The logical structure, created to arrange documentation of the policies into classes and sub classes, which make it simpler for all personnel to recognize and explore all the details of different and various policy documents is known as framework of policy. These policies are further used in the growth, expansion and arrangement of information security in any organization.
This term paper describes that why IT security policies is similar to the US security policies. It also includes the types of policies and appropriate frameworks that are used in IT security. Implementation of any policy is the key term of that policy. The paper contains the implementation and the guidelines, frameworks, standards and procedures of a policy. This term paper also outlines the basic description of the security policies and the frameworks of policies. It states about whether the US security policies proves the thesis statement. This paper helps to understand, how security policy management is done. The description of the paper is given in the following paragraphs.
United States Security Policy
Procedures and policies are two of the words that most of the employees scare to hear (Peltier, 2013). This is because employees do not want to be mentioned what should be done. The next question is why such security policies and standards are needed in any industry (Jaferian et al., 2014). Communal and ethnic norms are extremely authoritative in forming individual etiquette, which even includes brutality. Standards can protect against brutality, but they can also reinforce and motivate the utilization of it. Cultural approval of violence as a usual technique of solving disagreement is a danger for all types of social brutality.
The policies address threats: US security policies always address threats, which mean there are different strategies that remove threats (Johnson, 2014). The goal of these policies also includes the removal strategy of those threats (Disterer, 2013).
The policies engage employees: US engages employees in the process of implementing and developing security frameworks and policies.
Time and function: US security policies deliver a field guide to the staffs about the function of the policies and the time of the tasks. These policies of an organization make it much easier for the employees to overcome the password complexity. It also makes the password simpler and easy to remember (Ilfinedo, 2014).
IT Security Policy
Access to everything: The IT security policies and frameworks play the most important role in retrieving the information. The policies authenticate the users of the information and the reasons for accessing that information are. When the procedures and policies would not be present, authenticity of that organization would be lost.
The penalty: The security policies describe all the punishments and penalties for breaking the organizations rules, especially for an IT Security. The frameworks and policies provide what the rules are, how to attain that expectation, and what the penalties or consequences are for failure to cohere to that expectation (Mazmanian & Sabatier, 1981). .
Importance of Information Security
This type of security is nothing but keeping the corporate information secure and safe. Policies and procedures address the necessity and requirement to secure and protect the information from unauthorized access, corruption, disclosure, interference and loss and these are applicable to information in logical, physical and electronic formats (Siponen, Mahmood & Pahnila, 2014). Three points identify information security. They are as follows:
Integrity: Data can neither be destroyed nor altered in any unauthorized way, and consistency and accuracy should be preserved irrespective of the changes
Availability: Information should be useable and accessible whenever on demand by the authorized entities (Von Solms & Van Niekerk, 2013).
Confidentiality: Information should not be made accessible, disclosed and available to the unauthorized entities, processes or individuals.
Types of Security Policies
There are various types of such policies in Information Technology security. These policies help to manage the network security. The different types of security policies are as follows:
- a) Virus and Spyware Protection Policy: This particular type of policy detects repairs and removes all the side effects of malware practices, security risks and virus. This policy works by using authorized signatures. Virus Protection Policy detects the probable threats, present in the files that the users try to download (Sandoval et al., 2012).
- b) Firewall Policy: The Firewall Policy detects the hacking as soon as the hackers try to attack. This particular type of policy blocks the unauthorized users from accessing the computers and eliminates the unused and unwanted sources of network traffic.
- c) Intrusion Prevention Policy: The Intrusion Prevention Policy blocks and detects the network attacks and the attacks on the browsing windows; and it protects all the applications from threats and vulnerabilities.
- d) Live Update Policy: The Live Update Policy contains all the settings, which determine when and how the client computers will download the content updates.
- e) Application and Device Control: This policy protects the resources of the system from the applications and further manages the outlying devices that are attached to the computers.
- f) Host Integrity: Host Integrity Policy provides and gives the ability to enforce, restore and define the security of the client computers and not server computers to keep the data secure and to enterprise data networks. This policy is used to verify that the clients, who access the network often, run the patches, antivirus software and all the other applications criteria that are defined.
Implementation of IT Security Policy
These types of policies and procedures can significantly diminish or reduce the duration, cost and frequency of information securities. There are five major steps in implementing IT security policy in any organization (Sezer, 2013). The steps are as follows:
- i) Identify the organizational issues: IT security policies and procedures need to perfectly and accurately indicate the organization, which they are about to serve. When the organization is not accurately reflecting the policies, the organization may find itself in a conflict between the security frameworks and policies.
- ii) Identify the classes of the policy users: The various classes of the users have various information security authorities and roles. The organization will require various security policies for each of the various classes of the users. The policies are needed to be consistent across all the various classes of the users.
iii) Organize the policies: These security policies and frameworks can be organized into various categories like physical security, personal security, information classification and control, IT infrastructure policies and policies for employees and other information users.
- iv) Analyze frameworks and policies: Security frameworks and policies are needed to be ensured that the users and the management will be supporting the standards and policies.
- v) Train all the personnel: All the employees of the organization need to know all the policy structures thoroughly and for that regular training and awareness should be provided to the staffs.
The IT security policy completely proves the thesis statement. The US security policy is matching with the system of IT security policy. The topic also includes why IT security policies are important and when it is needed to frame security policies. There is a comparison between The IT security policy and the US security policy. The research paper also includes the building of policy framework, its standards, procedure, and guideline. The main topic of the research is concerned with the different types of security policy. The implementation steps of IT security policy are clearly mentioned here, which is almost same as the US security policies.
Therefore, from the above discussion, it can be concluded that IT security policies and frameworks are used in the growth, development and planning of any organization. The comparison is done between the United States security policies and the IT security policies. The result that came out is proving the thesis statement. The paper further describes the different types of security policies and their implementation. The standards and the procedures of a security policy are given here. The above discussion covers all the points of that proves that IT security policies is similar to the thesis statement.
Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for information security management. Journal of Information Security, 4(02), 92.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-79.
Jaferian, P., Hawkey, K., Sotirakopoulos, A., Velez-Rojas, M., & Beznosov, K. (2014). Heuristics for evaluating IT security management tools. Human–Computer Interaction, 29(4), 311-350.
Johnson, R. (2014). Security policies and implementation issues. Jones & Bartlett Publishers.
Mazmanian, D. A., & Sabatier, P. A. (Eds.). (1981). Effective policy implementation. Free Press.
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
Sandoval, A. L., Kaplan, Y., Shamir, R. I., & Lu, W. (2012). U.S. Patent No. 8,095,517. Washington, DC: U.S. Patent and Trademark Office.
Sezer, S., Scott-Hayward, S., Chouhan, P. K., Fraser, B., Lake, D., Finnegan, J., ... & Rao, N. (2013). Are we ready for SDN? Implementation challenges for software-defined networks. IEEE Communications Magazine, 51(7), 36-43.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & management, 51(2), 217-224.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.