Comprehensive Report: Developing a Security Policy at CSIRO

Verified

Added on 2023/04/21

AI Summary

This report focuses on the development of an information security policy, specifically within the Commonwealth Scientific and Industrial Research Organization (CSIRO). The report begins with an executive summary and table of contents, followed by an introduction explaining the purpose of an Information Security Policy (ISP) in protecting organizational assets and data. It defines the intent and rationale of the policy, emphasizing its role in securing information, increasing resilience to cyberattacks, providing a managed framework, and reducing associated costs. The report details individual responsibilities related to privileged access, data protection, and adherence to policy guidelines, along with the scope of the policy and its impacts. The report concludes by highlighting the importance of implementing a security policy to protect information and maintain organizational integrity, and it references several academic sources.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

1
Running head: DEVELOPING A SECURITY POLICY
DEVELOPING A SECURITY POLICY
[Author]
[Institution]

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

2
DEVELOPING A SECURITY POLICY
EXECUTIVE SUMMARY
This report is based on the development of a security policy of information and the report
has spotted its light on the implementation of security policy in Commonwealth Scientific and
Industrial Research Organization. In this report, the definition of the intent as well as the
rationale of the policy has been described. Moreover, this report has stated the responsibilities of
individuals along with the scope of the policy.

3
DEVELOPING A SECURITY POLICY
Table of content
Part two............................................................................................................................................4
DEVELOPING A SECURITY POLICY........................................................................................4
Introduction......................................................................................................................................4
Definition of intent and rationale of the policy...............................................................................4
Responsibilities of the individuals...................................................................................................5
The scope of the policy....................................................................................................................7
Conclusion.......................................................................................................................................7
REFERENCES................................................................................................................................9

4
DEVELOPING A SECURITY POLICY
Part two
DEVELOPING A SECURITY POLICY
Introduction
This report is based on the development of a security policy of information. The ISP or
Information Security Policy is considered rules that an organization enacts for ensuring all the IT
structures’ users as well as networks within the domain of the organization. It helps in protecting
the information of numerous corporations’ assets (Safa, Von Solms & Furnell, 2016). It also
assists in protecting the data as well as technology that helps in making the most critical
functions of business up.
The report has spotted its light on the implementation of security policy in
Commonwealth Scientific and Industrial Research Organization. In this report, the definition of
the intent as well as the rationale of the policy has been described. Moreover, this report has
stated the responsibilities of individuals along with the scope of the policy.
Definition of intent and rationale of the policy
Security policy is able to assists the Commonwealth Scientific and Industrial Research
Organization in various ways. It can help in securing the information by increasing the resilience
to the cyber-attacks (Sommestad et al. 2014). It also can assist in providing a managed
framework centrally to offer wide protection to the organization by assisting in responding to the
evolving threats of security. In addition, it is to be informed that security policy can succor the
organization in reducing the costs that are associated with information security.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

5
DEVELOPING A SECURITY POLICY
This ISP aims at using of the privileged access by the users of the organization along with
any individual as well as preventing inappropriate granting. In addition, this policy also has an
aim at ensuring that the servers of the organization with the privileged account cannot get
accessed by any kind of unauthorized users. This policy purposes at enacting privileged users in
accessing the confidential data (Ifinedo, 2014). This policy has an intention in ensuring that the
users can log on to the servers of the organization by providing their password and their
username as well before escalating the privileges of them. A security policy also has an aim to
keep the data complete, accurate, and intact as well as operational of IT systems.
Several reasons are there for developing a security policy in the Commonwealth
Scientific and Industrial Research Organization. One of the vital reasons for developing a
security policy in the organization as it can assist the organization in fighting against the
cybercrime back (Safa et al. 2015). In addition, it can be interpreted that one of the most
important reasons for developing a security policy is ensuring the corporate data as well as
personal data to prevent the unauthorized access. Another reason for implementing a security
policy in the organization is to show the commitment of the organization in protecting the data of
the clients.
Responsibilities of the individuals
There are several responsibilities of the individuals enforcing the guidelines of the
security policy. The individuals will get considered with the privileged access after reading the
policy carefully. Their supervisor will approve them with the privileged access (Peltier, 2016).
The individuals only can use the privileged account to perform any kind of official functions of
the job, consisting of a database, the standard system as well as other duties that are related to the

6
DEVELOPING A SECURITY POLICY
server administration. The users, who have been provided with the privileged access of account,
can be able to take precautions if necessary so that they can protect the information
confidentiality that is encountered in their duties’ performance. The importance of the servers is
needed to be understood by the users. Moreover, it is needed to be ensured by them that the
system has been executing the capability of the operation of the organization under the
acceptable standards. The capability of access should not get abused by the individuals, who
have been provided with the privileged access of account (Parsons et al. 2014). They should
respect strictly the functional access of the limits of authority, system users’ rights, integrity as
well as physical resources that are in relation to the security policy. They also obligate in
familiarizing themselves in relation to any kind of procedures, practices of business as well as
guidelines of operation pertaining to the local department activities’ of them.
A user would not be able in accessing any server of the organization with a password as
well as user ID unless deemed necessary absolutely. The regular privileges of the individuals
should not get elevated by them to an escalated level until the occurrence of necessity. It is the
responsibility of the individuals not to share the credentials of them with anyone. Moreover, all
the individuals need to access all the information with intact protection. In addition, it is to be
informed that the users have not the ability to tamper any kind of data. This step is needed to be
forbidden strictly in the server of the organization (Flores, Antonsen & Ekstedt, 2014). If this
kind of activity takes place, disciplinary actions are needed to be taken by the organization. The
users or individuals are not able to copy as well as read any kind of information stored on the
organization’s server. One of the main responsibilities of the individuals is that they are not able
to change any kind of credentials of privileged account. The users are not able to install any kind
of software on the organization’s server. Any kind of application as well as command, by which

7
DEVELOPING A SECURITY POLICY
the performance of the server of the organization can get affected inadvertently, cannot be run by
the users (Layton, 2016).
The scope of the policy
The security policy can be able to impose several impacts on the Commonwealth
Scientific and Industrial Research Organization. The policy will be able to denote the data risks.
Thus, it can help in mitigating the risks just in time so that the organization can endure a smooth
process (Siponen, Mahmood & Pahnila, 2014). Moreover, as it helps in defining the ways of
using the data, by which the users get a proper guideline to access the data in a well-organized
manner. In addition, a security policy helps in pointing out the consequences occurred from
violation of the policy, which helps the users to do their allocated jobs by maintaining the
responsibility. As this policy assists in detailing the training of the employees, it can help the
organization to provide adequate training to the employees in a proper way so that they can be
able to fight back against cyber-attacks (Chen, Ramamurthy & Wen, 2015).
Conclusion
It is to be concluded that security policy is needed to be implemented in an organization as it
helps in protecting the information. CSIRO is going to develop a security policy in the
organization. This implementation can assist the organization in various ways. The information
of the organization can get secured easily with the help of this policy. It can help the organization
in increasing the resilience to the cyber-attacks. CSIRO gets assisted with this policy as it can
provide a managed framework centrally by offering wide protection to the organization.
Simultaneously, the individuals have some specific responsibility to utilize this security policy

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

8
DEVELOPING A SECURITY POLICY
properly. It is to be concluded that this policy is able to impose impacts on the organization in
numerous ways.

9
DEVELOPING A SECURITY POLICY
REFERENCES
Chen, Y. A. N., Ramamurthy, K. R. A. M., & Wen, K. W. (2015). Impacts of comprehensive
information security programs on information security culture. Journal of Computer
Information Systems, 55(3), 11-19.
Flores, W. R., Antonsen, E., & Ekstedt, M. (2014). Information security knowledge sharing in
organizations: Investigating the effect of behavioral information security governance and
national culture. Computers & Security, 43, 90-110.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-
79.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and
compliance. Auerbach Publications.
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining
employee awareness using the human aspects of information security questionnaire
(HAIS-Q). Computers & Security, 42, 165-176.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., & Herawan, T. (2015).
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, 65-78.

10
DEVELOPING A SECURITY POLICY
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model
in organizations. Computers & Security, 56, 70-82.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), 217-
224.
Sommestad, T., Hallberg, J., Lundholm, K., & Bengtsson, J. (2014). Variables influencing
information security policy compliance: a systematic review of quantitative
studies. Information Management & Computer Security, 22(1), 42-75.