Securty Policies Assignment help

Every organisation needs security policies which are responsible to secure the organisation from every aspect such as external and internal risks. The policies of security are the first line of defence for the organization. The report below consists of the security policies which are necessary for the organisation in order to keep the environment, data, confidential information, and other matters to be safe. Along with the policies the advantages and also the drawbacks of these policies are also described.

Security policy

The framework of security policy provides the standards and the best practices guidelines along with the organisational approaches which are required for protecting the assets of the organisation along with the assets of the government also. The security policies are considered as the living documents which are updated as the technologies are updated and the requirements of the employees are changed. The security policy of an organisation must include the description of how the company is planning to educate the employees and the explanation of how the measurements of security will be enforced within the organisation and carried out.  In the security policy documents the processes of evaluation of the effectiveness of these policies. (Sans Institute InfoSec Reading Room, 2007)

Strategies:

There are certain strategies for the implementation of the security policy which are considered. These are:

• The security policies should be framed to support the business objectives of the organisation.
• Risk management is the essential part in the security. The assessment of the risk must be conducted to identify the threats which are associated with the harm to organisational approaches. The policies must cover areas regarding the potential threats, vulnerabilities and proper controls over the approaches to reduce the threats n account of relevant protection.
• The behaviours of the organisation must be related or towards the good security. In this measure right security in the culture and structure of organisation and effective training are necessary.
• Policies must be there for reporting the processes, managing as well as resolving the incidents related to the security. On occurrence of any improper behaviour of individuals which are effective on the system security appropriate actions should be taken.

 Different security policies and their affected areas within the organisation:

Culture:  having a string security culture can be implemented through the clear personal accountability, responsibility towards the management of security measures or maintaining the norms of the policies, maturity of understanding of managing the risk factors. By withholding these aspects of secure measurements the business can be operate without threats.

Structure: throughout the organisation the philosophy of the security must be linked to all the organisational functions. The security policies of the structure of organisation should developed on the basis of the structural levels.

Risk management: every organisation faces risks in their business operations. Risks and potential threats are needed to be assessed by the following the appropriate policies. The policies are mandatory on this account.

Information or data: information security is the most important for every organisation. The confidentiality, integrity and availability of the information of the organisational approaches and information of the customers are needed to be maintained by the security policies

Physical security: safe and secure working environment provides the security of the organisation. Protection measurements of the staffs are needed against a wide range of threats such as the terrorism, theft.

Personal security: the most important asset of an organisation is their people. Assurance of personal is important to the good security. Regarding this the government of UK provides a range of policies such as policies on the recruitment and selection of personnel, on-going management of security for the personnel, the approaches for mitigating the risks for well-being of the staffs etc.

Technology: in recent years every organisation is associated with the technologies on account of effective delivery services, appropriate strategies, expansion of the functional areas etc. but with the new technologies the threats are also increased such as the cyber threats which impose threats to the internal information of the organisation. On this account the law of Government of UK provides the data protection law. For ensuring the security of the system these policies are followed carefully by the organisations.

Security incidents: policies must be well tested and appropriately planed   to reduce the threats and the vulnerabilities to the organisation such as fire, cyber attacks, terrorism etc. (Cabinet Office, 2014)

organisational approaches for maintaining the security policies:

For maintain the policy Starbucks, the leading coffee company of UK is using certain measures as security of the organisational approaches are related to the reputation of the company. They use effective leadership for the governance of the policies associated with the security. The auditing process and over-sighted by board level. To maintain the security within the organisation structure and culture they provide training to the staffs of the outlets which encourages their responsibility and secure behaviours as lack of awareness can be effective. For the security of online transaction Starbucks uses SSL or Secure Socket Layer 128 bit encryption technology. (Sturbucks Store, 2015)

(Whitman & Mattord, 2013)

Strategy for security:

The effective strategy of an organisation is helpful for ensuring good quality of management within the organisation. For following the security policies the strategies should be conducted over the security and the maintenance of it. By four phases the strategy can be analysed:

Phase 1: strategic analysis->

• Assessment of threats,
• Assessment of the vulnerability
• Analysis of the strategy to be implemented

Phase 2: strategic design->

• Defining the objectives
• Establishing the requirements of the performance
• Outlining the strategy for the security
• Viewing the legal references

Phase 3: implementation->

• Planning the communicational strategy
• Planning for the implementation of strategy
• Deployment of policy

Phase 4: strategic overview->

• Reviewing the effectiveness of the strategy
• Monitoring the regular performance and matching with the requirements

(University of Portsmouth, 2015)

Starbucks uses risk management, PESTLE analysis and SWOT analysis for ensuring the risks and conducting the strategy as per needed

Advantages and Drawbacks of security policies:

Security policies have many beneficial measures such as:

• Minimize risks for data loss or leak,
• Provide protection to organisation over malicious people
• Set the guidelines
• Ensure best practices and proper compliance
• On arising legal issues promotes proactive stances for organisation

The drawbacks of security policies arise on the development phase. The information gathering and developing the policies sometimes face uncertainties. Lack of reviewing feedback also brings drawbacks to the policies. Unclear and new policies are not also welcomed by the people.

Conclusion:

The touchstone of information and starting point of organisation is the policy of security. Security policies help the employees to maintain the level of security. The policy should be accurate, useable and comprehensive to be effective. In this report the security policies and the strategies of Starbucks are also discussed.