Information security policy, while being one of the most important steps in helping to secure an information system, is also one of the most frequently overlooked and misunderstood in small businesses. Performing the steps necessary to create strong, effective, and more importantly, enforceable policy are usually perceived to be beyond the resources of most small businesses.Yet with the pervasiveness of small business, these information systems can become unwitting tools for attackers and provide a stepping stone for larger attacks on enterprise networks.
By understanding the pertinent issues in creating and maintaining effective policy, small businesses can create workable rules by first understanding the psychology of their workers, the Information landscape in which they operate, and the value of the information being protected.
Intresting.....??? Okay... then move on... click on the below link for more:-
4 comments:
It is easy to talk on an idealistic plane that every company should have a security policy. It is equivalent to talking about World peace. We all know that there can never be world peace because Humans are designed to destroy each other. Similarly a security policy is only as good as the foresight of the management of an organization and the competence of the personnel responsible for discharging it. In India management is not to concerned with it as it is cost and even if they were, the line below is usually incompetent and incapable of either formulating or maintaining a policy for that business environment. This stems from the fact that in India, people are Jack of all trades and Master of none. The priority of a small business is to survive and sustain itself. Policies are for companies who are mature enough and have the supporting proccess in place.
In India, people generally like to be spoonfed. There are a small minority who would like to or are capable of taking charge and getting tasks executed.
Management of any company should understand that their information or Intellectual Properties are under threat from cyber criminals and should have the foresight to act accordingly.Action in this case would be to atleast carry out a basic security posture assessment and formulating some sort of a security policy to protect this information from leaking out. Management can only go so far in laying down the policy, it's actual compliance and enforcement depends to a great extent on the competence and capabilities of the personnel entrusted to enforce it.
Comanies should ask themselve "Why do we need a policy"? What are we going to achieve?" The answers to these questions would be the guiding path for a viable and practically enforceable policy.
Post a Comment