LAW AND POLICY CASE STUDY

Law and Policy Case Study: Information Security



Law and Policy Case Study: Information Security

Introduction

Organizations are entities that gather many components from environment such as people, material and information to achieve the desired goal. Certain laws, regulations and policies guide the action of corporations and ensure the integrity, confidentiality, availability of information and information systems.

Discussion

Policies are basically set of rules and procedures for the employees. Information security thrives to assure the safety of organization's data from attacks. Protocols are established in an attempt to achieve maximum data availability, integrity and confidentiality. Two major policies rein in an organization, organizational policies and government policies.

Government policies are issued by tribal, local, state, or federal government. These government policies provide framework to the governmental organizations, in framing policies and procedures for the protections of assets pertaining to information and technology (British Columbia, 2011). On the other hand, the organizational policies are established to guide the organization's conduct to conform to the laws, policies and regulations stipulated by the government and law enforcement agencies. Organizational security policies serve multiple purposes such as, set rules for expected users, management, system administrators, security personnel, protect people and information, authorize monitoring of system by security personnel, define, probe, and investigate the consequences of any breach of authority or violation; define the stance on security by company consensus; track compliance with the legislations and regulations, and help minimize the risk (Canavan & Diver, 2007).

The two policies by government and organization are stipulated to ensure that the framework is robust to the potential risk associated with the organizational data and information. It is the responsibilities of the organization to train each employee, for handling the organizational data, understand the company policy to conduct their duties, their boundaries of authorities and consequences of breach. The organization should further check on the employees to make sure that policies are implemented effectively.

Danchev of Windows Security endorses the role of information security policies. These policies implemented by the organization should be precise and enforceable. The organization should inform the staff on the authorized use, and handling of sensitive information of the organizational and also make them understand the prohibited activities (Danchev, 2003). Effective security policies enlist the instructions to keep the user ID and password safe, how to handle the accounting data of the accompany, how to tackle intrusion attempts, potential security incident, how to properly use the corporate ...