Information System Security Policy

Information System Security Policy

A brief about Information System Security
 

Information System Security has become very critical and important for any business regardless of the nature or size of the business. This is because with growing technology and ease of operations, Information Systems have become more and more prone to miss-use. Any organisation cannot survive for long unless it has appropriate measures to safeguard their Information System set-up. With more and more open systems and percolation of Internet, it is no longer required to have a physical access to the set-up. With some technology understanding and appropriate access methods, anyone can easily take advantage of the loop holes in any system and gain unauthorized access.

But this does not mean that other aspects are totally obsolete and redundant. No organisation can claim to have full secured set-up unless it also has other aspects like Physical, Environmental and Personnel Security in place. Traditional physical security measures are equally important for the safe functioning of the systems.

The major difference between the earlier paper based, human working and computerization is that while work happens at speed required to match today business needs, the environment in which the same can be achieved becomes equally important. It has a direct impact on the availability of the Information systems. Human being can work without absolutely favourable environmental conditions; however. Information Systems may collapse if the environmental conditions such as Power, Air conditioning. Dust free environment etc. are not appropriately maintained. Hence environment has become an integral part of the Information System Security.

With technology advancement, it is possible to carry truck load of paper information in an electronic device of the size which fits in any pocket without visibility. Critical and confidential information being shipped out from any organisation would be an equal disaster as Tsunami or Earth Quake. In either case, business seizes to exist. However this could be largely possible only because of the compromised personnel within the organisation. Hence Personnel Security becomes an integral part of Information System Security. Information does not exist for unauthorized access only within the information system set¬ups. Information can be easily available from various other sources. Hence addressing Information System Security needs do not mean securing the computer processing equipment or connectivity devices.

The information Technology Act has been passed by parliament in June2000. The Act has been given legal recognition to electronics records and transactions. The Information Systems Security Policy (ISSP) consists of:

  • Information System Security Policy Statement.
  • Coverage and Objective of the Policy.
  • Roles and Responsibilities of various entities in the corporation in respect of information Security.
  • Information Security principles.
  • Minimum requirement of Information Security.

While the ISSP is a very generic document, the policy has also a provision under which more specific guidelines and requirements may be issued at the time of implementation of other systems. All such specific guidelines would be in addition the minimum requirements of the ISSP. The ISSP would be applicable to all IT systems, applications, computers and computer networks of the Company.

All employees of the Company are required to follow the policy and any directions given there under.

Signed by Partner of Maloo Equitrade

Mr. Rohan Maloo

Partner