The Role of Security Policy

916 Words2 Pages

All companies and organizations have information that must be secured. This information is secured using security policies and standards. These security policies are practiced by the employees and written for the information systems. The employees will use the policies for the system to protect the information. The roles of the employees are also considered for the protection of information. Role-based access control (RBAC) is another way that a company or organization can use for policies and standards.

Security Policy

Companies and organizations use security policies to protect information. A security policy is a document that informs a company how to protect the physical and information technology (Rouse, 2007). The security policy document would be constantly updated with any changes in the company's information. A company with multiple systems that contain different information must have the security policies to protect the information. Security policies can be used within companies and organizations for the different systems. The policies would be used for the systems to write how the systems would work and function. The policies have rules that would tell how the systems would function. Some rules that need to be followed by companies when creating policies include never conflict with law, be able to stand up in court if challenged, and be properly supported and administered (Whitman & Mattford, "Ch 4: Information Security Policy," 2010). The rules and policies would also need to pass any questions that may arise on the policies. The questions would be from management or the law to make sure the policies for the systems are adequate. Any questions that do arise, the company would have to show the policies are protecti...

... middle of paper ...

... the company or organization's information. The security roles of employees within the company and organization are responsible for the important information. Role-back Access Control will allow the company and organization to keep track of the users.

Works Cited

Conklin, W.A., White, G., & Williams, D. (2012). Principles of Computer Security: CompTIA Security+™ and Beyond (Exam SY0-301) (3rd ed.). Retrieved from The University of Phoenix eBook Collection database.

role-based access control (RBAC). (2012). Retrieved from http://searchsecurity.techtarget.com/definition/role-based-access-control-RBAC

Rouse, M. (2007). Security Policy. Retrieved from http://searchsecurity.techtarget.com/definition/security-policy

Whitman, M., & Mattford, H. (2010). Management of Information Security (3rd ed.). Retrieved from The University of Phoenix eBook Collection database.

Open Document