Importance of Information Security Policy
Essay by Paul • August 13, 2012 • Research Paper • 1,017 Words (5 Pages) • 2,909 Views
Importance of Information Security Policy
CMGT/400
Introduction
Information technology security plays a huge role in the information technology industry. The reason it plays such a big role is without security a company would not be able to keep any of its information such as day to day business or customer information private. Having this information available to anyone would make the company investors upset along with its customers. Therefore companies need to implement security policies.
Policies
Some of the above mentioned policies would be policies for Internet and email use, web server security, and desktop configuration management. There are several more policies that a company could implement however I think these will be sufficient for this paper to go over. Along with talking about these policies I will also talk about the different levels of security and about the people it affects.
Internet and email policy is needed help from employees downloading an infected file. In some situation, a client might only visit an infected web site once to be infected. Nonetheless, a most cases will require the circulation of infected files through email or downloads.
Acceptable use policies could entail a selection of controls, including limiting the type of web sites that can be viewed. The time spent on activities on the web, limits of software downloads, and limitations of the type of software a client can use to access internet services. For example, the use of Peer-to Peer (P2P) networking software has lead to high amount breaches of confidential information. Email acceptable use policies are associated closely and could be connected with internet acceptable use policies to assist in the reduction of risk for users making serious information security mistakes.
Technical attacks of various forms against web servers are crafting an increasing network of infected web sites that could distribute malicious software to clients. This is by far the most frequent type of SQL injection attack against web based applications. This type of attack can be very damaging because a legitimate site becomes an accomplice in infecting real customers of the site.
All organizations should incorporate a web site security policy to help against the type of attacks mentioned above. After looking at several business models I found that a lot less than expected companies have a formal policy.
Secure application development policy being a related and critical policy. Having this policy will spell out different controls for designing,
A related and equally critical policy would be a Secure Application Development Policy. This policy would define various controls for designing, developing and deploying security applications. Whereas this is a main necessity of PCI-DSS version 1.2, the widespread expansion of web applications develop indicated that secure application advancement needs to be part of any company that manages an active web site that uses a database.
The first step in the attack against most enterprises is the exploitation of an application running on the user desktop. Common applications are Adobe Acrobat, Flash and Microsoft Office. In short, these are the applications that
...
...