Delivery in day(s): 3
CIS5205 Management Information Security Assignment Help
Security policy can be defined as a type of document which can be used by an organization to save its resources which are related to information technology. This document is not finished at a time and it is updated from time to time so that new things can be added into it. This report focuses on the different types of security issues which are faced by an organization. There are a number of security policies which can be used by an organization to save its useful information. While selecting security policies, a number of things are taken into consideration such as the audience which will be affected by the policy and other things. Thus this report can be utilized to explain a number of security policies which can be deployed in an organization.
Security policies are an important point of concern in any organization. These policies can help an organization in keeping their data as well as important information safe from outside as well as inside threats. This report focuses on the different types of security policies which are used by an organization. These policies can be helpful in keeping important data and files safe. In this report, Acceptable Use Policy is chosen for the organization. The report also explains the policy and it can help in finding the relevancy of the selected policy for the organization. The report also explains the different types of threats which are faced by an organization in absence of a security policy. These threats can be removed with the help of security policies as explained in the blog of Geoff Yeagley (2015).
A security policy is basically a document which consists of different things. Security policy often includes main aim and objective of the organization. It also includes a number of requirements of the management and system which is used in the organization. Security policy can help an organization in ensuring the security and safety of the information technology of the organization. It also ensures the safety of the computer systems which are used in the organization. With the growth of the organization, the security policy is also updated on a regular interval. It can help in keeping the standards of the security policy, up to those policies which are used in other organizations. In an organization, a security policy can be used to establish a connection between some of the security requirements and different objectives of the management. Security policy of an organization also consists of a number of rules which can be used for controlling the behavior of admins of the system and different types of users as explained in the blog of Margaret Rouse (2014).
Security policy is used in an organization for a number of reasons. One of the reasons to deploy security policy in an organization is to specify the number of mechanisms which are related to the security of the organization. Another reason to use security policy is that it can be helpful in informing the workers as well as users and customers of the organization. It can also be used to inform people from management and managers of the organization. There are a number of purposes for which security policy is used in an organization. Some of the purposes of using security policy are as follows:
1. It can help in defining the consequences which may arise when the security of the organization is compromised. In other words, it can be helpful in punishing the people who are responsible for compromising the security of an organization.
2. Another purpose of using security policy is that it can be utilized to set a number of rules. These rules can be useful in keeping the data of the organization safe from any kind of security threat.
3. Security policies can be used to provide authorization to the staff members and workers of the organization. This can allow the members and workers to keep an eye on any kind of security failure in the organization. The workers can also perform investigation during any kind of security failure.
4. Security policy can help in protecting the data and sensitive information of the users and company safe. Thus hackers cannot steal any kind of personal information of users. It also keeps the different types of methodologies and functions which are used in the organization for the development of a product as explained in the blog of Catherine Paquet (2013).
Security policies used in an organization are of different types. These types include regulatory policy, informative policy, and advisory policy.
1. Regulatory policies are used to make sure that an organization is meeting all the standards which are given by specific regulations.
2. Advisory policy helps the employees of the organization to control their activities and behavior in the organization. Some of these activities should take place in the organization while others should not take place in the organization.
3. Informative policies are used so that users or customers of the organization can be informed about different types of rules and regulations.
In security policies, users can be divided into two types. Depending upon the type of interaction they have with the organization. One of the users is called internal users. These users include different teams and their members who work in the organization. Another type is called as external users. These users include customers, suppliers, and clients of the organization as explained in the blog of Chandana (2016).
Acceptable use policy
Acceptable use policy can be defined as a type of document which is used in an organization so that different users can have access to the network which is used in the organization. It can also help the users to access the internet available in the organization. Acceptable use policy is utilized in different fields such as educational institutes. By signing the acceptable use policy, students are provided an ID so that they can access the network or internet services provided by the college or university. This policy can also be used in different types of organizations and businesses so that employees can easily access the company network.
When a user connects with any type of internet service provider then the users are asked to sign the acceptable use policy. This policy can allow the user to use the services provided by the service provider. Acceptable use policy is utilized in many organizations so that some limitations can be put on the usage of a network of the organization. Thus acceptable use policy can help an organization in keeping their network safe from any kind of security threat.
Acceptable use policy allows the organization to keep the users in line and stop them from breaking any kind of law. In case of an organization or company, it can help in putting restrictions to the workers who use the internet. There are a number of reasons to deploy acceptable use policy in an organization. Some of these reasons are as follows:
1. It helps in stopping any kind of attempt to break the security of the network which is provided to the workers.
2. It helps in improving the security of the network which is utilized in an organization.
3. This policy also helps in stopping the users or workers in sending any kind of spam messages and e-mails to other users.
Acceptable use policy can also help an organization in setting different types of monitoring strategies to monitor the network used in the organization. The network can be monitored in many ways. Some of these ways are as follows:
a. By blocking access to some websites with the help of a filtering software.
b. By performing a scan of different emails which are sent or received by the users or workers.
c. By performing a scan of the proxy server logs so that different types of websites which contain inappropriate content can be removed as explained in the blog of Bradley Mitchell (2016).
These are some of the ways which can be used to monitor the network or internet provided in an organization.
Thus acceptable use policy can be helpful in keeping an eye on the employees of the organization so that their activities can be monitored. It can also help in restricting use of any illegal websites on the network of the organization. Acceptable use policy used in an organization contains a number of elements. Some of the elements of a good acceptable use policy can be given below:
1. To improve the effectiveness of the acceptable use policy deployed in the organization, a person or employee of the organization should be given the responsibility of controlling the policy. The person should control the development of policy and add new updates in the policy from time to time. This person can be anyone from the organization who has the knowledge of information technology.
2. Another element of a good acceptable use policy is that the policy should be checked in a regular period of time so that it can be made better and developed according to the standards. This checking can be done by an employee of the company who has legal authority and knowledge of different types of laws. This person should keep the language of the policy simple so that it can easily be understood by a user or customer.
3. Blanket statements can also be used in the acceptable use policy so that any kind of activity on the network of the company which violates the law can be prohibited. These statements can also be utilized to stop the users from sending any kind of spam e-mails. The statement can also help in saving the confidential information of the organization from any kind of outside attacks as explained in the blog of Get Advanced (n.d.).
Among the number of security policies, I have selected the acceptable use policy for the organization. From the literature review of the security policies, a number of guidelines or rules can be made. These guidelines and rules can be followed by any organization so that they can improve their security measures of the network. It can also help the organizations to keep their confidential data safe from hackers attack. This confidential data can be used by the rival organizations to compete with the organization.
With the help of the acceptable use policy, different guidelines can be made. These guidelines can be followed by the organizations as well as the employees of other organizations. Some of these guidelines can be given below:
1. Before allowing the users or workers to utilize the network and internet provided by the organization, they should be asked to register and sign in into the network. This can allow the organization to monitor the activities of their employees.
2. The rules of accessing illegal websites which have improper content on the network of organization should be restricted. Strict actions should be taken against those employees who access these websites.
3. The acceptable use policy should be updated on a regular time interval so that new rules and regulations can be added into the policy document.
4. The employees of organizations should be made aware of the rules of the acceptable use policy. This can help the employees to learn about what to access on the company network.
5. The acceptable use policy should be well defined. Without defining the policy, it becomes impossible for the users to understand the policy and the rules which are included in the document.
Thus it can be said that by deploying different types of security policies in an organization, the confidential data of the organization can be kept safe.
This report was started with the purpose of explaining the different types of security policies which are used in an organization. The report successfully explains the concept and uses of security policy in any organization. The report also explains the acceptable use policy which was selected to use in the organization. There are number of elements in this report. These elements are necessary for the development of a good acceptable use policy. With the help of this report, learners can learn about the security policies which are used in many organizations. Learners can also learn about the acceptable use policy. This policy helps an organization in keeping the track of searches done by an employee on the company network.
Bradley Mitchell, 2016, Lifewire, viewed 17 August 2017, https://www.lifewire.com/acceptable-use-policy-aup-817563
Catherine Paquet, 2013, Ciscopress, viewed 17 August 2017, http://www.ciscopress.com/articles/article.asp?p=1998559&seqNum=3
Chandana 2016, Simplilearn, viewed 17 August 2017, https://www.simplilearn.com/it-security-policies-and-its-types-article
Geoff Yeagley 2015, Compassitc, viewed 17 August 2017, https://www.compassitc.com/blog/it-security-policies-and-procedures-why-you-need-them
Get Advanced, n.d., Get Advanced, viewed 17 August 2017, https://www.getadvanced.net/acceptable-use-policy
Margaret Rouse, 2014, TechTarget, viewed 17 August 2017, http://whatis.techtarget.com/definition/acceptable-use-policy-AUP