Print
Does Your Organization Need Information Security Policies?
October 12, 2005 – 12:38 pm by Lance MichalsonA “Yes” answer to any one of the following questions indicates that your company is vulnerable to potential security incidents and needs security policies in place BEFORE they occur.
1. Do your employees handle information that is confidential, proprietary, or private?
Policies are needed to inform these employees of their obligation to protect such information and to tell them what they can and cannot do with respect to this information.
2. Do your employees access the Internet?
Policies are needed to define how they are permitted to represent the company, what they may disclose publicly, and how they may use company computer resources for personal purposes.
3. Does your company organization have trade secrets?
Policies are needed to clearly define protective measures for these special information assets. The existence of a policy may be a decisive factor in a court of law, showing that the company took steps to protect its intellectual property.
4. Does your company have any disciplinary problems with respect to the usage of computers or networks?
Policies are needed to define both acceptable and unacceptable behavior. For example, spending a lot of time surfing the web and downloading pornography from the Internet are both generally unacceptable. Policies are needed to establish the basis for disciplinary action, up to and including termination.
Similar:
- Computer Usage Policy
- Internet Usage Policy
- Different Species of Company Policies
- Types of Policies on Offer
- Information Security Policies support Compliance
Tags: Information Security
You must be logged in to post a comment.