Information Security Planning (Research Paper Sample)

CSIS 341: FINAL RESEARCH PAPER
Information Security Planning
Name
Institutional Affiliation
Information Security Planning
Introduction
Information security planning refers to the documentation of organizational systems and plans which are organized in a manner to protect all confidential and personal information that is sensitive to the data of that firm. Information security planning is useful in mitigating threats against an organization while helping the firm to uphold integrity, availability of data as well as its confidentiality. Organizations need information security plans because it’s critically vital for firms to comply with security requirements in today’s changing investor and regulatory environments as well as state law and investor due diligence requests compliance (Koutrakos, 2013). Furthermore, threats to cybersecurity are becoming more sophisticated and more common. In addition to the protection of data integrity, other mandatory legal requirements are such that all firms registered under the SEC must have security plans in place.
Development of an Organizational information systems security policy
An information security policy explains the designed procedures put in place to protect organizational sensitive data, info-tech resources, and assets. The policy gives workers a clear set of instructions regarding the permissible use of organizational confidential information as well as how the company protects its data resources and what is expected of the human workforce with such information. A good policy is always flexible to allow for amendments when need be. In developing this information security policy, a risk assessment precedes everything else in order to identify the vulnerabilities as well as areas of interest (Compliance and Security Management Program, 2008). This assessment gives important information to proceed on with the definition of purpose, scope, methods of compliance, etc.
Overview
The connectivity of the internet gives a platform for every organization to address threats to safeguard sensitive information that is vital for the company. Several risks such as unauthorized access to the internet by individuals who may misuse organizational resources may lead to a company obtaining a bad image and additional face of legal action whenever those individuals spent time on the internet in an irresponsible manner. Internet information is always accounted for prone to misuse and can pose threats until it is confirmed and authenticated through a reliable source. The internet offers no quality control on its information rendering much of its information as inaccurate or outdated (Kalu, 2018). This information Security policy applies to all university affiliates and its employees.
Purpose
The main purpose of the information security policy is to mitigate or minimize the impact or possible likelihood of breaches regarding information security. In addition, the policy will enhance the protection accorded to the university assets.
Scope
The policy on internet usage will apply to every web user including individuals who work for the university such as members of the public, agents, suppliers, etc. All personnel involved in the use of the internet will be held responsible for upholding the security policy at all times without breaches. Every internet user must be familiar with the policy as well as applying commonsense and good judgment when using internet services. The information security breaches that could impact the university operations are inclusive of:
* Informational access by any unauthorized people
* Leakage or Intentional disclosure of information
* Tempering or vandalism of data
* Interference with computing systems which may lead to system failures or outages
All internet users are supposed to comply with the standard internet services which are available for the users such as; E-mail, navigation through www or http, file transfer protocols, and telnet for termination emulation. Any other service is obsolete and considered unauthorized access. In this regard, users are also expected to comply with approval procedures for internet access by signing IT access request form failure to which privileges can be withdrawn. All user IDs must remain valid for a period not exceeding those days after which users are required to renew through the IT department.
Policy
* Resource usage- The access to the internet is subject to approval only if reasonable needs are identified depending on the personal responsibilities of the individual in the university.
* Permissible Usage- The use of the internet is permissible only for the clear purposes of advancing the academic affairs of the institution, leaning, and activities that permeate the job functions of the university.
The acceptable use of the internet may include communication among employees only for business reasons, IT tech support downloading software packaging to upgrade systems, review of possible vendor sites to access product info and research (Gough & Hamrell, 2009).
* Personal Usage- All users are required to:
* Be familiar with the information security policy
* Comply with the applicable university, legislation, vendor contracts, non-disclosure agreements, patents, and copyrights
* Protect the information assets against any unauthorized modification, disclosure, accidental modification or destruction while in your possession.
Users must avoid:
* The sharing of user IDs, passwords and access codes
* Subversion, corruption of security measures such as firewalls on university computers
* Dissemination, acquisition or storage of illegal info such as pornographic content
* Access of information not within the scope of institutional work
* Intentional linking of university web sites to unknown sites
* Software permission- Any access to software licensing must be in strict adherence to vendor license agreements.
* Information Review- All public directories must be reviewed and cleared on a daily basis in order to avoid exchange of dangerous information which may pose threats to progress.
* Privacy expectation for users- Every user should be aware that their progress on internet activities are closely monitored and thus should limit themselves to the confines of leg