Twitter Delicious Facebook Digg Stumbleupon Favorites More

Is your company keeping information secure?

 Are you taking steps to protect personal information? Safeguarding sensitive data in your files and on your computers is just plain good business. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft. A sound data security plan is built on five

  Key principles:

  1. Take stock. Know what personal information you have in your files and on your computers.
  2. Scale down. Keep only what you need for your business.
  3. Lock it. Protect the information in your care.
  4. Pitch it. Properly dispose of what you no longer need.
  5. Plan ahead. Create a plan to respond to security incidents.

 

A security policy is a formal statement of the rules that people who are given access to an organization’s technology and information assets must abide. The policy communicates the security goals to all of the users, the administrators, and the managers. The goals will be largely determined by the following key tradeoffs: services offered versus security provided, ease of use versus security, and cost of security versus risk of loss.

The main purpose of a security policy is to inform the users, the administrators and the managers of their obligatory requirements for protecting technology and information assets. The policy should specify the mechanisms through which these requirements can be met. Another purpose is to provide a baseline from which to acquire, configure and audit computer systems and networks for compliance with the policy. In order for a security policy to be appropriate and effective, it needs to have the acceptance and support of all levels of employees within the organization.

A good security policy must:

  1. Be able to be implemented through system administration procedures, publishing of acceptable use guidelines, or other appropriate methods
  2. Be able to be enforced with security tools, where appropriate, and with sanctions, where actual prevention is not technically feasible
  3. Clearly define the areas of responsibility for the users, the administrators, and the managers
  4. Be communicated to all once it is established
  5. Be flexible to the changing environment of a computer network since it is a living document

Read more from the NSA guide to Network Security

Copyright DCS Neenah © 2012 . All Rights Reserved.