Introduction
In the present day business environment, full of dynamic and distributed markets, services are delivered through information and communication technologies. Gone are the days when security means providing security guards at the entry points to regulate the entry and exit and measures to safeguard against theft. The need of the hour is designing a security policy that takes care of the pitfalls in e-service environments.
Security Policy Framework
For formulating an effective security policy framework the following specifics should be borne in mind.
Ø As many legal and technical considerations are linked to security policy framework, the policy should be finalized in consultation with them.
Ø Suitable and regular trade secret audit arrangements should be provided for enabling to fine tune our protection systems and make them suitable for the dynamic business environment.
Ø It should provide for obtaining non-disclosure, non-compete and confidentiality clauses in employment contract. The framework should also provide for obtaining such agreements from vendors, contractors, temporary staff and consultants.
Ø The policy should provide for legal remedies for any willful attempt to steal or have access to trade secrets or intellectual resources.
Ø
The policy should provide for continuous education to employees regarding protecting confidential information illustrating with specific examples of workplace environment.
Ø The policy should provide for physical access to documents containing important information to key personnel only under strict and consistent rules.
Ø If it is a computerized work environment, the policy should evolve a procedure for making only that information available to an employee as needed by him and nothing more. The policy should provide for all necessary measures against acts of omission and commission on the part of the employees, who have access to important information.
Service Level Agreements
Service level agreements no doubt provide a legal recourse in case of any untoward happening. Actually in many companies these service level agreements are taken as a matter of routine from the employees and others without their knowing the contents therein. Execution of service level agreements along with proper education of employees and continuous monitoring and auditing of their adherence will be more useful.
CSO
CSO is
the chief security officer. He is the company’s top executive who is
responsible for security in the company. He reports to the CEO of the company.
CSO’s Role
The CSO
is responsible for all security functions and related issues in the company. At
the same time, he must be aware of the legislations that have impact on the
security of the company. He is responsible for the physical security protection
and privacy of the company and its employees. The CSO coordinates security
efforts across the enterprise. For this purpose he works closely with the chief
information officer.
Technology bridging gap
The action items will bridge
the gap between business and technology: IDENTIFY,QUANTIFY, COMMUNICATE, MEASURE, STANDARDS, CROSS-TRAIN, INCLUDE, BILINGUAL, ASK, CROSS THE BRIDGE. These guidelines are not
technological changes or business
changes. They are changes in attitude and perception, which are often the
hardest to change. By implementing these guidelines, you can be on the way to
bridge the gap between technology and business. Business managers and IT
both have the same goals in the
business, just different tool sets. It is possible to build something with one
or the other but the best solutions use both tools.
Visit http://assignmentdesign.com/or mail to contact@assignmentdesign.com for help on assignments over a wide range of subjects.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.