Design a security policy
You have been asked to design a security policy for a database that contains very sensitive information. Discuss five important issues that should be addressed.
Design a security policy
Discuss five important issues that should be addressed.
The design and development of a security policy need to be developed in consideration of vital aspects related to the environment and system in the interest of organizations or system security. The security policy operates to prevent external threats and maintain the integrity of the network. The desining of security policies need to be developed in consideration of the existing security environment to ensure that they are customized to meed the location, field and operational needs.The security policy’s content needs to ensure that the external and internal threats are prevented and effectively addressed.
The security policy needs to identify and address the system or organization (Johnston et al., 2016). Identifying risks ensures that stakeholders to the system or organization have clarity of the risks and their operations. The development of security design needs to be done in consideration of the risk available in the environment to ensure that the security policy is relevant.
The design security policies need to address the relation of the policies and the legal requirements. The operation and presence of security policies need to conform to the legal requirement to prevent conflicts (Johnston et al., 2016). The security policy design in line with regulations or laws ensures that the authorities back up the policies. It5 is important to note that security policies that are not aligned to the laws or regulations of the country are rendered unlawful, thus not operational.
The security policy needs to address the security level arising from the policies in relation to the existing risks. The security levels should not exceed or be limited, as they would no sufficiently serve organizations and systems (Alotaibi, Furnell, and Clarke, 2016). The security level and levels of risk need to be uniform or aligned in security policy efficiency. Therefore, the security policy needs to ensure an existing balance between security and level of risk.
The policy design needs to address the employee or stakeholder training to effectively observe their operations’ policies. The stakeholder’s training is part of the policy implementation and ensures that the relevant parties have sufficient knowledge of the policy’s operational aspects. Therefore, the security policies must be developed while bearing in mind that stakeholders will be trained for their effective operation.
Additionally, the designing of policies needs to address the policies’ enforcement to ensure that stakeholders or employees abide by them (Alotaibi, Furnell, and Clarke, 2016). The adherence to the policy ensures that they are able to meet the security and safety needs goals and objectives. The security policies can be enforced through penalties, procedures, and compliance standards.
The security policy designing needs to incorporate the critical aspects to ensure that they are operational in meeting the desired security and safety goals and objectives. In this regard, the security policies need to address risks and threats, conformity with the law, security level versus the level of risk, training of employees, and the enforcement of the policies. A comprehensive security policy should be able to address all factor that will determine or affect its operations. The combined security policie issues to be addressed needs to be balanced to ensure that they can work together without conflicts.
Alotaibi, M., Furnell, S., & Clarke, N. (2016, December). Information security policies: a review of challenges and influencing factors. In 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST) (pp. 352-358). IEEE.
Johnston, A. C., Warkentin, M., McBride, M., & Carter, L. (2016). Dispositional and situational factors: influences on information security policy violations. European Journal of Information Systems, 25(3), 231-251.