 |
| Information Security Policy Solutions |
|
An Information security policy is a document that outlines rules for computer data and network
access. It determines how policies are enforced and lays out some of the basic architecture of
the company security environment. An Information security policy goes far beyond the network
perimeter defences of firewalling. It governs data access, web surfing, the use of passwords
and encryption, email attachments, open ports and more. It specifies these rules for individuals
or groups of individuals throughout the company.
An Information security policy should keep the malicious users out and also exert control over
potential risky users within your organization. The first step in creating a policy is to
understand what information and services are available (and to which users), what the potential
is for damage and whether any protection is already in place to prevent misuse.
In addition, the security policy should dictate a hierarchy of access permissions; that is, grant
users access only to what is necessary for the completion of their work.
Always remember that even the most careful perimeter security cannot stop 'invited' harm from ill
educated users. Having users sign a Internet Access document enables them to take responsibility
for the links they click and the sites they visit as well as viral emails they send to friends.
Another fringe benefit of implementing an Information security policy is that bandwidth becomes
freed up as users focus on their jobs and waste less time on personal Internet tasks.
For further information call VPNet: 0800 505 3428
|
|
|
