Information security, as well as protection of information, the task is complex, aimed at ensuring security, implemented the introduction of safety systems. The problem of information security is a multifaceted and complex and covers a number of important tasks. Information security problems are compounded by constant process of penetration into all spheres of public facilities and data processing and, above all, the computer systems. To date, set forth three basic principles that should ensure information security: data integrity - protection against failures, leading to loss of information, as well as protection from unauthorized creation or destruction of data; confidentiality of information; availability of information to all authorized users (Fisher, 2000).
Discussion and Analysis
Information Security Policy
Brancheau (1996) defined policy as any general rule that has been laid down in an organization to limit the discretion of subordinates with the more important of these rules promulgated by top management. Much of the existing IS scholarly literature is generally about IS policy and not specifically about information security policy. Some of this research has focused on IS policy planning and its role in establishing an appropriate organizational culture favorable to information technologies. Another study linked the effect of organizational culture on IS policy and managerial effectiveness. In information systems, policy takes on particular importance with respect to security. Information security policy has been called the precondition to implementing all effective security deterrents and may be more vital to reducing computer crime than devices like firewalls and intrusion detection systems. Of all the controls necessary to protect organizational information from threats, the information security policy may be the most important one (Baskerville, 2002).
While the published academic research on security policy is somewhat limited, the number of publications available from practitioners and governmental bodies is more substantial. Frazier and Barron (2004) explain that policies act as a clear statement of management intent and are central to virtually everything that happens in the information security field. Without a vital policy document, overall guidance will be lacking and managerial support called into question. The National Strategy to Secure Cyberspace repeatedly references security policies and standards as an essential part of protecting networked systems. Information security policies are sometimes framed in a life-cycle context with emphasis on development, enforcement, and maintenance while advising that security policy be consistent with business objectives and impacting organizational security (Abouzakhar, 2002).
Although information assets are specific to the roles and strategies of each company, can be contained within other categories such as contractual and legislative compliance, the assets they need prevention against the virus, the major assets of the business recovery as security risks, etc.
The range of IBM Security Policy Definition investigates the requirements of information security; the priorities associated with it and create a custom security policy that clearly shows the commitment in the management of a corporate security program.
The IBM Security Consultants will work together with employees to develop a detailed work plan and continued and ensure that all work is designed to meet the needs of ...