UK Custom Essay Sample on «IT Security Policy Framework»

IT Security Policy Framework

Framework is a procedure of creating, executing, appraising, preserving, and enhancing the security plans in the organizations. An IT security structure is the basis for an actual initiative varied security plan. The security policy framework is a group of high level rules on security that influences the business and the supplies from other firms. The arrangement changes over time hence connecting rules that may influence the development process in an institution. This paper discusses how particular security policy framework and the framework design are applied in the Jubilee Insurance Company. The paper also explains the significance of creating defences of IT security measures with United States acts and rules. In addition, it states how firms can utilize the policies and measures with the appropriate rules outlined. The paper also evaluates the encounters in the domains of establishing an active IT security policy framework and the challenges of the implementation process of security policy and how they can be solved.

Jubilee Insurance Company has approved the International Standards Organization’s (ISO) information security framework, which is documented as ISO 27001 and 27002. This structure includes many activities and offers controls measures required to ensure that the company keeps the information of resources it has. The process of applying this security structure is a multi-year plan where the conclusion of the original work comprises of several measures that are required to state data on security in the group. ISO security construction ensures that many measures are applied in order to offer a durable development in time (Benson, 2001). Jubilee Insurances Company has approved a responsible long-lasting process in association with a process that utilizes a four point gauge.

IT security measure in agreement with United States rules and guidelines comprises of various methods which include International Organization for Standardization (ISO), a system that is printed on ISO/IEC 17799;2000 and introduced from 140 nations. Internet Security Alliance (ISA), a joint strength between Carnegie Mellon University’s software, is also a process of security measures that introduces engineering. Another security process measure is National Security Agency that organizes, leads, and implements focused actions that defend United States. These methods of security measures are important, because they ensure that the data on security are well maintained. Some of the techniques permit directors to bond the break with the aim of control desires, practical issues, and trade risks. The measures also enhance the communication process of security control with other investors (Williams, 2002). The measures also ensure proper supervision of staff by offering amenities to firms that are openly obstructed by the laws. In addition, the security guidelines ensure that customer’s data are precise for confirmation and offer approval only to persons, therefore, reducing the chances of deceit. The measures also observe schemes and actions to notice real and tried attack on any meddling into customer data structures.

Company can use rules and controls when establishing regulations by converting the data acquired, because it is important to management resources and distributed to investors (Harold, 2010). Since data and technology are the most effective strategies of delivering information at a cheap cost, then the union must utilize them. In addition, the union can use the rules and controls to manage the organization work by evolving, suggesting, and preserving

In the process of security policy framework, there are seven areas considered in order to obtain maximum results. These include security accountability, an aspect that specifies the security character and responsibilities of overall users. That helps the group in appreciating and governing prospects and offers a basis for applying all other additional rules and procedures. That element has a challenge of preserving data since it is obtained from different sources. Network service policies are the other elements; this produces policies for protected isolated areas and plans. This element has a challenge of demonstrating which particular staffs require something in order to improve on the services (Williams, 2002). The other element of IT security policy is the system policies that create the security outline for all tasks in operating systems; the challenge of this policy is that some locks or passwords may be lost, therefore, affecting the operation system.

Physical security is also an element of IT Security policy. It describes how office blocks and card-keys readers can be protected where inner cameras are fixed. That challenges many visitors since they do not know how to use them. Another element of security policy is event handling and response. It provides plans to monitor the event of security matters by reporting on such issues. Behavior and acceptable use of policies are another element that contains ordering on what the staffs are required to do (Harold, 2010). The challenge of this policy is that many workers do not like to follow orders. In addition, the security training is the other element of IT security policy. That describes the training process for key staff that controls active activities. The challenge of this element is that few employees are literate of computer studies.

The jubilees insurance company applies the security policies through the process of transparency since it is the most dangerous process to acquire approval by protecting funds and implementing data security strategy (Harold, 2010). The issue of transparency in the application is carried out when preserving confidence of the stakeholders. That also attracts investors, therefore, increasing the funds. Although the company has a problem of applying this because the staffs do not like to disclosure on what to expect from them in the future a factor that influences the turnout of investors. Jubilee insurance also establishes who and what they want in terms of investors and capital gain. That involves negotiation from both the investors and the holders in order to agree on the importance of the list of confidentiality. When an organization is focused on what to expect annually, then it works hard in order to achieve it through dialogues with a natural side effect (Williams, 2002).


Preparing Orders


Active Writers


Support Agents



Special Offer!Use code first15 and

Special Offer - 15% off

Get 15% off your first order

We are online - chat with us!