The Role of Information Security Policy

890 Words2 Pages

Implementation of policies and standards within an organization are important to maintain information systems security. Employees within an organization play a huge role in the effort to create, execute, and enforce a security policy. Every business requires a different strategy and approach to it's security policy, depending on their size and nature of business.
Security Policies
An organization's security policy describes the company's management intent to control the behavior of their employees in relation to information security. A security policy is necessary to protect proprietary information within a company. Because security policies apply to employees at all levels in a company, they should be written at a reading level that all employees can understand. In addition, multi-lingual versions should be available for employees whose first language is not English. An organization's security policy should not conflict with the law. At a high level, an Enterprise Information Security Policy is created that supports the organization's goals and mission statement. This EISP does not require frequent changes. Within the scope of the EISP, there are also issue-specific and system-specific security policies. Issue-specific policies provide targeted direction to employees in relation to a particular technology or occurrence. System-specific policies provide managerial guidance and access control lists related to certain software or systems used by the company.
The intensity and depth of an organization's security policy depends heavily on the nature of their business. A large company compared to a small company would require a different approach to their security policy. Also, the type of information that the company dea...

... middle of paper ...

...onal working in an enterprise environment. Certified Information Systems Auditor (CISA) certification trains professionals in IS audit control and assurance. This list could go on, but the take-away is that many businesses can benefit from employing security professionals with the skills and knowledge gained through these certifications.
Every organization, big or small, should have some level of security policy to protect their proprietary information. While the intensity and depth of an organization's security policy depends heavily on the nature of their business, common guidelines are mentioned in this paper that apply to all policies. One of the most important things to remember is that employees are a critical component to a successful security policy. It is the organization's job to ensure that their security policy is widely distributed and understood.

Open Document