When information is not well protected, the Company can be harmed financially and face the consequence of a resultant damaged reputation. All employees need to understand their obligation to protect these assets.
The Security Coordinator needs to develop adequate IT security policies and put procedures in place for their individual working environment.
A good IT Security Policy should:
Keep it simple and uncomplicated.
There is no point in adopting a prewritten policy designed for another company
One hundred percent security is zero percent productivity. There is little value if the policy was so restrictive that the efficient running of the day to day operation of the organization is placed at risk.
Do not write a self-defeating policy such as "Using company facilities for private emails is not permitted. For most organisations, this may be the policy, but almost all employees with personal access to a computer are guilty of this temptation. What might make a better policy is one that says that "To minimize virus (malware) infection, staff are required to keep all personal Emails to an absolute minimum and at no stage, on forward any non personal attachments " This provides some latitude and still meets the business needs.
Allow staff to digest the policy and comment on its workability and consequences prior to its inception.
State what must be done and why it is necessary. Encouraging staff participation is more effective than blunt pronouncements.
A statement “Persons not complying with these necessary procedures will be deemed not having the best interests of the company at heart and their value to the company will be reassessed” is more appropriate than absolutes such as “will be dismissed”.
Controls and policies that hamper the outcome aims of the business will fail.
 |
|
|
|
|
|
 |
 |
 |
 |
 |
|