Security Policy Creation

Information Security has come to play an extremely vital role in today’s fast moving but invariably technically fragile business environment. Consequently, secured communications and business are needed in order for both Cooney Hardware Ltd. and our customers to benefit from the advancements the internet has given us. The importance of this fact needs to be clearly highlighted, not only to enhance the company’s daily business procedures and transactions, but also to ensure that the much needed security measures are implemented with an acceptable level of security. What Is A Security Policy? A Security Policy is a plan outlining what the critical assets are and how they must (and can be) protected. Its main purpose is to provide staff with a brief overview of the acceptable use of any of the information assets as well as explaining about conduct and what is deemed as allowable and what is not.

This document is a ‘must read’ source of information for everyone using in any way systems and resources defined as potential targets. The start procedure for a security policy requires a complete exploration of our network, as well as every other critical asset, so that the appropriate measures can be effectively implemented. Everything starts with identifying our critical information resources Why do we need a Security Policy? This is without a doubt the first measure that must be taken to reduce the risk of the unacceptable use of any of our information resources. A security policy is the first step towards enhancing our security. We need security so that we can inform staff on the various aspects of their responsibilities, inform staff on the general use of company resources, explain to staff how sensitive information and large quantities of money should be handled, and inform staff of the meaning of acceptable use. The development of the security policy is highly beneficial to us as it will turn all staff members into participants in the company’s efforts to secure its communication.

Having a security policy will also define the company’s critical assets and how they must be protected, as well as serving as a centralized document as far as protecting information security assets is concerned. Here is a list outlining various potential threats to the organization’s Internet security. It is important that all staff are aware of these things while using the organization’s IT systems. The following are threats to the company’s internet security: E- Mail Use: E- Mail use should be strictly limited for management and the IT department. Personal e-mail addresses are not allowed to be used in working hours, only working e-mail address. No private information about the company is to be given out by e-mail unless authorized to do so by management. Web Browsing: All of our computers have been updated with security restrictions to sites of a malicious or bad nature that may bring shame on a staff member and the company. All internet usage is strictly monitored to protect our company’s internal systems.

Instant Messaging: Although IM is a very effective way of communication it poses a big threat to internet security as potentially very disastrous viruses may be spread through a conversation that could potentially destroy our companies system. Instant Messaging is a strictly forbidden way of communication for any members of staff to use. Passwords: All members of staff have their own passwords to log on to the system. These passwords must be ten characters in length consisting of four numerical digits, capital and lowercase letters and at least one special character. We hope that this Security Policy will be of great help to everyone within the organization. All staff should understand every aspect of the Policy and try to implement it wherever is possible, just as management in the organization will be striving to do. This Policy will be updated every 6 years for the benefit of the organization. Copies if this Policy are available from the Security Officer or from any members of management so just ask if need a copy to read.