Policies and Standards for Maintaining Information Systems (Essay Sample)

Importance of Policies and Standards for Maintaining Information Systems Security
Name:
Institution:
Date:
Introduction
Information system security is the process of protecting information from illegal access, disclosure, use, interruption, perusal, modification, assessment, recording or destruction (Rocha, 2013). It is a universal term that can be applied despite the form the information may take, either electronic, physical, or any other form. Information systems security plays a key role in supporting the everyday activities of any organisation (Norman, 2007). The availability, privacy and the data reliability of the organisation’s information systems security are important to the accomplishment of its daily activities. Efficient security is realized by working with an appropriate discipline, in relation to legislation and organisation policies and by devotion to accepted organisational codes of practice (Tiller, 2006). These information system security policies and allied codes of practice institute the responsibilities for making sure that the security of information systems in the organisation and the processes to be followed to protect the resources provided and the integrity and confidentiality of the information retained thereon (Kim & Solomon, 2012).
The challenges for an organisation in offering information security are terrible (Quigley, 2008). Even for comparatively small organizations, the assets of information system are extensive, including files and databases associated to personnel, financial matters, company operation, and so on. Generally, the information system atmosphere is complex, including a diversity of storage systems, workstations, servers, Internet and local networks and other remote connections (Rocha, 2013). Organisation management face a series of threats always increasing in scope and sophistication. And the series of effects for security breakdown, both to the individual managers and company, is extensive, including civil liability, financial loss, and even criminal liability (Norman, 2007). Standards in offering information system security are important in such situation. Standards can outline the scope of security features and functions necessary, policies to be used in managing information and human resources, principles for evaluating the efficiency of security techniques, measures for ongoing evaluation of security and for the ongoing examination of security violations, and processes for dealing with security breakdowns.
Figure 1: The Policy Chat


Source: (Rocha, 2013)
Importance of Policies and Standards for Maintaining Information Systems Security
In order for nay organisation to realize all set goals, it must have an efficient and effective information system security. This will help the organisation undertake all its operation effectively. In maintaining information security there it is important for the organisation to institute certain policies and standards (Quigley, 2008). The following are significance of policies and standards for preserving information systems security.
Protect the Company and Its Assets
Company assets are important to the organisation. All assets in the company add value to the business and help the company in acquiring financial assistance from financial institutions, like banks and other lending institutions. Thus, it is important to protect all assets that the company has. Creating policies and standards for preserving information systems security is helpful in minimizing risk in the company. This in turn helps in protecting all assets held by the company. Protecting tangible assets, for example machinery and equipments, can help to shield the business from safety risks, incompetence and lost working time (Rocha, 2013). Additionally, protecting intangible assets, for example trade secrets and brand, can help in protecting business against risks such as rival businesses using company ideas (Vacca, 2009). Thus, policies and standards for preserving information systems security are important in protecting company assets.
Control Activities
It is important to control all activities in an organisation in order to ensure that everything run smoothly. Employing policies and standards for preserving information systems security controlling various undertakings in the company, by facilitating control activities. Control activities are the procedures and policies that help in making sure that management directives are executed (Vacca, 2009). They help in ensuring that essential actions are taken in order to deal with risks and help in the attainment of the entity's objectives (Norman, 2007). Control activities take place throughout the company, in all functions and at all levels. They include a variety of activities including approvals, verifications, authorizations, reconciliations, reviews of operating performance, security of assets, and segregation of duties. Therefore, policies and standards in maintaining information systems security are significant in promoting control activities in any organisation.
Information and Communication
Information and communication play important roles in the development of the organisation (Quigley, 2008). Policies and standards information systems security are important in upgrading information system in a company. Information systems play an important role in internal control systems (Kim & Solomon, 2012). They generate reports, including financial, operational and compliance-allied information, that helps in running and control the business in the company. By having information systems security standards and policies in place, the company can have an effective communication that ensures that information flows across, down, and up the organization (Fugini & Bellettini, 2004). Effective communication is important to the external parties, for example suppliers, customers, regulators and shareholders. Thus, information systems security standards and policies helps in promoting effective communication and in ensuring free flow of information to all stakeholders in an organisation.
Monitoring System Performance
Internal control systems require to be checked. This process involves assessing the quality of the information system's performance after a while (Vacca, 2009). This is achieved through separate evaluations or continuous monitoring activities. This is made possible by having information systems security standards and policies. Through the use of these standards and policies, internal control deficiencies identified are reported upstream and counteractive actions is taken in order to ensure continuous upgrading of the system.
Roles Played By Employees and other Working in an Organisation
Nowadays, insiders represent the main security threat to information system security (Quigley, 2008). This is because; most organisations have not fully addressed this problem. Information Technology (IT) creates information security systems that are designed to prevent infringement from the outside (Rocha, 2013). Thus, in order to deal with the problem protecting confidential data in the organization employees and other people working in the organisation should avoid sending confidential data outside the organisation (Mouratidis & Giorgini, 2007). This will help the company to solely concentrating on preventing the outsiders from accessing confidential information in the company.
Level of Security
There are various levels of security in an organisation. These levels include the following: Non-bypassable, evaluatable, tamperproof, and always-invoked. Non-bypassable is a component that...