7 Pages
1832 Words
Introduction of Policy And Legal Aspects Report Assignment
Get free written samples from subject experts and online assignment writing service in UK.
Role of Security Policy
The official definition of security policy is that it is documentation on behalf of the concerned organization in order to protect its assets of physical and information technology. Actually, it means to be safe for the system, the other organization, or any kind of other entity. On account of an organization, it appears as a constraint on the behavior of the workers as well as it gives a limitation to the nemesis of the mechanisms.
Importance of Security policy
The noteworthy significance of the Security Policy is that it reduces the risk of breaching data along with it can prevent all kinds of system attacks in the field of IT. Organizations that use Security policies are able to resist the outlawed access to fragile details s(Xu and Hu, 2018). The security policy not only protects the IT system and networks from outsider exploitation but also puts a stop to the disruption of services for instance “denial-of-service attacks”.
Role of Security policy for protecting Information Assets
An Information Security Policy helps out to understand the value of security assessment that IT firms, together with the direction required to hold fast to the rules. The Security Policy not only eloquent the plan of action in the place but also inform the important step that needs to be taken to take the edge off the liability, monitor for incidents along with address security threats.
Helps to maintain the Availability of data, Integrity, and Confidentiality
A vigorous stratagem that systematizes the process as well as makes some definite rules to help the company save against any kind of threats to the confidentiality of information, integrity as well as the availability of the information (Almeida, et al. 2018).
-
Bring down the menace of security incidents
Another important contribution of the Information Security Policy in the field of information assets is to figure out the identification procedures, evaluate as well as alleviate the security threats and susceptibilities. The Security Policy also spells out the special process that helps to prompt response by which the damage will cut back down in the matter of a security incident (Allison, 2018).
-
Put Into Effect the security programs over the organization
Another major role of the security policy is to make sure the successful execution in order to provide the structure for engaging procedures, a security program calls for information security.
-
Comes up with a clear report of the policy to the third parties
The Security policy also sums up the concerned organization’s security comportment and points out what is its process of protecting the IT assets and the resources. It permits the organization to respond swiftly to the third parties means customers, partners, and auditors, who request this information.
-
Helps in addressing the statutory compliance requirements
The organization is able to point out the gaps in the security protocols which is relative to the statutory requirements by dint of the process involves in the development of an information security policy (Rosén and Raube, 2018).
Application of security policy to the internet-based technology
As the security policy indicates the process of operation, guidelines, and the functionality that is permitted its field of application is vast. With the help of a security policy, the organization can set forth the best guidelines with the help of which the assessment of the computer network can be done. The most highlighted application of the security policy is to determine the enforcement of the policy along with it lays out the construction of the networking security condition of the respective company. By dint of updated security policy, one can know also that the process that has to opt in order to implement the security policy through the networking configuration. It not only helps to be aware of the uses of technology by the workers in the workplace but also lessens the risk of hacking the software (Feng, et al. 2019). The updating of security policy allows giving protection of company resources by recording all details as well as it also provides the notification of the wrong usage of the internet in its own way. By means of the security policy, all the important information of an organization always be secured, and cannot be leaked.
Legal Aspects and demonstration of Security Policy in the UK
The Data Protection Act 2018 better known as DPA mainly covers the common processing of personal data in the UK. it mainly controls the processing of how the personal information of an individual can be used by the governments or organizations or businesses. The EU GDPR has been augmented by the DPA. Actually, EU GDPR means EU General Data Protection Regulation that has been supplemented by filling in sections that were left to particular EU member states to be interpreted as well as implemented. The version of EU GDPR that is of the UK’s own self applies the following at the end Brexit Transition Period because of the withdrawal of the EU-Uk agreement of 2019 along with the regulation of Data Protection, Privacy, and electronic Communication in the year of 2019, better known as EXIT REGULATION; which is provided for the technical amendments that giving rise to the UK GDPR. The EU-UK Trade cooperation Agreement of 2020 is familiar with the word TCA which in the midst of other things online includes the specific provision that allows transferring the of information to the UK from the EEA in order to continue for an interregnum period without any restriction.
Legal Aspects and demonstration of Security Policy in the US
The Security policy US means the private security policy that emerged owing to the traces of development in Anglo-American community history. The typical legalized difference between the enforcement officers and pirate security officers is well clarified and within the mentioned country region it is described the usage of the special authority. The offenses and crimes that have happened can be identified and discussed by the security policy to outline the power and rules. Specifically, the importance is given to the potential liabilities of the individual in the private security industry.
Influence of security policy of an organization
There are so many advantages to the installation of the security policy in an organization. Among the most appropriate are with the help of information security policy one can keep away from the penalties and fines. Nowadays Data Breaches are usual and very common in the industry (Yazdanmehr and Wang, 2020). Due to this the reputation of a company can be damaged in the market. But the information security policy fixed this problem and way out the prestige of the concerned organization. The field of data protection plays a great role in maintaining definite policies with it. With the help of the Security policy, the company management will be able to strengthen the cultural model of the business by implementing “state of the art security compliance policies” which meet or exceed to the point requirements and regulations which be able to demonstrate market leadership in information security. The Information Security policy help to promote lucidity and the process of assessing the controls as well as it offers the point of view of supporting the institutional benefits. IT companies all the time disclose equipment or any other resources that can be deployed again in order to increase the overall performance.
Technical recommendations
For the improvement of security policy, some guidance may be followed. Such as,
Careful of the protection of the data. Paying attention to the securing wall around the data is a core area of focus in any organization today as almost 90% of security budgets are estimated for firewall technology. Another thing is to be attentive to the threats from the internals. As it is very easy to outline the threats originating from the outsider because it publishes in news and television in a wide way (Zoubir, 2018). But the inside attacks are too difficult to point out as well as to be prevented. It is recommended that the 3rd key is encrypted by the devices. Due to digitization, nowadays more or more people use mobile or any kind of personal device for their work purpose. But there is no surety that the devices are reliable. So should be sure that the system is encrypted. Next is the deletion of redundant data. To get the system up to date you have to delete the unnecessary data that helps to access the system first (Helwig and Siddi, 2020). The last two things are most important. One is to set up a strong password and make the programs up to date.
References
Journal
Allison, R., 2018. Protective integration and security policy coordination: Comparing the SCO and CSTO. The Chinese Journal of International Politics, 11(3), pp.297-338.
Almeida, F., Carvalho, I. and Cruz, F., 2018. Structure and challenges of a security policy on small and medium enterprises. KSII Transactions on Internet and Information Systems (TIIS), 12(2), pp.747-763.
Feng, G., Zhu, J., Wang, N. and Liang, H., 2019. How paternalistic leadership influences IT security policy compliance: The mediating role of the social bond. Journal of the Association for Information Systems, 20(11), p.2.
Helwig, N. and Siddi, M., 2020. German Leadership in the Foreign and Security Policy of the European Union. German Politics, 29(1), pp.1-7.
Rosén, G. and Raube, K., 2018. Influence beyond formal powers: The parliamentarisation of European Union security policy. The British journal of politics and international relations, 20(1), pp.69-83.
Xu, Z. and Hu, Q., 2018, April. The role of rational calculus in controlling individual propensity toward information security policy non-compliance behavior. In Xu, Z, C., Hu, Q.(2018)“The Role of Rational Calculus in Controlling Individual Propensity toward Information Security Policy Non-Compliance Behavior.” Proceedings of the 51th Hawaii International Conference on Systems Science (HICSS 2018). URI/DOI: http://hdl. handle. net/10125/50354 (pp. 3688-3697).
Yazdanmehr, A., Wang, J. and Yang, Z., 2020. Peers matter: The moderating role of social influence on information security policy compliance. Information Systems Journal, 30(5), pp.791-844.
Zoubir, Y.H., 2018. Algeria and the Sahelian quandary: The limits of containment security policy. The Sahel: Europe’s African Borders, Euromesco Joint-Policy Paper, pp.70-95.