An information security policy is critical in any organization as it indicates objectives and strategy the management has put in place to secure data. An organizational policy document should have clearly defined security objectives and strategy agreed upon by the administration. Furthermore, the implementation strategy should be spelled to avoid defective and dysfunctional information security policies.The three issues to address include
An organization should manage information security violations through a comprehensive security policy. Again, many times breaches are committed by employees either deliberately or accidentally even though they understand the repercussions and disciplinary actions as spelled in the information policy. Regardless of thorough training to employees on the handling of data according to established protocols and procedures, they engage in the activity for selfish gains even though they know their actions put the organization at extreme risk. Employees may not feel the impact of a breach if they know they won’t be held personally liable. Sometimes, policies adjusted in some situations, but the specific circumstance verified, transparent and documented. The particular public sector case study depicts how information security policy determines the success and failure of a business. The system ensures continuity measures are put in place to critical functions to operate when an incident has occurred. Transparency in violation helps to instill fairness and assure employee of justice as this avoids unnecessary resistance.
Technology is rapidly evolving and thus the cybercrime. In the case study, the organization will address the following cyber-security issues to protect sensitive organization data from leaking to the public sector.
The different organization has various policies but they have similarity hence can be applied across many organizations. Below is some of the information security policy that a company can implement to prevent violations.
There exist many information security threats in the contemporary world. Some of the examples of risks today involve software attacks, identity theft, intellectual property, sabotage, and extortion. Identity theft has been on the rise as people useothers personal identity information to access vital information. Sabotage involves deliberate damage website of the company to either cause loses for the company or loss of confidence for the clients.Software attacks occur in the form of introducing malicious programs into the company system in the form of worms, viruses, phishing, Trojan horses, etc. Furthermore, a data breach has become more prevalent because more devices are mobile today.
Goldman, B., &Pyatt, T. (2013). Security Without Obscurity: Managing Personally Identifiable Information in Born-Digital Archives. Library & Archival Security, 26(1-2), 37-55. http://dx.doi.org/10.1080/01960075.2014.913966
Fithen, K., & Fraser, B. (1994).CERT incident response and the Internet. Communications Of The ACM, 37(8), 108-113. http://dx.doi.org/10.1145/179606.179721
Do you need high quality Custom Essay Writing Services?