Outline Security Policy Document Project for Global Distribution Incorporation

Topic: Security Policy Document Project for Global Distribution
General purpose: To inform the company management about the security
threats resulting from weak security policies and necessary policy
measures to protect the company from future threats.
Specific objective: To develop security policies that address specific
threats that the company is facing at the moment and potential threats
that may emerge as the company grows and diversifies.
Thesis: As technology advances and a company grow, security threats will
continually increase, but this challenge can be countered by formulating
effective security policies.
Security policies are the heart of the company’s security program
because all security measures to be taken by the company in the long-run
and in the short-run derive their guidelines from the policies in place.
Security threats are increasing with technological advancement where
over 90 % of established companies report having been victimized by
internet security breaches at a point in time (RSA Security, 2000).
The formulation of effective security policies is an important step
towards establishing guidelines and security standards that enhance
company’s capacity to access corporate information and other
application programs.
Preview of main points
Guidelines for personal security are essential when developing,
documenting, and successful implementation of security measures.
Personal security guidelines begin with awareness training on current
and emerging Information technology (IT) threats and formulation of
policies for security violation sanctions (Washington State Department
of Information Technology, 2001).
Contractor / employee separation and policies to regulate vendor
contacts are essential in protecting the integrity of the company’s
information system (WSDIT, 2001).
Physical security guidelines help company management in preventing
physical security breaches and other potential IT security threats.
Physical security guidelines include location and facility layout,
facility access control, physical data storage, and off-site media
storage (RSA Security, 2000).
Remote computing (including personal digital assistance and portable
data storage devices can be enhanced by policies that address suitable
encryption solutions and system back-up media (WSDIT, 2001).
Data security guidelines assist the management in ensuring that customer
data and other confidential information is not accessible to
unauthorized persons.
Guidelines for data security include data classification (confidential,
public, data requiring special handling), data back-up (protect against
loss of data), data restoration (in case of fatal attack leading to
system failure) (WSDIT, 2001).
Methods of data transfer and storage are secured by encryption products
such as the secure transfer of electronic files, data storage, and the
secure e-mail delivery (Danchev, 2003).
Reliable network security is unavoidable for companies that use the
internet to serve their customers.
Several policy guidelines are important for successful network security
including network breach detection, authentication and encryption of
wireless devices, and patch management (WSDIT, 2001).
Guidelines for prevention of network security breach include anti-virus
protection, e-mail client, and web browser security (Danchev, 2003).
Access security guidelines help organization in controlling the end user
access and utilization of an organization’s application.
General access guidelines include the use of logon and password to
regulate access of customer confidential data and information by
unauthorized persons (WSDIT, 2001).
Remote access should be made secure by proper configuration of access
devices used by end-user via remote access system (RSA Security, 2000).
Security threats associated with internet-based applications (internet
access) should be made secure by the determination of mandate
requirements and quantification of potential impact (WSDIT, 2001).
Increase IT security threats has necessitated the formulation of
effective policy guidelines to safeguard the confidentiality of
organizations from current and emerging threats.
Security policy guidelines assist organizations in responding to
security threats rapidly and in an effective way.
Essential guidelines can be classified as personal, physical, data,
network, and access security guidelines.
Danchev, D. (2003). Building and implementing a successful information
security policy. Mahe: Internet Software Marketing Limited.
RSA Security (2000). A guide to security policy: A primer for developing
an effective policy. Keon: RSA Security.
Washington State Department of Information Technology (2001).
Information technology security guidelines. Washington DC: Washington
State Department of Information Technology.

Close Menu