is gaining high popularity in the recent past. Authentication is important in ensuring that a user’s account does not tamper.
Usually, authentication is associated with roles, privileges, and profiles. Privileges define the rights to perform a particular command or to access another user’s object or profile. For example, in Standard Query Language (SQL), some of the privileges include connecting to the database, creating the schema and running another user’s procedures. The users in a system can be assigned roles that they can perform without limitations. For example, in an e-commerce system, a customer is allowed to add the product to cart, view cart details as well as the popular products, but he/she is not allowed to access another customer’s cart details! If the customer misbehaves with some of the privileges, then he may be denied.
Another strategy of ensuring the security of IT systems includes physical security measures that include the use of office locks and CCTV cameras and automated security. People are forgetful, especially after a heavy workload such that they may leave their accounts logged on before leaving their offices. This condition paves the way for an intruder who may pass through the door and steal the data from the personnel’s account. By the time the personnel comes back, the intruder will already take what he/she needed, such as the backup disk or sensitive data. The organizations need install doors that automatically lock so that the user’s work and an office are not under threat. Besides, the organization needs to install CCTV cameras at different areas and employ a person to monitor the area. The systems should also get designed in such a way that they automatically log off after some time when inactive.
The third important strategy is the use of high-quality IT devices and techniques. Scientists and technologists come up with new inventions and developments every year. For example, the development of fiber optic media came with advantages. Initially, the network media were prone to attacks since the attackers would easily interfere with the wire devices. As for the fiber optic cables, it is difficult to sniff the packets getting transmitted. The choice of cryptographic encryption algorithm is important because the more an algorithm gets hard to crack, then the encrypted information will not easily get interfered. The systems should be developed using powerful programming languages so that they become secure. For example, use of object-oriented programming languages such as Java is usually recommended because it provides multiple security layers which are not easy to analyze. The procedural languages such as the C are more likely to be prone to threats.
Importance of implementing the strategies
The primary goal of information security is keeping information secure and safe. The policy addresses the need to ensure that the IT infrastructure gets protected from all factors that may compromise its security. The security of the IT consists: confidentiality, integrity, and availability. As time goes by, the technology changes and more systems are implemented to satisfy user’s needs. The network connecting different IT users is increasing and therefore the threats to those networks are very high. So many intrusions happen and are reported in many organizations and most cases the hackers get away before getting caught and realized. A good policy is important in minimizing the risk and protecting and organization against threats and attacks. Also, the policy will also provide a guideline for the users to comply with appropriately. When security issues arise, the policy will be helpful in providing a way to handle it.
The technology change and organizations globally face so many issues as far as their Information security is concerned. The best way to handle such issue is to minimize the chances and planning for the way to manage the issues in case an attack arises. The policy will function to ensure that the organization is always ready to handle any problem that comes forth.