POLICY PAPER Information security is the primary concern to be considered for the success of the company. This policy paper is for NAMTECHSYSTEMS, a leading manufacturer of modems and IC’s. This policy paper describes the various policies to be considered to protect the information security of the company. a) BASIC PURPOSE: a) To protect NAMTECHSYSTEMS’s sensitive information b) To authenticate user information c) To provide sensitivity of information only to employees d) To maintain confidentiality e) To prevent computers from being hacked f) To minimize risk to the company’s data g) To maintain integrity of all information related to NAMTECHSYSTEMS b) SCOPE: This policy applies to all persons, organizations, contractors, employees, consultants related either directly or indirectly to NAMTECHSYSTEMS. The policy also applies to and electronic devices or third party agents accessing information related to the company. c) DEFINITIONS: d) POLICY: a) OWNERSHIP All data and resources, employees and other sources of information which is used directly in the name of the company is owned by the NAMTECHSYSTEMS b) GENERAL USE • All employees, contractors and sources who have permission from the company are eligible to use the company’s resources • All users who are permitted to access the company’s resources and data are expected to maintain the confidentiality of the data • At any circumstances the permitted users are shall not release the company’s sensitive information either
1.3 – All members of staff have different responsibilities and levels of authority when processing customer information. Because dealing with data relative to recruitment, compensation and management is highly sensitive. Therefore only employees with given clearance can access and update certain data to ensure they maintain a professional attitude as if there was not any levels of authority then the information could be prone to being misused to commit fraud and other violations.
Confidentiality is the protection of information from unauthorized access. This is the assurance that information provided has not been made known to unauthorized persons, processes or devices. The application of this security service suggests information labeling and need-to-know imperatives are core aspects of the system security policy. Information, in today’s world, has value and everyone has information they wish to keep secret. Information such as credit card details, trade secrets, personal information, government documents, and many more. It was stated (Securitas Operandi™, 2008) that, we are bound to keep many secrets – corporate, staff, and personal secrets. We must keep this confidential information under wraps and earn the trust of employers, colleagues, and regulators every day. Mechanisms to enforce this include cryptography, which is, encrypting and decrypting data, access controls such as
Sadly, there is no way to alleviate the numerous amounts of threats that haunt networks and computers worldwide. The foundation and framework for choosing and implementing countermeasures against them are very important. A written policy is vital in helping to insure that everyone within the organization understands and behaves in an appropriate manner with regards to the fact that sensitive data and the security of software should be kept safe.
To summarize “Internal use only “data is restricted so anyone not working for the company would not be able to access it. To have access of any company information off site you would need to be assigned company authorization like username and password to logon. We do not want our infrastructure breached by outside threats to the system. This will briefly describe three of the seven domains within the IT infrastructure that are affected by this standard.
internal and external users to whom access to the organization’s network, data or other sensitive
the private data, also stealing and manipulating it. As the need and dependency of Information
Each company may have different kind of sensitive information, for example for a bank both credit card numbers and marketing strategy may be considered as a compromising data; therefore there must be a clear policy governing who has access to different type of sensitive information, a bank officer serving a customer may have access to credit card numbers while marketing specialist reviewing promotion strategy of the bank may be able to access marketing data.
Every organization must have adequate control mechanisms in place to help protect sensitive information from the distribution or transmission outside the organization, inappropriate disclosure, and control of how the information accessed is used. Companies should have policies in place that outline the course of action to take should inappropriate usage or disclosure of data be
From the Requirements for the Corporate Computing Function, the fifth computing facility fulfillment point reads, “Meet information requirements of management” (Stallings, 2009, p. 58). Stated in another way, this Chief Information Officer’s (CIO) mission statement’s component implies that company information can be utilized by management for a great deal of things. While the security of all company-owned data is immensely important to the success of the organization, some of the information carries significant value when used by
Users with certain rights may misuse their privileges to steal company data and sell it competitors.
Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of IDI which must be managed with care. All information has a value to IDI. However, not all of this information has an equal value or requires the same level of protection. Access controls are put in place to protect information by controlling who has the rights to use different information resources and by guarding against unauthorised use. Formal procedures must control how access to information is granted and how such access is changed. This policy also mandates a standard for the creation of strong passwords, their protection and frequency of change.
2 Since the security is weak it can cause problems if the sensitive data is leaked out of the company in any way.
Moreover, now days using information system is not as walking as in the park, it has many new security treats that the company might lose their confidential data, financial and personal information.
Confidentiality must be met in the storage, processing, and transmission of data in an organization. For example, we are going to look at a major recent data breach. On March 8, 2017, the US department of homeland security sent Equifax and notice to patch a vulnerability in versions of the Apache Struts software. On March 9, Equifax dispersed the information to applicable personnel. Although told to apply the patch, Equifax security team did not find
It is every company mandatory requirement to make sure sensitive data is protected from public access at all times. In large organization sensitive information such as employee salary and performance should be kept confidential from most of the DBA users. For this DBMS uses database security and authorization subsystems that is responsible for security to the portions of database or to restrict the access to the sensitive information.