Friday, March 28, 2014

Ideal Information Security Policy for SME

Information security shortly (named called as IS) is a critical part of any small scale company and a big enterprise. To preserve private information is a big challenge for any firm. Information security involves very confidential important assets and other business process.It also includes all those private financial documents and also private information of each and every employers within the organization. In some case information may also include client’s important assets. Without having proper security of all these information, it becomes unreliable. Having lack of proper security mechanism sometimes it is also inaccessible when it is really needed. Lack of security can also invite 3rd parties to let them compromise these private assets and information. Information has two types.

1.    Electronic Information
2.    Paper form of information

It is must that any organization must protect this information.
General checklist of IS policy is as below:
ü Information must be accessible by authorized individuals or the group only.
ü In the corporate world, information should be managed and processed securely.
ü Company should demonstrate the best practice in the information security within the company.
ü Company should also try to educate their clients to explain the critical risk of using their software in not a proper form defined by company only.
ü Information delivery should be done in proper and secure way. It should be carried by only trusted environment and medium only.
ü Information’s integrity, confidentiality and avaibility should be maintained properly.
ü Any personal confidential information never should be left insecure.
ü Desktop and other essential hardware should be locked up when they are not in the use.
ü Clarity should be taken by each and every individuals within the organization of responsibility of safe IS practice.

This is the ideal policy which includes the important line written in ISO 27001, the international standard on information security. It says that CIA triangle should be maintained.


No comments: