Working after dark!

--Originally published at The shield of the world

So…I have a business but, how do I protect it? This is where the Security policy play his game. A security policy is a document that states in writing how a company plans to protect the company’s physical and information technology assets. It defines the goals and elements of an organization’s computer systems. The definition can be highly formal or informal. Security policies are enforced by organizational policies or security mechanisms. A technical implementation defines whether a computer system is secure or insecure. The policies can be categorized into the 3 security principles.

Internet security

A security policy is often considered a “living document”, meaning that the document is never finishes, but is continuously  updated as technology and employee requirements change. A company security policy may include a description of how the company plans to educate its employees about protecting the company’s assets, an explanation of how security measurements will be carried out and enforced, and a procedure for evaluating the effectiveness of the policy to ensure the necessary corrections will be made.

The National Research Council has specifications that every company policy should address:

  • Objectives
  • Scope
  • Specific goals
  • Responsibilities for compliance and actions to be taken in the event of noncompliance.

giphy (2)

For every IT security policy are sections dedicated to the adherence to regulations that govern the organization’s industry. An organization’s security policy will play a large role in its decisions and direction, but it should not alter its strategy or mission. Therefore, it is important to write a policy that is drawn from the organization’s existing cultural and structural framework. The policy should not be generic should be personalized to let the company achieve its mission and goals.

The policies may include: