Create a 9 pages page paper that discusses importance of information security policy.
Create a 9 pages page paper that discusses importance of information security policy. The policy should also include the security of the employees and all stakeholders involved in the organization. An efficient security policy is an essential pillar of proper security practice. The trouble, however, is that very few organizations invest ample time to create decent policies. instead, they settle for sample policies from the web or borrow from a performing organization’s policy. The result is a security mess that often leaves the organization open to unpredicted security risks. A comprehensive policy, however, should cover all security concerns, from the user and the responsibilities thereof to the actual information and all the standard security issues.
Workman, Phelps, & Gathegi (2013), view the primary role of managers as far as security goes, as providing well-defined procedures for identifying and managing security risks. According to Workman et al.’s (2013) view, security is a behavioral issue. Therefore, a security manager’s aim is the mitigation of risk exposure by employing threat identification procedures, asset appraisal and control, as well as a reduction of losses associated with threats. A manager will, therefore, have to, “survey and classify assets, conduct security reviews perform a risk analysis, evaluate and select information security technologies, perform a cost/benefit analysis and test security effectiveness” (Workman, et al., 2013, p. 101). These are all factors that should be factored in when developing an effective information security policy document. It not only ensures the security of information but also enhances its access and dissemination thereof.
Information is useless if not disseminated to the right person at the right time. Therefore, an effective information security policy must bear guidelines on secure information dissemination channels within an organization. Effective dissemination and flow of information are vital to an organization’s overall goal achievement.