Cyber Security Policy and Strategy for a Pharmaceutical Company

Verified

Added on 2023/01/12

AI Summary

This report addresses cyber security concerns within a multinational pharmaceutical company in the West Midlands, focusing on the development and implementation of an information security policy. It begins with an introduction to cyber security, emphasizing its importance for protecting organizational data and resources. The report then delves into the significance of an information security policy, outlining its role in maintaining data safety, improving organizational operations, and ensuring compliance with standards like ISO 27001. It discusses the background, purpose, and scope of the policy, including roles, responsibilities, and a framework covering governance, risk management, and various security aspects. The report also covers implementation, training, monitoring, feedback, and reporting mechanisms. Finally, it concludes by summarizing the importance of information security policies and the distinction between security governance and policy, reinforcing the need for robust cyber security measures to prevent internal and external threats.

Cyber Security

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
INTRODUCTION...........................................................................................................................1
Information Security Policy for Organization.............................................................................1
CONCLUSION................................................................................................................................3
REFERENCES................................................................................................................................4

INTRODUCTION
Cyber Security is one of the main concern of many organizations in order to keep their
business safe and secure from external and internal threats in the organization. There are various
policies are implemented by the organization in order to keep organizational resources safe and
secure from different type of risks. For the pharmaceutical company this is important to keep
their information and data secure from external issues and internal issues in order to maintain the
effective production and operations within organization. This security policies also can be used
by the company to prevent this king of issues in the business procedures. This report will be
discussing information security policy for the Pharmaceutical in West Midlands. Different
counter measures that can be used by the organization for information security and protection
also will be explained in the report (Bauer and Bernroider, 2017). The implementation of counter
measures also will be explained in the report. Various consideration like Awareness, Training,
monitoring, feedback and reporting will be used in the report.
Information Security Policy for Organization
Importance of Information Security Policy
This is important for the management to implement some policies in the organization in
order to maintain the security and safety of company data and information. The information
security policies that are made by the business organization are reflecting the capability of the
organizational management in order to establish mind set in order to address and solve issues
that are associated with the information security concerns of organization. These policies are
used by the business organization to provide relevant direction and value to individual person in
organization in order to maintain safety of company data and information. These policies can
help the organization in different manner. This policy can improve the operations and functions
of organization in effective manner. It also enables the company to implement the safe
application in organization of Information technology system in organization.
As per the opinion of Safa, Von Solms and Furnell, (2016) this is very important for the
organization to make effective changes and implementation in their business policies in order to
maintain safety and security measures in organization. The security governance can be explained
as a system within an organization that directs and controls Information Technology. The
information security governance provide the solution that who is the authorised to make decision
within organization. It can be used to specify the effectiveness of frame work and ensures the
1

mitigation of risk within organization. The security policy is considered as written document
within an organization that outlines how the information and data will be protected from the
external threats in organization. This is how the security governance and policy can be
differentiated.
Background and Purpose
This is important for the company to avoid the security issues within the operations to
prevent various failures in company. The main purpose of this policy is to implement the all the
security measures in the organization to prevent the risk and business failure situation.
Scope
This policy will be able to revise with the time to implement various security measure
within organization. This is how data security can be ensured in organization. It also ensures that
which people and areas of organization will be affected by this policy.
Roles and Responsibilities
The main role of the Information policy to prevent any kind of physical or virtual data
loss in organization in order to prevent the failure in the operations of organization. This is
responsibility of the policy to keep security measures in organization.
Policy Framework
There are different areas are considered in order to maintain the security within the
organization are- Governance, Compliances and Risk Management, protection marking, asset
control, personal security, information security & Assurance, Physical Security, Counter-
Terrorism and Business Continuity.
Distribution, Training and Implementation
As the implementation of information policy related managers, leaders and employees are
provide with details of these policies. Related trainings are also provided to these people to
implement the policy in the organization practices (Goodman, Straub and Baskerville, 2016).
There are various arrangements are made in the company processes to meet with the
requirements of policy.
Monitoring, Feedback and Reporting
With the implementation of policy various monitoring processes, feedback system and
reporting processes are implemented in the organization in order to implement the policy
successfully within organization practices.
2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Business Continuity
The information security is designed in the way to meet the operational continuity of the
company to avoid the operational and functional failure within organization. By this process
information security is controlled.
CONCLUSION
This report is concluding the importance of the Information security policy with in
organization to keep organizational data and information safe from different internal and external
threats. The difference between the information security governance and information security
policy has been studied in the report. To improve the security of organization new information
security policy also has been made in the report.
3

REFERENCES
Books and Journals
Bauer, S. and Bernroider, E.W., 2017. From information security awareness to reasoned
compliant action: analyzing information security policy compliance in a large banking
organization. ACM SIGMIS Database: the DATABASE for Advances in Information
Systems. 48(3). pp.44-68.
Goodman, S., Straub, D.W. and Baskerville, R., 2016. Information security: policy, processes,
and practices. Routledge.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. computers & security. 56. pp.70-82.
4