Research Paper on Information Security Plan

Introduction

Information security plan provides a description of how the security is adopted, defined policies, solutions and controls. The information security plan is established in consideration of all the IT resources depending on pending aspects and general security level. From an operational aspect, an information security plan should put the focus on various actions that are needed in order to achieve a greater level of security. It is significant to define the information security plan scope. As reported by the logical security service company professionals, the scope plays an important role when it comes to defining actions and priorities in relation to the IT resources. According to experts, it is very clear that the first step in offering a strong security around access to corporate information is coming up with a security plan (Nolan & McFarlan, 2005). Even though it sounds very easy enough it needs some effort and time and a greater understanding that the plan needs to be consistently followed and flexible enough.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Regardless of the type and the size of an organization, practically, all the companies have valuable data and digital assets that are not supposed to be breached (Mohanty, Jagadeesh & Srivatsa,2013). This hence makes it the responsibility of every company, specifically those storing and collecting data and customer information to adopt a multipronged approach to protect such information. Developing, adopting and monitoring of a robust IT security plan that addresses everything from theft to threat and even physical access of compromised technology security, it involves outlining and defining acceptable uses of your business and your network resources so as to deter inappropriate use. Some of the key elements include.

Dynamic

According to Christopher Faulkner, the general manager of CI Host, Tec and Dallas, a provider of dedicated hosting, colocation solutions and web hosting, he is very clear that you cannot establish a good security plan in the day and forget about it. In managing the daily operation, security plan is like a daily routine and IT technicians are supposed to ensure that users are adhering to policies and plans that are put in place (Hou,Gao, & Nicholson,2018). In most cases, individuals normally do what you inspect and not what you are expecting hence one should always take into consideration that the greatest security threats are the employees, that 's the individuals inside the organization including remote workers who are making use the use of the system.

Integrity

The integrity of the collected data must be accurate or it will end up to be useless in the long run.it is therefore important for the associate to read the information back to the customer for clarity purpose. For verification purpose, odd entries, for example, the email addresses will be entered twice. Whenever an associate start their conversation with a customer, the information will be verified continuously by asking the customers their phone number, their names and even address. This not only confirms who the customer is prior to discussing account information with them but also ensure that the data provided is correctly indicated in the system.

Confidentiality

Confidentiality is of the utmost significance to an organization and the consumer, therefore, all the personal information, for example, customer address, phone number, email address and name are supposed to be stored on the accounting server, allowing only the authorized individuals to have access to such information (Marlow,Cichielo,Sturniolo,& Benware,2014). Additionally, on the same server, a greater level of security will further protect information such as employee personal information and company's financial records. Only the upper level and an authorized accounting personnel will have an access to the level.

Communication Policy

The use of company internet resources and email must be outlined for IT and legal security reasons. Setting requirements and restricting transfer or sharing of digital files outside or within the network is recommended. On the other hand, some of the guidelines in regards to social media, instant messaging, personal internet use is supposed to be outlined clearly. If any case the organization reserves the right of monitoring all the communication that is stored on company-owned systems or that are being sent through the network, then it is supposed to be stated clearly.

Network Security Policy

It is very important to define limitations when it comes to the acceptable use of the network. Passwords should be strong in nature, never shared and they are supposed to be frequently updated (Cole,2011). On the other hand, policies in regards to the use of external software and installation must be communicated. In case personal devices for example tablets, smartphones and laptops are gaining access to the network, then they are supposed to be configured to do it safely. This can be done easily by the use of a Mobile Device Management solution.

Conclusion

Conclusively, it is very significant to acknowledge the fact that information systems are normally exposed to various security challenges and threats which if not well checked can result in a total halt of services provided. As a result, it is imperative that measures are to be put in place in order to ensure that such threats are minimized, dealt with and even prevented whenever a breach in security takes place. Therefore, it is relatively significant that both reactive and proactive measures are forming part of the security strategy in the general information system management.

Reference

Cole, E. (2011). Network security bible (Vol. 768). John Wiley & Sons.

Hou, Y., Gao, P., & Nicholson, B. (2018). Understanding organisational responses to regulative pressures in information security management: The case of a Chinese hospital. Technological Forecasting and Social Change, 126, 64-75.

Marlow, W. J., Cichielo, R., Sturniolo, E., & Benware, P. (2014). U.S. Patent No. 8,892,139. Washington, DC: U.S. Patent and Trademark Office.

Mohanty, S., Jagadeesh, M., & Srivatsa, H. (2013). Big data imperatives: Enterprise 'Big Data'warehouse,'BI'implementations and analytics. Apress.

Nolan, R., & McFarlan, F. W. (2005). Information technology and the board of directors. Harvard business review, 83(10), 96.