Information Security Policy
The main goal of any organizations information security policy is to protect the confidentiality, integrity, and the availability of the information, the information could be stored in printed media, such as forms, reports, microfilms, books, etc, on computers, network, magnetic or optical storage media such as hard drives, diskette, tapes, or CD, office filing cabinets, drawers, chest and even in one’s personal memory.
The information has been entrusted to the organization and it should be kept and protected from unauthorized individuals. It should be consist with the values of the organization or business, with the organization assuming the risk it entails and the cost the organization or business willing to pay for its consistency and convenience.
Organizations’ information security policy is made for all employees to abide by, it is used for the conduction of organizations business, in which all employees are to keep organizations or business information as official communication and any employee who uses, stores, processes, transfers and administer such information will be held responsible and accountable for such information.
Since I work for a correctional facility, the information security policy I will design for my organization will have to ensure that all policy is in line with organizations goals, mission and objectives, focusing on specific components such as network applications, systems and the internet.
The design of the information security policy will be to maintain a current database of information for decision making, research, timely responses to offender needs and effective and timely response to outside inquiries, while maintaining the confidentiality, integrity and availability of such information.
Design of the policy will include areas such as; management controls, physical access, secure connectivity, computer usage, users/special access, computer network,...