Comparative Analysis of IT Security Policies: A Report

Verified

Added on 2023/02/01

AI Summary

This report provides a comparative analysis of IT security policies from three organizations: Cleam, Creately, and Canava. The report begins with an introduction to IT security policies and their importance in protecting confidential company information. It then examines the IT security policy documents of each organization, focusing on key aspects such as access control, change management, and data security. The discussion includes the strengths and weaknesses of each policy, providing insights into how each organization addresses security concerns. The assignment highlights the importance of comprehensive policies that protect organizations, employees, customers, and data integrity. The report concludes by emphasizing the necessity of IT security policies as organizational laws, with special permission required for actions outside the policy's scope. The report draws on multiple academic sources to support its analysis.

Running head: IT SECURITY POLICY
IT SECURITY POLICY
Name of Student
Name of University
Author’s Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1IT SECURITY POLICY
Introduction
IT security policy document deals with encompassing all the aspects of security, this
surrounds the confidential information related to the company. The IT security policies must be
distributed to all the employees within the organization. All the employees are supposed to read
the policy completely (Safa, Von Solms & Furnell, 2016). The document is reviewed as well as
updated by the management of an organization on annual basis; it can also be relevant to
including a new developed standard for security in the policy and then it is distributed to all the
employees as well as contracts that require it (Biscop, 2016). The organizations chosen for this
particular assignment are Cleam, Creately and Canava. This assignment compares the IT security
policy documents of these organizations; it further provides the strengths and weaknesses of the
policies.
Discussion
The IT security policy document of Cleam focuses mainly on the access control of
employees and change management policy. The access control category of the policy outlines the
concept of access provided to employees related to the data and information system owned by
the organization. Some topics that are highlighted in the policy of this organization include
access control standards like NIST access control as well as implementation guides (Kaunert,
2018). Some more items that have been covered in this policy includes standards for the access
of users, network access controls, software control of operating system and the complexity of
various corporate passwords. The additional supplementary items that are outlined in the IT
security policy documents of the organization includes strategies for monitoring the ways
corporate systems are supposed to be accessed as well as used and how the access can be

2IT SECURITY POLICY
removed when a particular employee leaves (Charbonneau, 2016). The change management
category included in the policy deals with the changes that are to be undertaken in the
organization. This policy contains data which helps in ensuring that the changes are undertaken
in an effective manner and change has been successful (Hsu, Shih & Hung, 2015). Any factor
violating this part of the policy would face a failure of change management.
The IT security policy document of Creately focuses in information security. The policy
mainly concentrated on the security of data within the organization. It covers the data owned by
the employees as well as the organization related to its business and many more. This policy is
high level in nature and it covers huge number of security controls (Soomro, Shah & Ahmed,
2016). The initial information security policy is issued by the organization in order to make sure
that the employees who make use of information technology assets in the company or networks
have complied with the guidelines and rules. The policy has been modified in half yearly bases
or annually. This consists of various regulations that consist of data on the fact that employees
are not allowed to access the computers belonging to other employees for the security reasons
followed by the organization.
The IT security policy document of Canava focuses on the fact that sensitive data should
have adequate safeguards in order to protect them. The data that are supposed to be protected
include the employees’ addresses, phone numbers, employee IDs, passwords, card details and
many more personal details (Nation, 2018). The policy designed by this organization states that
in case this sort of data is access by any external sources it might not only cause harm to the
employee but also harm the organization as a while, this is because it has high chances to leak
confidential data related to the organization. The access to personal data of an employee by
another employee causes internal risks to the data. In its policy the company aims at reserving

3IT SECURITY POLICY
the right to monitor, review, access, copy, and store and delete any sort of electronic
communication, systems, communication as well as network traffic any activity.
Strengths of the policies
IT security policies are usually developed along with a multi-layered approach, this
consists of nine topics that are to be addresses, these topics include acceptable use policy,
confidential data policy, email policy, mobile device policy, incident response policy, network
security policy, password policy, physical security policy and wireless network and guest access
policy (Flowerday & Tuyikeze, 2016). IT security policies have numerous strengths, these
strengths include
 These policies protect the organization as well as its employees, its customers,
vendors and partners from getting affected by any harm (Omeje, 2017). These
harms might result from various accidental or intentional damage, disclosure or
misuse of data.
 Protect the integrity of information.
 The IT security policy documents ensure the availability of information systems.
 The IT security polices ensure the confidentiality of data, they ensure the
protection of various IT assets as well as networks from various unauthorized
users.
 It provides integrity to the data; this is done by ensuring the fact that the
modification of various assets of IT is handled in an authorized as well as specific
manner.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4IT SECURITY POLICY
 The availability of data is also focused on by the policies (Da Veiga, 2016). It
ensures that the IT assets and networks of the organizations are accessed by
various authorized users only.
Weaknesses of the policies
IT security policy documents have numerous weaknesses, these weaknesses include
 Lack of written security policy: usually organizations follow the process of
designing and sharing the policies online (Kaunert, 2018). This creates a
disadvantage for the organization as well as employees. A particular unwritten
policy could not be consistently enforces or applied.
 Politics: various political battles as well as turf wars could make it very difficult
to utilize a particular security policy that is consistent in nature.
 Lack of continuity: lack of continuity proves to be a basic issue in the IT security
policy document. Poorly chosen, default passwords and easily cracked passwords
have high chances to allow unauthorized access to the network.
 Logical access controls: inadequate auditing and monitoring allows various
attacks as well as unauthorized use for continuation of wasting resources of the
organization. This might result in various legal actions or termination that is
imposed against various IT technicians, company leadership or IT management.
This allows the unsafe conditions to persist (Charbonneau, 2016). Lack of
controlled and careful auditing could make it hand for enforcing policies as well
as stand up to various legal challenges for the wrongful termination, it suits
against that particular organization.

5IT SECURITY POLICY
 Plan for disaster recovery: the lack of a plan for the purpose of disaster recovery
allows creation of chaos, confusion and panic for occurring when someone aims
at attacking the enterprise.
Conclusion
From the above assignment, it can be concluded that the IT security policy documents is
an important part which helps in dealing with all the aspects of security. This includes the
important data that is related to the company. The policies are provided to the employees for the
purpose of their knowledge on the factors outlined by the organization. The employees go
through the policies in details and make sure that they do not perform any activity which aims in
violating the policies. IT security policies are mandatory for any organization and could be
thought of as equivalent to the organizational laws. In case an employee requires taking a
particular course of action which stands out of the policy requires him to take special permission.
This is because compliance is necessary and the policies make use of definitive words such as
you must, must not and many more. This particular assignment aims in comparing the IT
security policy documents of 3 organizations, the organizations chosen for this assignment
includes Cleam, Creately and Canava. This assignment also discusses regarding various
strengths and weaknesses of the policies.

6IT SECURITY POLICY
References
Biscop, S. (2016). The European security strategy: a global agenda for positive power.
Routledge.
Charbonneau, B. (2016). France and the new imperialism: security policy in Sub-Saharan
Africa. Routledge.
Da Veiga, A. (2016). Comparing the information security culture of employees who had read the
information security policy and those who had not: Illustrated through an empirical
study. Information & Computer Security, 24(2), 139-151.
Flowerday, S. V., & Tuyikeze, T. (2016). Information security policy development and
implementation: The what, how and who. computers & security, 61, 169-183.
Hsu, J. S. C., Shih, S. P., Hung, Y. W., & Lowry, P. B. (2015). The role of extra-role behaviors
and social controls in information security policy effectiveness. Information Systems
Research, 26(2), 282-300.
Kaunert, C. (2018). European internal security: towards supranational governance in the area of
freedom, security and justice.
Nation, R. C. (2018). Black Earth, Red Star: A History of Soviet Security Policy, 1917–1991.
Cornell University Press.
Omeje, K. (2017). High stakes and stakeholders: Oil conflict and security in Nigeria. Routledge.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model
in organizations. Computers & Security, 56, 70-82.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7IT SECURITY POLICY
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more
holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.