All companies and organizations have information that must be secured. This information is secured using security policies and standards. These security policies are practiced by the employees and written for the information systems. The employees will use the policies for the system to protect the information. The roles of the employees are also considered for the protection of information. Role-based access control (RBAC) is another way that a company or organization can use for policies and standards.
Companies and organizations use security policies to protect information. A security policy is a document that informs a company how to protect the physical and information technology (Rouse, 2007). The security policy document would be constantly updated with any changes in the company's information. A company with multiple systems that contain different information must have the security policies to protect the information. Security policies can be used within companies and organizations for the different systems. The policies would be used for the systems to write how the systems would work and function. The policies have rules that would tell how the systems would function. Some rules that need to be followed by companies when creating policies include never conflict with law, be able to stand up in court if challenged, and be properly supported and administered (Whitman & Mattford, "Ch 4: Information Security Policy," 2010). The rules and policies would also need to pass any questions that may arise on the policies. The questions would be from management or the law to make sure the policies for the systems are adequate. Any questions that do arise, the company would have to show the policies are protecting the company's information. The security policies would state how the information must be protected. As the information in the systems change, the policies for the systems would also need to be updated to the information.
Role of Employees
Employees have a great role when it comes to working at companies and organizations to help protect information. The companies and organizations have employees in different sections completing different tasks. One section could work on the systems that contain the information. These employees would work on how the information would be kept and secure. A second section could work on the policies the that for the system. The policies are written for the system's protection of information. These policies would be written while the system is written, but the policies would have to be updated as the system makes changes. This would ensure the policies and the system are up to date and match. A third section could check to make sure the security policies will match up with the system. These employees would check the security policies and see if the policies will be suffice for the system. If any of the policies are not suffice, the employees would send the policy back to the writers to...