IT Security Policy for Enterprise: Analysis and Recommendations

Verified

Added on 2022/11/24

AI Summary

This report presents an IT security policy designed to protect the information assets of an imaginary organization. It addresses the core principles of information security: confidentiality, integrity, and availability. The policy covers various aspects, including data loss prevention, protection against virus infections, and security protocols for staff regarding password management, CD/floppy/flash drive usage, and data backup procedures. It also outlines departmental policies, the role of the system administrator in virus protection, and audit policies to ensure the effectiveness of the security measures. The report references key concepts and guidelines for maintaining a robust security posture, aligning with business requirements and relevant regulations like SOX, GLBA, PCI DSS, HIPAA, and FISMA. The policy is designed to be accessible to both non-technical and technical staff, ensuring a comprehensive approach to enterprise security.

Running head: IT security policy
IT security policy
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT security policy 1
Table of Contents
Introduction:...............................................................................................................................2
Information security:..............................................................................................................2
Confidentiality:..................................................................................................................2
Integrity:.............................................................................................................................2
Availability:........................................................................................................................2
Data loss Prevention:..............................................................................................................3
Protection of computer from virus infection:.............................................................................3
Security Policies for staffs:........................................................................................................4
Using CD/Floppies/Flash drives:...........................................................................................4
Password:...............................................................................................................................4
Back up:.................................................................................................................................4
Departmental policies:...............................................................................................................4
Role of the System Administrator in Virus Protection:.............................................................5
Policies for audit:.......................................................................................................................5
References:.................................................................................................................................7

2IT security policy
Introduction:
Information security:
The information security policies are the corner stone of the effectiveness of the
information security. The security related policies are intended for defining what needs to be
expected from the organisation with respect to the information system security (Safa, Solms
& Furnell, 2016). The entire objective is for controlling or guiding the behaviour of human in
an attempt for reducing the risks that are related to the information assets by deliberate or
accidental actions. The policies of Information security underpin the well being as well as the
security of the resources of information (Dalby, 2016). There are three aspects of the
information security, they are as follows:
Confidentiality:
Protect the data and information from the discloser who are not authorised such as to
the press or those who are not titled for having the same.
Integrity:
Protect the data and information from modification that are not authorised as well as
ensuring that the data and information like the list of beneficiaries may be accurate as well as
relied upon and complete (Crossler et al., 2013).
Availability:
Ensure the data and information is having availability whenever it will be needed. The
data and information can be held in many of the various areas, some of them are as follows:
 Network Servers
 Personal Computers and Workstations
 Laptop and Handheld PCs

3IT security policy
 Removable Storage Media (Floppy Disks, CD-ROMS, Zip Disks, Flash Drive etc.)
 Data Backup Media (Tapes and Optical Disks).
Data loss Prevention:
The causes that are main for the loss of data are as follows:
 Natural Disasters
 Viruses
 Human Errors
 Software Malfunction (Soomro, Shah & Ahmed, 2016)
 Hardware and System Malfunction
Protection of computer from virus infection:
The virus is actually a form of some malicious codes as well as this is disruptive
potentially. The virus can also be transferred from one system to another system. It also
includes all of the sorts of the variation on one theme that is also including the trojans,
Nastier variants of the macro viruses as well as worms (Juncos, 2015). However, all of the
programs have been classes together as the virus. There are several ways for protecting the
computer from virus attack. They are as follows:
 Make the backup of the data on a regular basis.
 Installation of the Antivirus software on the computer and use of that on a daily basis.
 At the time the new release will be available upgrade the antivirus.
 Update the antivirus software with the latest signature files on weekly basis. Antivirus
software does no good unless that is updated frequently for protecting against the
viruses that are most recent (Scott, O'Callaghan & Sezer, 2013).
 Do not execute or open attachment from email or a file from a source that is not
identified.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4IT security policy
Security Policies for staffs:
Using CD/Floppies/Flash drives:
 The Floppies would be used for the consultation with the in charge or the
administrator of the system as well as most importantly it has to scanned before using.
 The unofficial CDs, Floppies and the flash drives would not be utilized on the systems
of the offices.
 The floppies have to be written protected, whether the information is to be transferred
to the system from the floppy disk.
Password:
 The system has to be kept with the screen saver enabled with the protection of
password.
 Do not disclose or share the password.
 Do not use similar passcode repeatedly.
 A strong password has to be as long as possible, that also have to include the mixed
case of letters, that is including digits as well as the punctuation marks.
 Change the passcode on regularly basis (Andersson & Pettersson, 2015).
Back up:
 The back-up has to be maintained on a regularly basis.
 Always keep the copy of the configuration file of the server on a paper.
 Before leaving the organisation always keep the backup.
 For the important and sensitive data, the offsite back up have to be used.
Departmental policies:
 The department needs to be having an in charge or administrator for the system of the
computer center,

5IT security policy
 The staffs of the department need to be aware of the security policies of Govt.
 There have to be a system security process that will be sufficient and clear for the
administrator.
 The department should be having a procedure for addressing the compromises and
incidents.
 Uninterruptible Power Supplies (UPS) should protect the workstations as well as the
servers.
 The Department should be having the plans for using the software that enforces a
strong password.
 Audit for the Physical security should be conducted.
 Department has to store the media related files off site.
 The files that are backed up should be sent off-site to a secure location that is
physical.
Role of the System Administrator in Virus Protection:
The detection and removal methods for the computer viruses are:
 Anti-Virus Programs
 Detection of an Unknown Virus
 Prophylaxis of Computer Infection
 Recovery of Affected Objects.
Policies for audit:
This is the responsibility for all of the department of the organisation, to place a
system that is appropriate for the internal audit that provides an assessment of the security
policies that is independent. The nodal officer or the system administrator will be having the
responsibilities for the internal audits that will be done within the department (Ifinedo, 2014).

6IT security policy
At the time of performing audit, if any access will be needed, will be provided. The access
may include as per following:
 Access to the work areas (labs, offices, cubicles, storage areas, etc.)
 Access to the reports or the documents that are created during internal audit.
 Access to interactively monitor as well as the log traffic on networks.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7IT security policy
References:
Andersson, S. M., & Pettersson, M. G. (2015). U.S. Patent No. 9,191,822. Washington, DC:
U.S. Patent and Trademark Office.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R.
(2013). Future directions for behavioral information security research. computers &
security, 32, 90-101.
Dalby, S. (2016). Environmental (in) security. International Encyclopedia of Geography:
People, the Earth, Environment and Technology: People, the Earth, Environment and
Technology, 1-10.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1),
69-79.
Juncos, A. E. (2015). EU foreign and security policy in Bosnia: The politics of coherence and
effectiveness.
Peltier, T. R. (2013). Information security fundamentals. CRC press.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance
model in organizations. computers & security, 56, 70-82.
Scott-Hayward, S., O'Callaghan, G., & Sezer, S. (2013, November). SDN security: A survey.
In 2013 IEEE SDN For Future Networks and Services (SDN4FNS) (pp. 1-7). IEEE.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.