POLICIES AND GUIDELINES FOR MANAGING ORGANIZATION IT
SECURITY ISSUES (P4).
Security policies and guideline is the document which has been written in
organization defining how to protect organization from threats and what should
be done when they occur. Security policy must recognize all organization assets as
well as potential threat to those assets. In organization, security policy should
outline key items such as organization network, organization building and others
which need to be protected. Security policy should be circulated to all employees
in organization Security policies in organization needed to be continuously
updated as technology change. The following are the policies and guidelines for
managing organization security issues:
Disaster recovery policies.
Disaster can be fires, natural disasters cyber-attack human errors and
others. Disaster can occur in any organization at any time, therefore there
must be disaster recovery policies which outline what action must be taken
to recover the lost things include data loss. Disaster recovery policies
include hiring of personnel, hiring of equipment, data relocation and
alternative sites. For example, when there is fire outbreak in organization,
some of the employees may got injured or may die, therefore hiring of
personnel can recover the lost of employees and helps organization to
continue to its operation. Also alternative sites can be used to store backup
data that can be used to recover data in case of data loss. Also hiring of
equipment is relevant because can be used to recover the equipment’s
which got damaged during disaster. There are some disaster events that
can occur due to human error that can lead virus attack, so an organization
with disaster recovery policies can be best equipped as they could recover
from disaster events. These policies details setting up alternatives sites for
storing backup data that can be used when current location faced disasters
to recover the lost data. Guidelines for managing security issues could be
taken when disastrous events occurs so that they can keep organization
running after this disasters. Many guidelines can be followed depending on
, the disaster affect the organization. For example in Bank Dhofar, when the
main website got hacked, the alternative website can be used so that an
organization can continue to its operation.
Updating security procedures.
Security procedures must be updated in order to deals with latest threats because
over 2 million threats every month. An organization must review security
procedures and updates routinely. Reviewing organization security can be useful
when security techniques are brought that can be used to compare the security
policies against new threats. In organization, security, needed to be to be
updating regularly but these updates have to be tested before they are used to all
computers in case of any bugs or problems with the software. If they are not
tested, this may lead threat because of the software. For example, some
companies like Banks hire penetration tester to see if they can penetrate in to the
system, if they can then some features needs to be improved.
Surveillance and monitoring policies.
These policies are used to keep track on what employees are doing in
organization area. Organization have surveillance and monitoring policies to keep
track of their assets, for example when equipment is stolen with in organization,
surveillance and monitoring policies can be used to identify quickly and easily who
stole the equipment. Most organization have surveillance and monitoring policies
which includes uses of CCTV to monitor staff members in organization. When
CCTV installs in organization, they must tell employees the reasons of
implementing and how it will be used. This can help to manage security issues by
making sure all information and data stay secure with in organization and can
help to reduce security breaches. Also organizations have to implements policies
on internet use which provides rules and guidelines about appropriate use of
internet. For example in Bank Dhofar, with having internet use policies can help
helps to restrict access to harmful website such phonograph sites which are
malware ridden sites.
Risk management.
, Organization use risk management to prepare for any risk in the future that can
affect organization. In risk management, the organization will look for possible
issues that can affect the organization and make plan for those issues that may
affect organization so that an organization can be able to deals with those issues.
Risk management is very essential when it comes to protect organization systems
and its users. Risk management can be done in many ways, like in Bank Dhofar
this include upgrading the security of the system or look the way to stop the issue
from being a risk to organization.
Budget setting.
This is the limit set by an organization on the budget that they will spend on
system security. In organization, finance manager ensure that security is renewed
with in a budget. Organization must have security budget to control the cost of
software updates, replacement hardware, antimalware and firewall software.
Nowadays organizations like Bank Dhofar invests a lot of money into security
systems because everything uses technology, thus this will need systems to stay
secure. Budget setting will manage security system because it shows how much
spent on it and what should be invested to make it better and more secure.
Scheduling of security audits.
SECURITY ISSUES (P4).
Security policies and guideline is the document which has been written in
organization defining how to protect organization from threats and what should
be done when they occur. Security policy must recognize all organization assets as
well as potential threat to those assets. In organization, security policy should
outline key items such as organization network, organization building and others
which need to be protected. Security policy should be circulated to all employees
in organization Security policies in organization needed to be continuously
updated as technology change. The following are the policies and guidelines for
managing organization security issues:
Disaster recovery policies.
Disaster can be fires, natural disasters cyber-attack human errors and
others. Disaster can occur in any organization at any time, therefore there
must be disaster recovery policies which outline what action must be taken
to recover the lost things include data loss. Disaster recovery policies
include hiring of personnel, hiring of equipment, data relocation and
alternative sites. For example, when there is fire outbreak in organization,
some of the employees may got injured or may die, therefore hiring of
personnel can recover the lost of employees and helps organization to
continue to its operation. Also alternative sites can be used to store backup
data that can be used to recover data in case of data loss. Also hiring of
equipment is relevant because can be used to recover the equipment’s
which got damaged during disaster. There are some disaster events that
can occur due to human error that can lead virus attack, so an organization
with disaster recovery policies can be best equipped as they could recover
from disaster events. These policies details setting up alternatives sites for
storing backup data that can be used when current location faced disasters
to recover the lost data. Guidelines for managing security issues could be
taken when disastrous events occurs so that they can keep organization
running after this disasters. Many guidelines can be followed depending on
, the disaster affect the organization. For example in Bank Dhofar, when the
main website got hacked, the alternative website can be used so that an
organization can continue to its operation.
Updating security procedures.
Security procedures must be updated in order to deals with latest threats because
over 2 million threats every month. An organization must review security
procedures and updates routinely. Reviewing organization security can be useful
when security techniques are brought that can be used to compare the security
policies against new threats. In organization, security, needed to be to be
updating regularly but these updates have to be tested before they are used to all
computers in case of any bugs or problems with the software. If they are not
tested, this may lead threat because of the software. For example, some
companies like Banks hire penetration tester to see if they can penetrate in to the
system, if they can then some features needs to be improved.
Surveillance and monitoring policies.
These policies are used to keep track on what employees are doing in
organization area. Organization have surveillance and monitoring policies to keep
track of their assets, for example when equipment is stolen with in organization,
surveillance and monitoring policies can be used to identify quickly and easily who
stole the equipment. Most organization have surveillance and monitoring policies
which includes uses of CCTV to monitor staff members in organization. When
CCTV installs in organization, they must tell employees the reasons of
implementing and how it will be used. This can help to manage security issues by
making sure all information and data stay secure with in organization and can
help to reduce security breaches. Also organizations have to implements policies
on internet use which provides rules and guidelines about appropriate use of
internet. For example in Bank Dhofar, with having internet use policies can help
helps to restrict access to harmful website such phonograph sites which are
malware ridden sites.
Risk management.
, Organization use risk management to prepare for any risk in the future that can
affect organization. In risk management, the organization will look for possible
issues that can affect the organization and make plan for those issues that may
affect organization so that an organization can be able to deals with those issues.
Risk management is very essential when it comes to protect organization systems
and its users. Risk management can be done in many ways, like in Bank Dhofar
this include upgrading the security of the system or look the way to stop the issue
from being a risk to organization.
Budget setting.
This is the limit set by an organization on the budget that they will spend on
system security. In organization, finance manager ensure that security is renewed
with in a budget. Organization must have security budget to control the cost of
software updates, replacement hardware, antimalware and firewall software.
Nowadays organizations like Bank Dhofar invests a lot of money into security
systems because everything uses technology, thus this will need systems to stay
secure. Budget setting will manage security system because it shows how much
spent on it and what should be invested to make it better and more secure.
Scheduling of security audits.
