SECURITY POLICIES AND ITS IMPORTANCE TO ORGANIZATIONS.
Dr. Chris Andrew Udo (CPO CCPI OEHSS PFSO)
Country Manager at International Security Association Nigeria - ISA, Switzerland,Head Security Infrastructure ALERZO
Security policies are essentially rulebooks that define how an organization protects its assets, which can be physical things like buildings and equipment, or digital things like data and computer systems. They are written documents that outline procedures and expectations for how users and staff should behave to maintain the security of these assets. HERE ARE SOME OF THE KEY THINGS THAT SECURITY POLICIES TYPICALLY ADDRESS: ·?????Access Control: Who is allowed to access what information and systems? This might involve using passwords, ID cards, or other restrictions. ·?????Acceptable Use: How are devices and IT resources allowed to be used? For example, a policy might restrict downloading personal software or using work on computers for social media. ·?????Data Security: How is sensitive data protected? This could include encryption practices and protocols for handling confidential information. ·?????Incident Response: What should you do if you suspect a security breach or other security incident? ·?????Physical Security: How is physical access to buildings and equipment controlled? This could involve security guards, alarms, and video surveillance. SECURITY POLICIES ARE IMPORTANT BECAUSE THEY HELP TO: ·?????Reduce Security Risks: By outlining clear expectations, policies can help to prevent security breaches and data leaks. ·?????Ensure Compliance: Policies can help organizations comply with relevant laws and regulations regarding data privacy. ·?????Improve Overall Security Posture: A documented and communicated security policy creates a common understanding of security practices within an organization. THE FOLLOWING LISTED ARE ESSENTIAL FOR EFFECTIVE SECURITY POLICIES. LET'S BREAK THEM DOWN FURTHER: ·?????Clear: The policy should be written in plain language that everyone can understand, regardless of technical expertise. ·?????Concise: The policy should be focused and to the point, avoiding unnecessary complexity. ·?????Relevant: The policy should address the specific security risks and needs of the organization. ·?????Up to date: The policy should be reviewed and updated regularly to reflect changes in technology and the threat landscape. ·?????Communicated to all stakeholders: Everyone in the organization, from employees to contractors, should be aware of the security policies and their responsibilities. ·?????Reviewed and updated regularly: The security landscape is constantly evolving, so policies need to be reviewed and updated periodically to stay effective. By following these principles, organizations can create security policies that are both practical and effective in safeguarding their assets.
Country Security Manager, GlaxoSmithkline Consumer Nigeria Plc
5 个月Every security practitioner must understand the importance of this tool called security policy in their quest in protecting assets. We refer to security policy as a soft tool that enable practitioner to achieve security objective. In my experience, I fall back on it and derive my functional authority from it, since I am aware no one is above the company policy, my enforcement of security rules becomes easy without room for subjectivity.