Security Awareness: Importance, Types of Policies, and Strategies for Protection
Added on 2022-12-23
7 Pages2173 Words1 Views
|
|
|
Running head: SECURITY AWARENESS
SECURITY AWARENESS
Name of Student
Name of University
Author’s Note
SECURITY AWARENESS
Name of Student
Name of University
Author’s Note
SECURITY AWARENESS1
RESPOND TO QUESTION NUMBER 1
Security awareness is the measure or awareness possess by an organization regarding
the physical data especially the assets and information of the organization. It is a formal
process of security awareness which educates and trains the employees of an organization
regarding the protection of IT information (Bada, Sasse & Nurse, 2019). The security
awareness involves the program to educate the employees, ensuring the security policies of
an organization provided as individual responsibility and the measure to audit these efforts
(McCormac et al., 2017). The security awareness is implemented in an organization to
understand the potential of risk acted by an individual or many to steal, damage or misuses
the data intentionally or accidentally, stored in the system of the organization. The security
awareness training includes:
i) To understand the nature and sensitivity of the information like trade secrets,
government classified information and trade secrets policies.
ii) Reviewing the nondisclosure agreements of the employee, as many of the
employees handles confidential data in an organization.
iii) Understand the proper method of protection of the information which are sensitive
to the organization by enabling the two-factor authentication method and including privacy
security policies.
iv) Understanding the other computer security concerns activities like phishing attack,
computer malware and social engineering.
There are three types information security policies which includes Enterprise
Information Security Policy (EISP), Issue-Specific Security Policy (ISSP) and System-
Specific Security Policy (SysSP).
Enterprise Information Security Policy
The Enterprise Information Security Policy is based on the implementation of general
security policies. The aim, visualisation and direction of an organization are maintained by
the EISP . It the standard set for the growth, implementation and security program initiated
by the management of an organization (Soomro, Shah & Ahmed, 2016). The EISP sets the
tone, direction and scope for all the security policies. The preliminary strategies of the EISP
RESPOND TO QUESTION NUMBER 1
Security awareness is the measure or awareness possess by an organization regarding
the physical data especially the assets and information of the organization. It is a formal
process of security awareness which educates and trains the employees of an organization
regarding the protection of IT information (Bada, Sasse & Nurse, 2019). The security
awareness involves the program to educate the employees, ensuring the security policies of
an organization provided as individual responsibility and the measure to audit these efforts
(McCormac et al., 2017). The security awareness is implemented in an organization to
understand the potential of risk acted by an individual or many to steal, damage or misuses
the data intentionally or accidentally, stored in the system of the organization. The security
awareness training includes:
i) To understand the nature and sensitivity of the information like trade secrets,
government classified information and trade secrets policies.
ii) Reviewing the nondisclosure agreements of the employee, as many of the
employees handles confidential data in an organization.
iii) Understand the proper method of protection of the information which are sensitive
to the organization by enabling the two-factor authentication method and including privacy
security policies.
iv) Understanding the other computer security concerns activities like phishing attack,
computer malware and social engineering.
There are three types information security policies which includes Enterprise
Information Security Policy (EISP), Issue-Specific Security Policy (ISSP) and System-
Specific Security Policy (SysSP).
Enterprise Information Security Policy
The Enterprise Information Security Policy is based on the implementation of general
security policies. The aim, visualisation and direction of an organization are maintained by
the EISP . It the standard set for the growth, implementation and security program initiated
by the management of an organization (Soomro, Shah & Ahmed, 2016). The EISP sets the
tone, direction and scope for all the security policies. The preliminary strategies of the EISP
SECURITY AWARENESS2
is drafted and prepared by the Chief Executive Officer of the organization. However, this
policy may be modified if there is any strategic changes took place in the organization.
Issue-Specific Security Policy
The Issue-Specific Security Policy is an address specific technology, which requires
statement and frequent updates about the position of the organization on certain specific
issues. The ISSP governs over an individual for using their systems and technologies in an
organization (Hettiarachchi & Wickramasinghe, 2016). The ISSP addresses and identifies the
activities like who has the internet access, using photocopy equipment, whether any
individual is using their personal equipment over the company’s network and provides
prevention and prohibits the systems from getting hacked
System-Specific Security Policy
The System Specific Security Policy provides a set of instruction which enacts as a
function or a procedure while configuring the system of an organization. The SysSP, is a
guide to configure the technological support to the information security provided by the
management in a documented format (Järveläinen, 2016). It generally a managerial guide and
technical specification of the system provided by the organization. It is a targeted document
in an organization relating only the specific systems which are designed to address. In brief it
provides a proper guidance in configuring the firewall system.
RESPOND TO QUESTION NUMBER 2
ISO/IEC
ISO/IEC is the joint technical association for the information security standard set by
the International Organization for Standardization and International Electro technical
Commission. The information security provided by the ISO/IEC standard on the basis of the
administrative, physical and technical domains are:
Administrative Security: According to the administrative security the personal
details of the employees must be verified thoroughly including the identity verification by
using any photo ID proof provided by the government. All employees must accept the
confidentiality and non-disclosure agreement which concerns about the security information
of the organization. The HR department must inform the administration when an employee is
taken on, suspended, resigned, transferred or terminated from the job.
is drafted and prepared by the Chief Executive Officer of the organization. However, this
policy may be modified if there is any strategic changes took place in the organization.
Issue-Specific Security Policy
The Issue-Specific Security Policy is an address specific technology, which requires
statement and frequent updates about the position of the organization on certain specific
issues. The ISSP governs over an individual for using their systems and technologies in an
organization (Hettiarachchi & Wickramasinghe, 2016). The ISSP addresses and identifies the
activities like who has the internet access, using photocopy equipment, whether any
individual is using their personal equipment over the company’s network and provides
prevention and prohibits the systems from getting hacked
System-Specific Security Policy
The System Specific Security Policy provides a set of instruction which enacts as a
function or a procedure while configuring the system of an organization. The SysSP, is a
guide to configure the technological support to the information security provided by the
management in a documented format (Järveläinen, 2016). It generally a managerial guide and
technical specification of the system provided by the organization. It is a targeted document
in an organization relating only the specific systems which are designed to address. In brief it
provides a proper guidance in configuring the firewall system.
RESPOND TO QUESTION NUMBER 2
ISO/IEC
ISO/IEC is the joint technical association for the information security standard set by
the International Organization for Standardization and International Electro technical
Commission. The information security provided by the ISO/IEC standard on the basis of the
administrative, physical and technical domains are:
Administrative Security: According to the administrative security the personal
details of the employees must be verified thoroughly including the identity verification by
using any photo ID proof provided by the government. All employees must accept the
confidentiality and non-disclosure agreement which concerns about the security information
of the organization. The HR department must inform the administration when an employee is
taken on, suspended, resigned, transferred or terminated from the job.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Issue-Specific Support Policylg...
|6
|1200
|109
Network Security Policieslg...
|11
|2747
|446
Information Security Policy - Assignmentlg...
|6
|1126
|20
Information Security and Managementlg...
|13
|3312
|278
Different Types of Security to Organizationslg...
|14
|4342
|38
Security Policieslg...
|5
|1042
|435