Organizations Rely Heavily On The Use Of Information Technol

Organizations Rely Heavily On The Use Of Information Technology It P

Organizations rely heavily on the use of information technology (IT) products and services to run their day-to-day activities. Ensuring the security of these products and services is of the utmost importance for the success of the organization. Having a security policy that addresses acceptable use of these resources is an essential aspect of IT governance and management. Follow guidelines in the (NIST.SP.800-12r1) document to develop a mock Computer/Internet Security Policy. Your policy document must be a 3-page stand-alone document that can be reviewed, maintained, and distributed to employees, staff, or other stakeholders when necessary.

Your policy document must contain at least the following sections:

1. A "Preamble" - it describes

- the scope and applicability of the policy (who is affected by the policy, when and under what conditions),

- a definition of technology covered,

- a confidentiality of data statement,

- incident response handling procedures,

- responsibilities (monitoring, reporting violations, penalties for violations, etc.),

- a policy review schedule.

2. Physical security, acceptable use, un-acceptable use, backup and storage strategies,

3. Access security, including device passwords, web access, network access, remote access, mobile wireless, and email security,

4. Virus protection.

----

Paper For Above instruction

Introduction

In today's digital-driven organizational landscape, the reliance on information technology (IT) systems is profound and pervasive. Organizations depend on a secure and efficient IT infrastructure to facilitate operational processes, ensure data integrity, and maintain competitive advantage. Developing a comprehensive Computer/Internet Security Policy aligned with the guidelines provided by NIST.SP.800-12r1 is paramount. This policy serves as a foundational document that delineates acceptable and unacceptable use of IT resources, establishes security protocols, and assigns responsibilities to ensure organizational resilience against cyber threats.

Preamble

The scope of this security policy applies to all employees, contractors, consultants, and authorized third parties who access organizational IT resources. It covers all technology assets including hardware devices, software applications, network infrastructure, wireless systems, and data repositories. The policy emphasizes the confidentiality, integrity, and availability of organizational data, mandating strict compliance with data confidentiality principles to protect sensitive information from unauthorized disclosures.

Incident response handling procedures are clearly defined to ensure prompt identification, containment, eradication, and recovery from security incidents. Responsibilities are assigned to designated personnel to monitor system activity, report violations, and enforce penalties for non-compliance. The policy stipulates a review cycle of annually or after significant security incidents to ensure ongoing relevance and effectiveness.

Physical Security

Physical security measures include controlled access to server rooms and data centers through biometric authentication or key-card systems. Environmental controls such as temperature regulation, fire suppression, and CCTV surveillance further safeguard critical hardware components. Secure storage of backup media and off-site data storage locations prevent unauthorized access or loss in case of physical damages or theft.

Acceptable and Unacceptable Use

Acceptable use encompasses activities related to organizational tasks such as email, internet browsing for research, and use of authorized applications for operational purposes. Unacceptable use includes activities such as unauthorized software installation, accessing illegal content, sharing login credentials, or using organizational resources for personal gain. Clear policies prohibit the use of organizational IT for illegal or unethical activities.

Back-up and Storage Strategies

Regular data backups are mandatory to ensure business continuity. Backups are stored securely in encrypted formats at off-site locations. Cloud storage solutions are utilized with strict access controls, and backup procedures are documented and tested quarterly for efficacy and restoration capabilities.

Access Security

Device passwords are mandated to be complex, unique, and changed periodically. Web access and network connections employ secure protocols such as HTTPS, VPNs, and WPA3 encryption for wireless networks. Remote access is governed by multi-factor authentication (MFA). Mobile device security involves remote wipe capabilities and encryption, while email security utilizes anti-phishing tools, spam filtering, and encryption for sensitive communications.

Virus Protection

All organizational devices must have updated antivirus and anti-malware solutions installed. Regular scans, threat updates, and user training on recognizing malicious activities are conducted to mitigate virus risks.

Conclusion

A robust Computer/Internet Security Policy tailored to organizational needs enhances cybersecurity defenses, fosters responsible use, and ensures regulatory compliance. Periodic reviews and employee training are essential in adapting to evolving threats and maintaining a secure technological environment.

References

• National Institute of Standards and Technology (NIST). (2011). NIST_SP.800-12r1: An Introduction to Computer Security: The NIST Handbook. U.S. Department of Commerce.
• ISO/IEC 27001:2013. Information Security Management Systems (ISMS). International Organization for Standardization.
• Schneier, B. (2015). Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W.W. Norton & Company.
• Anderson, R. J. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley.
• Mitnick, K. D., & Simon, W. L. (2011). The Art of Deception: Controlling the Human Element of Security. Wiley.
• Ponemon Institute. (2020). Cost of Data Breach Study. IBM Security.
• Fenz, S., et al. (2014). Information Security and Privacy: A comprehensive overview. ACM Computing Surveys, 46(3), 50.
• Liu, A., et al. (2019). Enhancing Network Security with AI-based Intrusion Detection Systems. IEEE Transactions on Cybernetics.
• Cybersecurity and Infrastructure Security Agency (CISA). (2022). Best Practices for Cybersecurity. CISA.gov.
• Shackleford, D. (2018). Practical Information Security: Protecting Data and Systems. Wiley.