Information Assurance Policy- MAC Technologies
| Subject: | 💻 Technology |
| Type: | Informative Essay |
| Pages: | 3 |
| Word count: | 864 |
| Topics: | Artificial Intelligence, Cyber Security, Innovation |
essay ASAP?
Table of Contents
Information Assurance Policy
-
Overview
The nature of business of MAC technologies makes information an important asset to the organization. The collection and processing of information, including handling of third party data within our system, place significant responsibility on the organization. Essentially, MAC technologies depend on the integrity and availability of necessary customer information to offer its services. The case implies that ensuring effective control of data within our custody and its security is fundamental to our business. Also, as part of the development process, which has been observed to take a multifaceted approach and to require the use of data, it is necessary to ensure accessibility and security of data (Lakshmi & Mallika, 2017, p. 2133). There is an overwhelming consensus that places emphasis on not only having an information assurance policy, but ensuring that the policy is easily achievable (Ezingeard, McFadzean, & Birchall, 2005).
While MAC Technologies will strive to ensure its system design provides a secure information environment, there has been much concern on the human aspects. For instance, Safa, VonSolms, and Furnell (2016) indicate that technology alone cannot guarantee a secure environment (p.71). It is with such design and operation limitations that this policy is conceived. As such, this policy aims to approach information assurance from a collective perspective as MAC Technologies. The policy recognizes the need for a team effort that places responsibility on all employees.
-
Purpose
This policy establishes generally acceptable terms of use of MAC technologies information assets. The goal of the policy is to ensure information assurance. While the definition of information assurance may vary as observed by experts (e.g., Ezingeard, McFadzean, & Birchall, 2005). This document defines it as ensuring that MAC Technologies information is reliable, secure, and always private unless authorized otherwise. The Definition in this policy further emphasizes on the accuracy of information and protection, including risk management to protect the continuity of business. However, the policy is specifically viewed as a proactive measure to information security. Some researchers have described it as attempting to avoid, rather than fix security problems (McFadzean & Birchall, 2011).
-
Scope
The formulation if this policy understands that, while the IA policy is critical to the organization, it may result in bottlenecks, or hindrance to smooth flow of information across the organization. Primarily, this policy applies to any persons directly or indirectly in contact with company information. Based on the nature of the company which requires it to work with third parties closely, and customers, the following groups are expressly mentioned; Company employees, third parties, and company service providers.
-
Policy
The following policies will apply to persons either directly or indirectly using MAC technologies organizational information assets and will be based on existing information protection standards. The standards will be updated on a continuous basis to consider new developments in the industry. Some of the standards are provided in the Related standard section of this policy.
- All employees of MAC technologies with access to MAC Technologies information assets must ensure that such data is protected through through legal and data protection standards.
- Any user dully authorized to use or access information has the responsibility to report, upon noticing promptly, or any misuse, loss or unauthorized use of protected company information as defined in this policy. This policy extends data protection responsibility to any individual in MAC Technologies to actively participate in protecting the firm from events that may lead to information security breach.
- Employees are permitted to collect, use or share company information as long as it is duly authorized in this policy or by management to fulfill their daily job activities.
- Employees are responsible for the data they collect, use, or distribute in their capacity as MAC Technologies employees. They are therefore required to exercise a reasonable duty of care to ensure its safety
- Employees are acting in their own individual capacity in public spaces, including in social media sites, should ensure clarity is made that they are not acting as MAC Technologies employees.
- MAC Technologies will have unfettered access to its information assets assigned to any employee for the purposes of auditing and compliance monitoring.
-
Policy Compliance
This policy aims to improve MAC Technologies information security behavior. As observed by McFadzean & Birchall (2011), this policy attempt to avoid, rather than fix information security problem. It is also based on the understanding that information security breaches are not only costly but may affect the continuity of the MAC Technologies (Safa, VonSolms, & Furnell, 2016, p. 71). As such, this policy should be viewed as a set of rules and guidelines (Yazdanmehr & Wang, 2016, p. 36) that are aimed to influence employee information security behavior by creating awareness of the potential consequences and ascription of personal responsibility (p.44).
-
Compliance measurement
MAC Technologies will use the policy guidelines as a measurement tool to assess compliance on a regular basis. The tools may include reports, observations, and feedback from auditors or any other person or party.
-
Non-compliance
Any MAC Technologies personnel found in breach this policy will be subject to necessary disciplinary actions. In case of any exceptions from the requirements of this policy, the affected persons must obtain approval from MAC Technologies ICT department.
-
Related policies
This policy shall be read together with other subject-specific policies including:
- Organisational Privacy Policy
- Public engagement policy
- Information access policy
- Ezingeard, J., McFadzean, E., & Birchall, D. (2005). A Model of Information Assurance Benefits . Information Systems Management, 22(2), 20-29.
- Lakshmi, D. R., & Mallika, S. S. (2017). A Review on Web Application Testing and its Current Research Directions. International Journal of Electrical and Computer Engineering (IJECE), 7(4), 2132-2141.
- McFadzean, E. E., & Birchall, D. (2011). Information Assurance and Corporate Strategy: A Delphi Study of Choices, Challenges, and Developments for the Future. Information Systems Management,, 28(2), 102-129.
- Safa, N. S., VonSolms, R., & Furnell, S. (2016). Information security policy compliance. Computers & Security, 56, 70-82.
- Yazdanmehr, A., & Wang, J. (2016). Employees’ information security policy compliance: A norm. Decision Support Systems, 92, 36-46.
Offered for reference purposes only.