Electronic Commerce and Information Security and Ethics- Policies and Procedures That Organizations Should Implement To Protect Themselves
Security policies, or e-policies, are documents or provisions stating the ways in which organizations should protect their IT (information technology), as well as physical, assets. The policies are deemed as being alive since they are updated continually with staff requirement and technological changes. The policies are developed via processes that make out organizations’ electronic risks, develop security-related procedures, and guide staff software, systems, and internet usage (Dixon, 2003; IBM Redbooks, 2012). Overall, the policies help lessen organizations’ e-risks as well as forestall cyber crises prior to their happening (Wahsheh & Alves-Foss, 2008).
There are some critical security policies that organizations should have. First, they should have an electronic documents retention security policy. The policy should provide that the disposal, as well as maintenance, of electronic documents should be the exclusive duty of their legal custodians. The policy should as well provide that the documents should be disposed or maintained with respect to the content in them and all applicable laws. The policy is important in ensuring that staff members create, as well as maintain, more and more documents using IT resources in strict observance of the applicable statutory regulations and history (IBM Redbooks, 2012). Besides, the policy is important in ensuring that staff members remain awake to particular organizational requirements, as well as responsibilities, for managing and disposing electronic documents.
Second, organizations should put in place a password policy requiring staff members to ensure that they change the system-level passwords in their possession regularly. They passwords include those corresponding to accounts for application administration, network administration, root passwords, and enabling roots (Wahsheh & Alves-Foss, 2008). The policy is essential in establishing benchmarks for the development, protection, as well as change, of strong passwords. Third, organizations should put in place a risk-appraisal policy requiring staff members to cooperate with organization-appointed security appraisal teams in developing particular remediation plans. Besides, the policy should require the members to work closely with the teams in assessing the risk exposure of the IT systems under their charge. The policy is essential in empowering the teams to conduct security threat assessments periodically to establish vulnerability areas and initiate the requisite remediation.
There are various steps that organizations should go through to ensure the effective implementation of own security policies (Dixon, 2003). First, they should train their employees on the contents of the policies to ensure they understand them. Second, the employees should be required to confirm that they will comply with the policies by appending their signatures on them. Third, the organizations should develop, as well as enforce, penalties against those breaching the policies. Fourth, organizations should invest in tools that are useful in enforcing own security policies cost-effectively. Lastly, organizations can set up teams for ensuring compliance with own security policies and procedures.