Information Security We are talking about computer security policies to designate the set of measures, practices, and rules that all those who access the technology and information assets of an organization must comply with. This was define many years ago by the Internet Engineering Task Force (IETF), the Internet Engineering Task Force. It is the main Internet standards body, as defined by this body on its official website.
Security policies provide the legal context in which to transfer both the workers of a company and the users or clients of its services in the event that they access its technology to function. For that, they dictate the limits that cannot be cross. They also define mandatory guidelines and actions in this limited space. The overall goal is to maintain an adequate level of protection and security in all directions.
This general objective is achieve by achieving other very specific objectives through IT security policies. That is, guarantee the confidentiality, integrity, and availability of the information. They can be roughly classified into two large groups. On the one hand, those that are restrictive and indicate what not to do. On the other, those who order what action must be taken at all times.
Information Security Measures
Restricted actions include, for example, opening suspicious files and links. Also, share security or network passwords over open WI-FI networks. Ultimately, these are elementary practices that endanger the systems and the information itself, be it personal or the entity for which the network works.
Information security policies also define responsible and appropriate behavior to ensure security when working on the Internet. Typical examples of these specific actions include encrypting confidential files or creating backups. It also includes periodic password renewal and the installation and updating of powerful antivirus and antimalware software.
These types of actions are examples that an average Internet user can see and understand. Still, the logical design of a comprehensive and large-scale information security policy includes many other more complex rules.
How To Mark The Boundaries
Achieving a system that is 100% protection against the risks of network operation is practically impossible. Protection against external attacks, data privacy, and protection against internal failures are part of this. It is no less easy to find the balance between security, ease of use, risk, and cost. By cost, we understand hardware and software, but also human, because experts must be paid according to their professional category.
Depending on the commercial objectives and the service offered, the information security policy of each company will be more or less restrictive. Depending on this, the systems and services of said company will also be more or less easy to use.
In any case, the ambition of security policies must at all times be to achieve this 100% shielding, so it is essential that they have certain characteristics. Among them, this legal framework must always be mandatory for all the people who work within this framework, and this requires that there be a sanctioning code and control tools that monitor and sanction non-compliance.
Examples Of Information Security
Some examples of these types of policies refer to different issues. Storage in the corporate network, human resource management, confidentiality in the use of work tools, availability of systems and resources, notification of security breaches, and guidelines for contracting services and purchases, among others and also.
But the best known by the public opinion is surely the information security policies on user authentication and access to a technological service, in addition to their rights, privileges, and obligations. This type of security policy is so well known that many non-experts in the field think that it is the only one that exists in a technological environment, but now they know that it is only one of those that govern this framework.