Advanced Search
Home : News : Special Reports : Corporate IT security
Page navigation Browse related articles
« Previous article Next article »

Setting and maintaining successful security policies (page 1 of 2)

  • Sunday, August 16 - 2009 at 10:06
Related content
The importance of protecting business critical... »
Network security: Multiple layers of protection »
IT security: From cottage industry to organised crime »

Data security is not just down to the IT department. Securing critical business information is the responsibility of the whole company. To do that, you need a well-written, easy-to-understand security policy so that everyone knows where they stand in relation to dealing with the company's information.

By Martin Lynch

These days, it's fair to say that your own employees pose as much of a threat to your sensitive data as shadowy cyber criminals and their sneaky malware. Numerous recent studies of employees have highlighted the problem.

Earlier this year, the Ponemon Institute, which conducts independent research on privacy, data protection and information security policies, released a study conducted among US workers that revealed that six out of 10 employees stole company data upon leaving their job in the last year. A higher proportion admitted to using the stolen data to get their new job.

A separate study in the UK by Infosecurity Europe, found that more than a third of employees would steal sensitive data if they thought they could make some decent money from selling it on. Alarmingly, 2% said they would steal data for a good dinner. So where do you start?

The best security system starts by developing a security culture within your company. The first, and most important, step in that process is creating a security policy.

A security policy, at its simplest, allows you to:
- outline the company's stance on data security
- identify what data needs to be protected
- educate employees about security issues and measures
- inform employees what is, and what is not, acceptable usage behaviour and the penalties for violating the rules
- create a framework for monitoring data and systems usage
- keep your business compliant with legislation and regulations

"The greatest threat to data security is lack of awareness, both at a corporate level and at an end user level," says Rik Ferguson, Senior Security Analyst at Trend Micro. "The security policy exists to authorise courses of action within the various areas of the company."

Driven from the top down


From those employed in the mail room to the CEO in the boardroom, data security is something that everyone has to take seriously or else the protection systems you put in place will fail.

While securing that data might require an IT solution, a good security policy must be initiated in the boardroom and fed down through the company. If you're not sure what exactly your security problems are, carry out a risk assessment process to discover your weaknesses.

Ferguson adds: "It is essential that the Board and chief executive level of the company are instrumental in designing the principles that the organisation will follow when securing information."

There is no 'one-size-fits-all' when it comes to security policies. Every company is different and the data they deal with ranges widely in value. A small company looking at security for the first time need only concern itself with the basics in a document that is just a few pages long.

A larger business with some existing security guidelines may have to create a number of security policies to address different workgroups. For instance, a technically-detailed security policy is not going to be read by most employees. Therefore, it has already failed. Tailor the security policy for the key groups in the business.

Good security policies


The best security policies should not come across as draconian either. They are not just there to police your workforce and club them over the head every time they visit Facebook on their lunch-break.

The policy should also not make it more difficult for people to do their jobs, as that will damage business performance and create a poor working environment.
Enlarge »
1
2
Next page »
Article Options
StaffStaff
Sunday, August 16 - 2009 at 10:06 UAE local time (GMT+4)

Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of AME Info FZ LLC / 4C.

This article was updated on Tue Aug 18 2009.

Disclaimer »

Articles in this section are primarily provided directly by the companies appearing or PR agencies which are solely responsible for the content. The companies concerned may use the above content on their respective web sites provided they link back to http://www.ameinfo.com

Any opinions, advice, statements, offers or other information expressed in this section of the AMEinfo.com Web site are those of the authors and do not necessarily reflect the views of AME Info FZ LLC / 4C. AME Info FZ LLC / 4C is not responsible or liable for the content, accuracy or reliability of any material, advice, opinion or statement in this section of the AMEinfo.com Web site.

For details about submitting your stories, please read the guide - all content published is subject to our terms and conditions

Events Directory
See all 0 events this monthNo events this month

Organise your events diary by accessing the region's biggest directory of business events in the region

Organising an event? List it for free »
Newsletters

Stay informed with timely insight, analysis and news direct to your inbox
Subscribe to our range of e-newsletters

Business Directory

More than 235,000 business people visit the AMEInfo Business Directory every week - start growing your customer base today by listing your company details.

List your company details for FREE in the region's biggest online directory »

Access company information for 14 countries in the Middle East for FREE

Latest Jobs
Customer Service Representative
Irbid, Jordan
Attractive Salary
Accountant
Dubai, UAE
Attractive Salary
Browse all jobs »
News Alerts

Track your competitors and spot market opportunities. Get Watchlist news alerts on industry or individual company news, straight to your Inbox

Tools

AMEInfo tools:

Weather Forecast
See what the weather is forecast to be like for your area
Currency Converter
Track the latest foreign exchange rates across the major global currencies
Current World Time
Find clients' business hours across global time zones
Travel Visa Requirements
Check all visas requirements when booking business travel trips
Broadband Checker
How does your broadband compare?
Businesses for Sale
Find a business opportunity
AME Info Services
Superbrands
ABC ELECTRONIC

© 1996 - 2012 AME Info FZ LLC, A 4C Service. All rights reserved.

Advertising | Contact | Content | Corporate | Feedback | Privacy Statement | Terms of Service | Featured sites | Web Feeds