- Posted by fedco
- On January 8, 2015
- it security policy
The process and activities that the employees doing within the company should adhere to the deployed standard and regulation.
The company will always want to ensure that every business activities that performed related to the company is following its standard and regulation, including for the Information Technology security segment.
The Information Technology security assurance is required the framework to govern the implementation. We can say that the top tier framework in the company is called the standard, while as the representation in more detail format of this standard it is called the policy.
The IT security policy will cover some activities related to the daily activities of the business operations, such as the removable media policy, internet usage policy, personal safety and security policy, critical data access and usage policy, etc.
All of those policies are developed by refer to the existing IT security standard in order to get more easier for the organization to socialise and implement the essence of the standard content by using more familiar encapsulation of format. It is important to ensure that all resources that interface within the company on day-today basis are aware against the policy that have been deployed, aware the risk and consequence, able to obey the guidance, and the most important is the willingness to practice it with or without supervision – self awareness action.
The key in the IT security policy implementation is the self awareness, and this awareness will not be achieved without having some kind of personal development – one of the approach is through a periodic IT security awareness training that will introduce the employees with the essence of IT security for business and personal life.