Policy in Organization
In today’s world there are lots of
cyber crime and data leaks. To protect the companies’ information is not easy
as it looks, buy software and it will fix everything. Every organization need
security based on their size of their organization and security needs. Security
vendors offer some if the latest technology to impress executive but that does
not fix all the security problems. This creates a never-ending loop because
every time have a security problem and they say, “we need to buy new tool.”,
which left executives exhausted from spending crazy money like the never-ending
problems were a giant black hole. I would say you need the right person for the
job who is well educated with security and who can justify every dollar for
your security needs which is best security. These are the few steps that can
help us to have better security system for our organization.
budget to our organization information security management system or security
strategy and roadmap.
security budget to consistence problems reported and recorded.
how every dollar spent on security will address existing business hazard and
help enhance the organization operating risk posture.
and consolidate tooling ability to such the technology is fit for reason and
fit for use.
a return on security investment though measurements either subjective or
There are many advantages of
developing security policy within an organization. Security policy can protect
organization through proactive policy stance, establishes the rules for user
behavior and any other IT personnel, define and authorize consequences of
violation, establish baseline stance on security to minimize risk for the
organization and ensure proper compliance with regulation and legislation,
organization also minimize the risk of data leak or less. Security protects
from “malicious” externa, and internal users. This can also help organization
when legal issues arise. Security policy is important because it allows
employees to know what is required of them and helps them adhere to safe and
secure process. It allows management to monitor their security against a
corporate standard. Don’t wait until organization becomes the victim of
cybercrime. It is time to implant a security policy now.
In 2017, average cost of data breach
containing sensitive and confidential information is up to 3.62 million USD.
There are many different option for every security system and what you like to
protect. Some security vendor may have option to protect organization from
every angle, so it maybe high in cost to purchase on entire security package
from one provider. At lowest, investing in a firewall and antivirus software
that stop viruses at the gateway into the network. This can be very high in
cost for small businesses. Company can also protect company’s information by
getting a hosted virtually through online services. Company having a physically
server might cost high in beginning than having virtual server online with
provider like amazon. All though amazon does have cheapest backup storage for
glacier backup at $0.005/GB.
The real thought behind any security
arrangement advancement process will be the level of process development. As
the procedure develops in development, one will have the capacity to build up
the full scope of strategies with more detail incorporated into each and going
with procedural documentation as required. The best arrangement will originate
from a mix of these methodologies, both best down and base up. With a specific
end goal to accomplish this it is something that must be considered from the
start and should be reflected in the assorted variety of regions engaged with
strategy advancement and the sorts of survey arrangement experiences.
Approach improvement should likewise
consider to what degree the strategy ought to reflect current practice versus
favored future. Composing an approach that reflects just exactly what is done
today might be outdated even when it is distributed, while an arrangement that
incorporates controls which can’t yet be possibly executed might be difficult
to agree to for specialized reasons and may in this way be overlooked as
doubtful and unworkable. Noxious outside assailants as infections and worms
draw in much media consideration and in like manner should be considered when
composing approach, different contemplations that are in any event as essential
incorporate catastrophic events, displeased present and previous
representatives and obliviousness prompting unintentional security exposures.
security arrangement does not develop the requirements of a customer on
specific information structures. It is fairly the augmentation between the
client’s wants and communicated necessities that can be associated with develop
a data framework. A security course of action should obviously express the
customer’s wants, and should be established on an evaluation of the risk to a
client to the customer’s desires not be met. This hazard based evaluation
dodges an infeasible, willful, or excessively restrictive security course of action.
Barreiro |in IT Security, January
15, 2012, 10:00 PM PST. (n.d.). How to sell information security to management.
Retrieved January 06, 2018, from https://www.techrepublic.com/blog/it-security/how-to-sell-information-security-to-management/
(2018). Cost of Data Breach Study | IBM. online Available at:
https://www.ibm.com/security/data-breach Accessed 6 Jan. 2018.