SecurityPolicy in OrganizationRisit JambudiDate: 01/06/2018 In today’s world there are lots ofcyber crime and data leaks. To protect the companies’ information is not easyas it looks, buy software and it will fix everything. Every organization needsecurity based on their size of their organization and security needs. Securityvendors offer some if the latest technology to impress executive but that doesnot fix all the security problems. This creates a never-ending loop becauseevery time have a security problem and they say, “we need to buy new tool.”,which left executives exhausted from spending crazy money like the never-endingproblems were a giant black hole. I would say you need the right person for thejob who is well educated with security and who can justify every dollar foryour security needs which is best security.
These are the few steps that canhelp us to have better security system for our organization.- Adjustbudget to our organization information security management system or securitystrategy and roadmap.- Adjustsecurity budget to consistence problems reported and recorded.- Showinghow every dollar spent on security will address existing business hazard andhelp enhance the organization operating risk posture. – Institutionalizeand consolidate tooling ability to such the technology is fit for reason andfit for use.- Showinga return on security investment though measurements either subjective orquantitative.
There are many advantages ofdeveloping security policy within an organization. Security policy can protectorganization through proactive policy stance, establishes the rules for userbehavior and any other IT personnel, define and authorize consequences ofviolation, establish baseline stance on security to minimize risk for theorganization and ensure proper compliance with regulation and legislation,organization also minimize the risk of data leak or less. Security protectsfrom “malicious” externa, and internal users. This can also help organizationwhen legal issues arise. Security policy is important because it allowsemployees to know what is required of them and helps them adhere to safe andsecure process. It allows management to monitor their security against acorporate standard. Don’t wait until organization becomes the victim ofcybercrime.
It is time to implant a security policy now. In 2017, average cost of data breachcontaining sensitive and confidential information is up to 3.62 million USD.There are many different option for every security system and what you like toprotect. Some security vendor may have option to protect organization fromevery angle, so it maybe high in cost to purchase on entire security packagefrom one provider. At lowest, investing in a firewall and antivirus softwarethat stop viruses at the gateway into the network.
This can be very high incost for small businesses. Company can also protect company’s information bygetting a hosted virtually through online services. Company having a physicallyserver might cost high in beginning than having virtual server online withprovider like amazon. All though amazon does have cheapest backup storage forglacier backup at $0.005/GB.
The real thought behind any securityarrangement advancement process will be the level of process development. Asthe procedure develops in development, one will have the capacity to build upthe full scope of strategies with more detail incorporated into each and goingwith procedural documentation as required. The best arrangement will originatefrom a mix of these methodologies, both best down and base up. With a specificend goal to accomplish this it is something that must be considered from thestart and should be reflected in the assorted variety of regions engaged withstrategy advancement and the sorts of survey arrangement experiences.Approach improvement should likewiseconsider to what degree the strategy ought to reflect current practice versusfavored future. Composing an approach that reflects just exactly what is donetoday might be outdated even when it is distributed, while an arrangement thatincorporates controls which can’t yet be possibly executed might be difficultto agree to for specialized reasons and may in this way be overlooked asdoubtful and unworkable. Noxious outside assailants as infections and wormsdraw in much media consideration and in like manner should be considered whencomposing approach, different contemplations that are in any event as essentialincorporate catastrophic events, displeased present and previousrepresentatives and obliviousness prompting unintentional security exposures.
Asecurity arrangement does not develop the requirements of a customer onspecific information structures. It is fairly the augmentation between theclient’s wants and communicated necessities that can be associated with developa data framework. A security course of action should obviously express thecustomer’s wants, and should be established on an evaluation of the risk to aclient to the customer’s desires not be met. This hazard based evaluationdodges an infeasible, willful, or excessively restrictive security course of action.
Reference AlfonsoBarreiro |in IT Security, January15, 2012, 10:00 PM PST. (n.d.
). How to sell information security to management.Retrieved January 06, 2018, from https://www.
techrepublic.com/blog/it-security/how-to-sell-information-security-to-management/Ibm.com.(2018). Cost of Data Breach Study | IBM. online Available at:https://www.
ibm.com/security/data-breach Accessed 6 Jan. 2018.
