Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
A company's security policy may include an acceptable use policy, a description of how the company plans to educate its employees about protecting the company's assets, an explanation of how security measurements will be carried out and enforced, and a procedure for evaluating the effectiveness of the security policy to ensure that necessary corrections will be made. | ISSN:2249-5789 Manjunath KV, International Journal of Computer Science & Communication Networks,Vol 5(4),224-227 Information Security Policy Manjunath KV Samvardhana Coaching Centre,Bangalore, India manjunathkvcs@gmail.com Abstract In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets. A security policy is often considered to be a "living document", meaning that the document is never finished, but is continuously updated as technology and employee requirements change. A company's security policy may include an acceptable use policy, a description of how the company plans to educate its employees about protecting the company's assets, an explanation of how security measurements will be carried out and enforced, and a procedure for evaluating the effectiveness of the security policy to ensure that necessary corrections will be made. Information security policy is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability requirement and in many cases also an ethical and legal requirement. Hence a key concern for organizations today is to derive the optimal information security investment. The renowned Gordon-Loeb Model actually provides a powerful mathematical economic approach for addressing this critical concern. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures. 1. Introduction. 1.1. Threats. Computer system threats come in many different forms. Some of the most common threats today are software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion. Governments, military, corporations, financial institutions, hospitals and private businesses amass a great deal of confidential information