Information Security Awareness Policy
Information security is a practise that is used to prevent unauthorised user to access the data. It make sure that confidentiality, integrity and availability of data. The information security can be achieved by using antivirus software, firewall, encryption software and training standards. In this few articles related to information security awareness that says that various laws and regulations are used so that they can access the data, process and store in a way that they are secure. All the information awareness policy that is used makes sure that confidentiality, integrity and availability is met. Information security awareness policy is used so that employees become aware about the security threats. Information security awareness policies are used so that risk management could be handled. Information security states that data should be encrypted so that even in case of leakage data is not leaked. It is also suggested that data signatures should be used so that authentication is met.
Information Security Awareness Policy
Lubis, A. and Lubis, M. (2017). Information Security Awareness at the Knowledge-Based Institution: Its Antecedents and Measures. Available from https://www.sciencedirect.com/science/article/pii/S1877050915036121 Accessed on 14 oct 21018
The article that is referred is “Information Security Awareness at the Knowledge-Based Institution”, written by Abdul Rahman Ahlan and Muharman Lubis. In this article author stated that that security awareness policies are needed in every organisation so that negative effects could be encountered. Various security solutions are suggested like use of strong passwords to access the computer. In the article it was suggested that software should be kept up to date so that viruses are not penetrated into the system. It is also mentioned in the article that file sharing should be avoided as it adds risk to the computer system. The sensitive information should be encrypted so that even if the files are leaked the information is not accessed by anyone. Information security awareness policy states that proper access control list should be defined so that only valid and authenticated uses are able to access the information. In this article findings are useful as they encourage stakeholders and employees to understand information security policy behaviour. Information security threats are increasing due to which security breaches are increasing. Thus, information security procedures are listed so that data could be protected from all the malicious attacks.
Northern university, A. (2017). INFORMATION SECURITY AWARENESS TRAINING. Available from https://nau.edu/university-policy-library/wp-content/uploads/sites/26/Information-Security-Awareness-Training.pdf Accessed on 14 oct 21018.
The second article that is analysed is “Information security awareness” written by northern Arizona University. In this article author stated that awareness should be spread by training session so all the employees become aware about the malwares that are present. It is important to do as it was recently seen that employees are not aware about the malwares. The reason of this policy is to make sure that all the authorised users have the understanding about the security threats and risks. It is recommended by the author that this policy must be used to secure the information. If comparing the suggestion with the author of the above article. It is found in this article author states that users should become aware first and in the above article some of the ways are offered through which data could be secured. The policy in the article states that information security training should be developed so that current threats and emerging threats could be resolved. Author states that prevention should be taken regarding all the malicious activities so that information remains protected.
Mackay, M. and Balikhina, T. (2017). AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES. Available from https://airccse.org/journal/jcsit/5213ijcsit06.pdf Accessed on 14 oct 21018.
The third article that is analysed is “An effective method for information security awareness raising initiatives” written by AliMaqousi1, TatianaBalikhina and Michael Mackay. In this article author proposed various ways through which information security awareness could be introduced. Apart from that they offered the threats that exist in the system so that users can become aware about the IT threats. Then they are trained so that they can use the knowledge to mitigate from the threats. The information security awareness program was developed by the author that covers various steps; the first stage is analysis stage that identifies the security concerns and the second stage is implementation stage that spreads the awareness and then future designs maintain plan. In this paper, security awareness programs that are needed by an organisation are discussed. The security culture can be created by increasing the user awareness by making use of strong password. The author suggested that a security awareness team should be kept that keep employees updated about all the security threats and vulnerabilities. This paper addresses the need of security awareness in an organisation. It makes sure that user become aware about the security concerns so that they can maintain privacy of information.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.
It is clearly said that security polices and procedure are important and every employee should receive security awareness training so that attacks could be mitigated. It suggested that every business should offer security awareness training in an organisation. It is important to educate the staff so that they can handle the entire situation and sensitive information could be protected. The security awareness program covers the best way through which information breaches could be avoided, the author suggested that information and sensitive data should be backed up so that it case of failure data could be recovered easily. Business continuity management plan is defined so that even in case of failure information could be recovered.
It can be concluded from the first article that data should be encrypted so that it can be accessed only by valid user and others are not able to access the information. It makes sure that security breaches are reduced. The other article recommended that training sessions should be there in an organisation so that staffs become aware about the threats and risk. Apart from that, in eth other article author suggested that access control list should be maintained so that only valid users are able to access the information.