IT Security Policy

Security Policy (Student Name

Course Name

Faculty Name

Date

Table of Contents

Introduction

Security Policy

Components of Organizational Security Policy

Importance of Security Policy

Points of Consideration for Organizational Security Policy

Conclusion

Reference

Introduction

Information security consists of mainly confidentiality , integrity and availability . Information security policies define the organization 's rules and expectations regarding access , protection , and accountability of information assets and resources . These are essential for a sound security implementation . Ideally , security policies should be written first and then where necessary

should be implemented , however , this is often not the case . Security policies may be requirement of government or regulatory functions and may be essential during a disaster . They may also provide protection from liabilities or from a basis for certain security controls

Security policies are considered the highest level of documentation from which standards , guidelines , and procedures are formed . The higher level policies are created first for strategic reasons and than more tactical element can follows . There are several types of policies exists they are user policies , physical security policy , authentication and authorization policy , server policies , network policies , coding policies , and legal compliance policy

In any organization with the implementation of security policy various types of risks associated with data theft , user access , hardware (physical ) can be avoided . But for that every member from top level to down level should be involved

Security Policy

Security Policy : Security policy can be defined as a written policy outlining the implementation and management of network (organization security . Security policies define the rules that regulate how an organization manages and protects its information and computing assets to achieve security objectives . Security policies that are documented well known , and visibly enforced establish expected user behaviour and server to inform users of their obligations for protecting computing assets . Here users include all those who access , administer , and manage organization systems and have authorized accounts on an organization 's systems . Different users of organizations play a vital role in implementing security policies . Various types of documents are used for implanting security policies such as standards (use of specific technologies , guidelines (Best practice , procedures (Detailed steps to perform a specific task ) and Baselines (Consistency of security implementations . A documented security policy contains various types of guidelines and instructions , some of them are given below

Generating and using passwords for authentication purposes

Protecting the privacy of user 's personally identifiable information (PII

Defining who has what access rights and privileges to which resources on the network and why

Performing periodic audits of network security

Handling incidents in which systems are compromised by intruders

Establishing expectations for users regarding system availability

Purchasing policy for security tools , systems , and software

Limiting physical access to computing resources

Reporting violations of the policy and enforcing its provisions

Legal and regulatory issues in which user compliance is required (Tulloch 2003 , p306-7

For developing security policy for any organization , one can follow different types of procedures . A simple procedures is written below which can be used for developing organization 's network security policy...