As with other valuable company resources, information must be regarded as an asset too which is invaluable to the organization and need a suitable protection against any types of threats. The dangers aren’t simply on the internet, but you know that nearly over 50% all security breaches occur from the insiders.
Information security is achieved by implementing the right set of controls in the form of policies, procedures, organizational structures, functions, and systems to make sure that the security objectives of the company are met. IT security deals with a number of important theories by ensuring that the safety of all information and the systems, procedures, and processes regarding the management and use of the data.
Information security does not ensure security.
Aims of data security are known as CIA:
1. Confidentiality: To make sure that information is available to only those authorized users to get access.
2. Availability: To ensure that authorized users have access to data and its supporting procedures, networks and systems when required.
3. Integrity: To protect the accuracy and completeness of information and associated processing methods.
The management of the data security will incorporate these areas that require the guidelines or policies.
1. Careless talk
Careless Talk is speaking about business, the office, and individuals from work, etc where you can be overheard, or talking business with people that aren’t authorized to understand. Careless talk also means providing sensitive information unintentionally to someone who wants it for a specific purpose such as dividing into the corporate assumptions or computer systems. This is called Social Engineering.
2. Email protection guideline
Email is a critical business tool for an organization communication system. The security, confidentiality and integrity of Email cannot be ensured and surely cannot be regarded as private. Due to this, you should behave professionally and appropriately at all times. If you have to send information that is confidential or sensitive and you can’t guarantee the email security, consider another method of sending this information, unless you’ve approved encryption.
3. Immediate messaging principle
Internet users are knowledgeable about IM – Instant Messaging which is a frequent communication tool that provides for two-way communicating in real time. The safety and the integrity of IM cannot be guaranteed. So, it’s not sensible to talk about sensitive business or private and personal information using Instant Messaging.
4. Internet policy guideline
Internet access should not be granted to all level of users in the business. The consumers are expected to act professionally and appropriately while utilizing the Internet. Exactly what the users do online can be monitored internally / externally and these actions can be tracked back into the computer used. The coverage and or guidelines for this particular field should be developed to support the enterprise.
5. Notebook security guideline
All the organizations have the notebooks to support their mobile workforce. As valuable organizational assets, the notebooks contain many work files and sensitive business information which must be protected all the times.
6. Office security principle
The corporate company premises and office areas have a variety of physical security controls in place, however, staff ought to be watchful at all times. The safety guidelines should be developed to manage the strangers in the workplace, the assets, clear desk, constantly screen-lock, secure faxing and photocopying and assure the virus scanning.