Information Security Policy
What is information security policy?Information security policy is a set of suggestions (laws) which company has to write to make their information system safe and immune against malicious attacks!Usally this kind of policy is written to different level employees, but the common element in all these policies is – target!
Policy can include conjuct set of rules about all themes which related with information security and computer usage or seperated rules about various theme, for example, e-mail, network or physical security.
Why a company needs information security policy?
Many information systems have not been designed to be secure, but without these systems bussines life is hard to imagine. Increasingly, companies and their information systems and networks are faced with security threats from a wide range of source, including computer-assisted fraud, espionage, sabotage, vandalism, fire or flood. Sources of damage such as computer viruses, computer hacking and denail of service attacks have become more common, more ambitious and increasingly sophisticated. And to do company's information system safe is not enough only with modern technolgies and software, but also everyone in this company need to a part of security system.
Security policy modelling process point to system's weakest area and give advices how to prevent them.
How is a policy created?
There are different ways how to create a security policy, but the main idea is the same. There are a set of questions to which company's employees have to answer and after that, special information security awareness companies process these answers and write your own (company) information security policy. Another way to create this policy is to use a special software which automaticaly processes the answers, evaluate the risks and give out a policy. This way is easier and thats also take less time.The policy has to be written in a form that is relevant, accessible and understandable to the intended readers!
Company gets a policy. What next?!
Now a company's manager has to nominate one person who will be responsible for policy writen rules observation. This person has to introduce all employees to these rules and also published and make this policy available. Now this person needs to check and control how these rules are implemented in life. This person has to be very close to manager and regulary inform if there is some problems.
Problems!
Usually problems start whith impementing policy's rules in life. People have to change their daily work observance and try to work notice these rules. It's always hard, but there are many ways how to stimulate or even press to do this. This process more easly makes special e-learning courses which provide information security awareness companies, for example, Infosecuritylab. And also managers can develop some kind of bonuss system to employies which notice these rules or warnning these who ignore!
Article source: infosecuritylab
Information security awareness training
Article Source: ArticlesBase.com - Information Security Policy