Organizational Security Policies - Essay Example

Security policies refer to the approaches through which an organization safeguard the business information from being accessed by malicious individuals from the internal and external environment of the organization. Information security is a significant problem due to the development and access to technology by many people (Jerman-Blazic, 2008). Further, digitization of an organization processes as well as digital information storage exposes an organization to continuous risk in case the information is damaged or accessed by people with bad intentions. Therefore, security policies should be a priority for every organization which promotes organization competitive advantage. Different business drivers influence an organization information security policies. The business drivers ensure an organization sustainability and success in the market by protecting the organization from different risk scenarios (Dawes, 2010).

Maintaining Compliance

Security policies are aimed at ensuring that organization stakeholders meet the established organization security guidelines by facilitating the implementation of the security procedures that an organization has established. Maintaining compliance motivates organizations to create security policies which ensure unity regarding the execution of an organization security protocol. In the absence of a security policy, the interpretation of the security guidelines and approaches will differ from one employee or department to another which will eventually compromise organization security. Security policies created by an organization ensure compliance of the security measures by all the employees because the policy provides a guideline and standard of all the activities of the employees (Blakley, McDermott & Geer, 2001).

Mitigating Risk Exposure

Organization systems and information expose to espionage, fraud and other types of risk is a major driver for organizations to create a security policy. A security policies defines the role of every individual who is involved in handling an organization information systems as well as the type of information systems that an organization can use to minimize any possible exposure to risk. Further, security policies identify the actions that an organization should take in case the information systems are exposed to any risk to ensure less damage and containment (Jerman-Blazic, 2008).

Minimizing Organization Liability

Organizations interact with stakeholders at different levels most of the stakeholders who pose a liability to an organization include suppliers and the employees. In this case, an organization can be forced to offer compensation for any damage resulting from its information systems. However, security policies limit the exposure of an organization to liabilities by defining the roles and relationship of each stakeholder and reduce the chances of the organization being forced to compensate for any malpractices and misconduct. Further, a security policy can determine the need to insure organization systems to ensure the organization can be compensated in case of negligence or a malfunction of the information system in use (Blakley, McDermott & Geer, 2001).

Implementing Policies to Drive Operational Consistency

Security policies and implementation guidelines are important in ensuring operational consistency in an organization. Security policies normalize and make a routine an organization security processes which reduce possible confusion and promotes the ability to identify the role of individual employees (Dawes, 2010).The implementation of policies to increase operational consistency is the most important security policy development business driver for Wilbur`s Widgets because of lack of consistency from the gap analysis which has identified diverse needs of the organization to specify the role of security policy implementation to improve information security. Wilbur`s Widgets lack proper organization of its security policy as well as education of its employees which can result in inconsistency in the interpretation and implementation of security procedures.

References

Blakley, B., McDermott, E., & Geer, D. (2001, September). Information security is information risk management. In Proceedings of the 2001 workshop on New security paradigms (pp. 97-104). ACM.

Dawes, S. S. (2010). Stewardship and usefulness: Policy principles for information-based transparency. Government Information Quarterly, 27(4), 377-383.

Jerman-Blazic, B. (2008). An economic modelling approach to information security risk management. International Journal of Information Management, 28(5), 413-422.