Literature Review
Discuss about the Security Policies of an Organisation.
Security policies of an organisation are a defence line which plays a critical role in the organisation. The Security policy of is needed in any organisation to appeal the members of the organisation like investors, employees, third party auditors as well as potential suppliers and partners. It is proper procedure and rules for the individual who has an access on the resources and assets of the organisation to handle any breaches in the organisation. Companies opting flexible policies that can easily let the information flow in the organisation but not that easy to disclose the organisation’s doors. Organisations keep monitoring on the policies because companies are continuously expanding its wings across the traditional boundaries of the organisation with suppliers and partners. Security Policy of any organisation maintains a trait which is composed of Confidentiality, Integrity and Availability (CIA) of information of the organisation (Siponen & Willison, 2009). It plays an important role in the direction and decisions of the organisation but it should not alter the mission and strategy of the organisation. Every security policy of the company should be drawn according to the structural framework and cultural aspect of the organisation to support the innovation and productivity. A company has many policies in it which are like; Acceptable use policy, Internet Usage Policy, E-Mail Usage Policy, Clean Desk Policy, Bring your own Device Policy, Privacy Policy and so on. From all these policies Privacy policy is described as an effective policy here in this report (Herath & Rao, 2009).
Security Policy of any organisation is given prevalence for securing the risk of disclosure of any information or business resources (Stahl, 2012). Security policy plays a key role in the management of the organisation for the adequate functioning of the organisation. To implement any security policy in the organisation, necessary tools and procedures are used for formation of polices. These tools and techniques are fundamental components for the formation of security policies. Any policy which is made without any appropriate procedure or polices will be inadequate. Security policies are mainly part of internal management of the company which affects the external as well as internal members of the organisation with the protection of their personal data in the company. Security policy of any organisation is statement or agreement which is made with proper planning and maintenance of information security in the organisation (Pathari & Sonar, 2012). Every security policy and procedure is structured according to the requirement and legal structure of the company (Warkentin & Willison, 2009). It also protects the resources of the organisation including disciplinary action for the violation of any security policy (Siponen & Vance, 2010). In an organisation there is no single set of policy as organisation does not work on a single platform of business so like this organisation has different-different policies for every procedural aspect of the organisation (Bowen & Wittneben, 2011). This report suggests that development of security policy in the organisation is necessary for the foundation of security program to protect the organisation from the internal or external security attacks (Lavenex & Wichmann, 2009). In the organisation to follow the security policy procedures there is need to provide awareness activities and employees should get the training and motivation to follow the security policies of the organisation.
Analysis of Privacy policy
The objectives for the formation of security policy standards should be mentioned and achieved by the organisation (Siponen & Willison, 2009). It is carried out through the examination of departments for their achievement of government policies for implementation of securities policies in the organisation. Every organisation has its models or framework for development of security policy which is comprehensive to solve the solutions regarding security policy and achieve objectives of the business. These are the core organised steps in the organisation for maintaining and creating effective security policy (Merete, Albrechtsen & Hovden, 2008). Security policy of any company is mainly dependent on the size, resources, factors and sensitivity of work they deal within the company. A large organisation cannot adopt a single line security policy for their organisation which will carry all the information of the users. The security policies of the organisation should fulfil all the purposes which are in the form of protecting people and the information of the organisation and helping in minimizing the risk occurred in the organisation. It sets an expected working environment for the employees and similarly working behaviour from the employees and other management or administrators of the system. It sets regulations and legal compliance by defining the consequences of violation of security policy in the organisation. The employees of the organisation who are included in the group of security policy are the audience group divided in the sub categories. The audience group are the category which specifies the documents which are included in the security groups. Security policies are the identification or assessment of any documents to review the risks and threats associated with it. Implementation of security policies in any organisation reduces the cost to company and mitigate the risk associated with the documents (Ruighaver, Maynard & Chang, 2007). Security policy in any organisation is used for the confidential information which is related to the public and posted only after the permission granted to it according to the security policy. Sharing of confidential information has a procedure or restrictions in their security policies. Security policies create restriction on downloading and posting of authorized materials. As due to security policy all users comply with copyright and software licensing agreement so no breaking of copyrights. It is explicitly against the sharing of corporate information to violate agreements of privacy. Displaying any copyrighted material without permission on internet or extranet is strictly prohibited. Security policy also creates security from viruses accessed from web services (Subashini & Kavitha, 2011). A procedure on web server is followed to detect virus while uploading or downloading. Any file containing virus is immediately detected and removed from system. Emails in inbox cannot be accessed till the file is virus free. All information in file is immediately scanned before sharing on web or downloading from webserver. Security policy also terminates external sessions which are not active. It creates a system that disconnects the external connection not active automatically. A procedure for active users for automatically logging out after idle time is also followed. Using boot passwords for accessing and built in for desktop security features. Security analysis also enable smartcard reader on high security machines. In the developing process of security policies, organisations faces major problems in the practice of these policies which is due to the lack of guidance. For that irregularity or lack in the developmental process of security policy, organisations implements appropriate mechanism to protect from the threats of security issues. Threats for an organisation comes from the internal system’s user only because the users of the system in the organisation are familiar with the infrastructure and services of the organisation (Pahnila, Siponen & Mahmood, 2007). By analysing all the aspects of organisational security policy which are in the form of internal or external threats of security measures of the organisation, implementation of best training practices or awareness programs are necessary to conduct in the organisation. As organisations are the part of the E-Society in which internet and internet devices are become the key devices for the daily activities (Al-awadi & Renauds, 2007). These developing internet technologies are beneficial and in the same way harmful for the organisations which needs a tool or process for the security measures which comes in the way of security policies of the organisation (Bulgurcu, Cavusoglu & benbasat, 2010).
Securities policies of any organisation are vital and play an important role in the security matter of any organisation. From many security policies of an organisation, we analyse the Privacy policy of any organisation. Private policy of any organisation is comprised of the legal documents or statement that manages and discloses their client’s or customer’s data (Ginsberg et al. 2009). It is legal requirement for the protection of customer’s data of any company. This privacy policy describes the procedures or methods to collect and store the personal information of the customers. Privacy policy of any organisation regulated with the company’s applicable law according to the jurisdiction and territorial aspect of the company. Many countries have different laws for their privacy policy which apply on private enterprises, commercial transactions and public operations of the country. In today’s increasing growth of internet usage in any organisation in the ways of website launch of the organisation and digitalisation of the documents. These all usage of the documents which contains all the private information of company or the employees needs some protection against the illegal acts or breaches. An organisation incorporates its privacy policies at the time of its formation. Many countries have their privacy laws which require an organisation to include privacy policies statement for the data collection of the company. The trigger for any organisation to include the privacy policy in their organisation is the sharing and collection of the personal data like images, names, emails or any other data which helps in identifying the member (Linden et al. 2009). Privacy policy of an organisation is the statement for the flow of personal information in the organisation. The collection of information in the organisation which a company does is gathered with this policy of the organisation. Private policy of an organisation includes the methods and use of data collected by the organisation. An authority is employed for the responsibility to keep the records and collection of the information. A proper procedure is followed by the companies to keep the records according to the privacy policy. The time duration for keeping the records and disposal procedure is also mentioned previously in the records. There a confidential agreement which is signed by the volunteer which declare that the privacy policy will be followed by them. In present days organisations are mainly concerned with the piracy hacks with their organisations data. For that they are protecting their data in a private network and keep their data protected as in intellectual property like copyright and patent. With the Intellectual protection of the data no one can copy the authenticate data which is completely owned by the company itself. For the regulatory measures of the privacy policies of the organisation there should be a grievance officer for the settlement of the cases regarding privacy policies and proper penalties for the breaches of the policies (Aris, 2009).
Conclusion and Suggestion
This report talks about the securities policies of any organisation which is for the protection of the organisational data or a security aspect for all the sectors of organisation. Security policies of the organisation is the way of; Acceptable use policy, Internet usage policy, E-Mail usage policy, Clean desk policy, Bring your own device policy, Privacy policy. From all these policies we critically analyse the privacy policy of the organisation. Privacy policy of any organisation is a statement that manages the data of consumers and protects it. It defines privacy as personal information or an opinion about an individual. In any professional information of any organisation which needs to be kept privately as a business plan or missions need a unique business for their business. Privacy policy basically deals with the sensitive information of the organisation.
An organisation should keep privacy policies for their organisation to reduce the risk for the company’s privacy for their consumer’s right. The privacy policy of the company should ensure that company is complying with the laws and avoiding sanctions for the noncompliance of the policies. Privacy policy in the organisation will increase the confidence in the potential consumers of the organisation. It is good practice in the organisation which demonstrates the good privacy practices and attracts the new consumers or helps in retaining the existing consumers. Privacy policy of an organisation must describe the details of the information it is contained and the purpose of the information and how it will be disclosed. Privacy policy of any organisation should be according to the working procedure and company profile for maintaining set standards for the company in their privacy policies. Proper tools and technics should be used for the formation of privacy policy of the organisation.
References
Aris, S., 2009. The Shanghai Cooperation Organisation: ‘Tackling the three evils’. A regional response to non-traditional security challenges or an anti-Western bloc?. Europe-Asia Studies, 61(3), pp.457-482.
B.C. Stahl, N.F. Doherty and M. Shaw, “Information security policies in the UK healthcare sector: A critical evaluation,” Information Systems Journal, vol. 22, pp. 77-94, 2012.
Bowen, F. and Wittneben, B., 2011. Carbon accounting: Negotiating accuracy, consistency and certainty across organisational fields. Accounting, Auditing & Accountability Journal, 24(8), pp.1022-1036.
Bulgurcu, B., Cavusoglu, H. and Benbasat, I., 2010. Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), pp.523-548.
Ginsberg, J., Mohebbi, M.H., Patel, R.S., Brammer, L., Smolinski, M.S. and Brilliant, L., 2009. Detecting influenza epidemics using search engine query data. Nature, 457(7232), pp.1012-1014.
Herath, T. and Rao, H.R., 2009. Protection motivation and deterrence: a framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), pp.106-125.
Lavenex, S. and Wichmann, N., 2009. The external governance of EU internal security. European Integration, 31(1), pp.83-102.
Merete Hagen, J., Albrechtsen, E. and Hovden, J., 2008. Implementation and effectiveness of organizational information security measures. Information Management & Computer Security, 16(4), pp.377-397.
Pahnila, S., Siponen, M. and Mahmood, A., 2007, January. Employees’ behavior towards IS security policy compliance. In System sciences, 2007. HICSS 2007. 40Th annual hawaii international conference on (pp. 156b-156b). IEEE.
Rotvold, G., 2008. How to create a security culture in your organization: A recent study reveals the importance of assessment, incident response procedures, and social engineering testing in improving security awareness programs. Information Management Journal, 42(6), pp.32-38.
Siponen, M. and Vance, A., 2010. Neutralization: new insights into the problem of employee information systems security policy violations. MIS quarterly, pp.487-502.
Siponen, M. and Willison, R., 2009. Information security management standards: Problems and solutions. Information & Management, 46(5), pp.267-270.
Subashini, S. and Kavitha, V., 2011. A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications, 34(1), pp.1-11.
Pathari and R. Sonar, “Identifying linkages between statements in information security policy, procedures and controls,” Information Management & Computer Security, vol. 20, no. 4, pp. 264-280, 2012.
Van der Linden, H., Kalra, D., Hasman, A. and Talmon, J., 2009. Inter-organizational future proof EHR systems: a review of the security and privacy related issues. International journal of medical informatics, 78(3), pp.141-160.
Warkentin, M. and Willison, R., 2009. Behavioural and policy issues in information systems security: the insider threat. European Journal of Information Systems, 18(2), pp.101-105.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
