The Role of Security Policy

A security policy is necessary to protect proprietary information within a company. Because security policies apply to employees at all levels in a company, they should be written at a reading level that all employees can understand. In addition, multi-lingual versions should be available for employees whose first language is not English. An organization's security policy should not conflict with the law. At a high level, an Enterprise Information Security Policy is created that supports the organization's goals and mission statement.

Operational Security Policy 1. Overview Edu Corp’s company structure incorporates a complex, strategic design in order to provide efficient operations. With the ongoing concerns of security, both physically and digitally, Edu Corp has developed a strict, detailed policy in order to protect the integrity of our company’s operations, but most importantly, our employees and customers, as they relate to the company’s operations. In alignment with various reports, operational security revolves heavily around the protection of information, notably unclassified information (“Operation Security,” 2016). On a daily basis, Edu Corp works to achieve to protect our employees, customers, and assets.

Information Technology (IT) Security Essentially the role of the Information Technology (IT) Security is to guarantee confidentiality, integrity, and availability by putting in place all of those instruments, tools, methodologies, resources, standards, policies, procedures, guidelines, risk assessment, annual internal audit, incident management, and change management inside the organization in order to mitigate risk. In other words, depending on the dimension, type of business, number of employees, type of information created by

The purposes of these security policies include protecting employees, clients and data; setting guidelines and rules for users; roles and limitations of human re; administrators and security personnel responsibilities and defining the consequences for breaking the policies set. According to Canavan and Diver (2007), organizational policies can also define the company consensus baseline stance on security to minimize risk and track the compliance level with regulations and

Thus, every organisation should act in order to protect their information communication technology and valuable information. This means that company should has chief information security officer (CISO) and special information security department, which will organise all those actions. Moreover, to be successful, the information security department must develop productive relationships with other departments and chief level officers within the company. However, cyber security also must be concern of other chief level officers. Organisation have different types and number of chief level officers depending their business nature.

Backing up information can help safe the companies if any data is lost, and the companies would be able to recover the data that was lost. Security Security consideration features for information systems will vary for the type of information held, but the basic features will hold the information securely. The major security features for the company systems will include a login using a user ID and password, user authorization, and priority access. The security features would also use the four access control models of Identification, Authentication, Authorization, and Accountability. The access control would use the mandatory access control (MAC), which is a structured and coordinated within a data scheme that rates the information collection and the users (Whiteman & Mattord, "Ch 6: Security Management Models," 2010).

Integrity makes for the information is accurate and changes cannot be made to the information without the correct permission. Availability is making sure the information systems are always up and that information can be accessed. There are many tasks that senior management needs to address such as to make sure everyone understands the needs for the security of information to be governed. This can be done by informing the board and other senior management who may not be as familiar with information systems, how the threats and damage form the threats can disrupt operations and profits in the company. Another task for senior management to help with the development of the security framework by creating policies, standards, procedures, and guidelines.

Need For Security Policy A security policy is defined as “The framework within which an organization establishes needed levels of information security to achieve the desired confidentially goals” The main aim of a security policy is to update users, staff and managers of their mandatory requirements for protecting technology and information assets of their company. The policy must clearly specify the ways through which these requirements can be met. Another purpose of security policy is to provide a standard from which they should acquire, configure and audit computer systems and networks for compliance with the policy. Hence an attempt to use a set of security tools in the absence of at least an implied security policy is meaningless. It also defines what should be done when the user misuses the network, if there is any attack on the network or if there are any natural outage to the network.

To preserve the privacy and security of HRIS records, organizations and companies should have control of access, foster and develop policies and guidelines that govern the utilization of information, and allow employees to check their records and have access as well as the ability to add and edit their information. In addition to effectively utilizing the system’s privacy and security features, a written policy should be put into effect to help manage issues of data reliability and confidentiality. Due the modern day advancements of technology, employee records are increasingly conserved in computer files. With the uncertainty of the reliability of technology on a daily basis, the traditional recordkeeping policies and practices need to be implemented and updated regularly (Chauhan et al., 2011).

Within the systems support and security phase, IT personnel maintains, enhances, and protects the system1. Security controls safeguard the information system from external and internal threats. A well-constructed system has to be secure, scalable, reliable, and maintainable. Systems support and security implements vital protection as well as maintaining services for software, hardware, along with enterprise computing systems, corporate IT infrastructure, networks, and transaction processing systems. The system support and security group enforces and monitors the physical and the electronic security software, procedures, and hardware.