Triware Networld Systems 

19 Years Of Around The Clock Superior Network Systems Service & Support!

 

Home
Solution
Technology
Service
Support
Client
Partner
Career
Events
News
   Back ] Up ] Next ]
 
   

 

Rule of Law for Digital Information World – Security Policy

In order for a society to function and prosper, certain rules, or laws, must be established and followed. This simple, yet vital, basis of civilization can be seen through out all of our histories. Every society has become more civilized over time through socially agreed-upon laws.

At the beginning of the last century, Henry Ford established a company that would go on to manufacture half of all cars in America, beginning with his Model T’s in 1918, based on technologies stemming from the industry revolution in the mid-1700s. The success of Ford and other automobile manufacturers eventually led to what we now know as rules of the road.

Rules of the road are defined as general practices and procedures that people abide by while operating motorized vehicles on public streets and highways, according to www.answers.com. These rules also govern interactions between vehicles and pedestrians. The most basic traffic rules have been established through an international treaty under the authority of the United Nations, the 1968 Vienna Convention on Road Traffic.

Now, just a century later, we are facing a new revolution — the digital one. Driven by cornerstone advancements in computer-related technologies, the digital revolution threatens to have a larger impact on our society than the industrial and automobile revolutions combined. The increasingly open nature of the Internet, combined with alternative means of communications and the ease of travel between countries, has shaped the digital information revolution into a fundamental change to our civilization’s structure.

Despite this profound change, we have yet to see a concrete set of rules for the digital world. The landscape of this digital information revolution is, for the most part, still a Wild, Wild West!

So what set of rules must we establish to govern this digital information world? I say, much like rules of the road, rules of the digital information must be formed with the protection of human beings and their property in mind.

Society may go about establishing any socially agreed-upon set of laws in two ways: top down or bottom up.

Top Down

Bottom Up

United Nations

Organizations

Countries

Communities

Communities

Countries

Organizations

United Nations

By far the easiest place to start is from within an organization, simply because it usually requires the least consensus and can be implemented in a matter of months, depending on the size of an organization.

In this white paper, we will focus on the organizational aspect of developing a digital information security policy.

So why is it so important to have a digital information security policy?

Well, to begin with, almost everything and anything of value to an organization is now digitized in one way or another — or will be very soon. It would be unthinkable to continue permitting the viewing, listening, modification, distribution, publication and destruction of this digital information without a governing policy.

Without a set of rules governing digital information security, how can users be held responsible for handling digital property? Without knowing what guidelines to follow, how can we expect any users of digital information to be implemented in a socially agreeable and acceptable manner?

What happens if there is a dispute? Who would be right? And what court would decide, if any?

With or without an organization realizing it, having a digital information security policy could be the difference between life and death for an organization.  An organization’s survival, reputation and competitiveness may depend on it.

To make a long argument short, an organization must have basic laws governing digital information security, and the policy has to be well-communicated and agreed upon.

Developing a digital information security policy can be fairly complicated, and it can be different across organizations.  However, the higher-level structures are more or less the same.

Below, I have outlined the higher-level structures of a sound digital information security policy for any given organization:

bullet Digital information protection classifications policy
bullet Business continuity
bullet Digital data disaster recovery
bullet Digital data protection
bullet Digital data encryption
bullet Digital data access control
bullet Digital information classifications policy
bullet Levels of definition of the digital information
bullet Levels of critical digital information
bullet Levels of digital information retention & destruction
bullet Software Application
bullet Acceptable usage
bullet Access control
bullet Computer Operating Systems
bullet Acceptable usage
bullet Security hardening
bullet Security protection
bullet Data encryption
bullet Access control
bullet Computer, Network & Related Hardware (Computer, Router, Printer, Copier, Scanner, PDA, Cell phone, Memory Stick / USB Drive etc.)
bullet Acceptable usage
bullet Security hardening
bullet Security protection
bullet Data encryption
bullet Access control
bullet Network (LAN, MAN, WAN, Internet, Extranet & Intranet)
bullet Acceptable usage
bullet Security hardening
bullet Security protection
bullet Data encryption
bullet Access control
bullet Media / Storage
bullet Acceptable usage
bullet Data encryption
bullet Data retention & destruction
bullet Access control
bullet Physical Security (Room, Building & Etc.)
bullet Closed Circuit TV monitor
bullet Real Time environment monitor
bullet Access control
bullet User security classifications policy
bullet Background check
bullet Levels of digital data access control
bullet Levels of software application access control
bullet Security policy related acknowledgements signed and on file
bullet Ongoing security policy training
bullet Ongoing organization wide review and fine-tuning
bullet Independent audit of the above annually

Having a sound digital information security policy can and will benefit an organization in many ways.  It serves as a framework for an organization to operate in this digital information world with a set of over-guiding rules.  It is evidence that the management of the organization is serious about safeguarding its proprietary information and trade secrets and lays out a solid foundation when legal disputes are necessary, thereby reducing the liability of the organization.

By Benson Yeung, Senior Partner

Benson Yeung Biography

Since 1991, Mr. Yeung has consulted on IT and business related issues to over 300 small, medium, and large Bay Area organizations. He also contributes articles to the Loral Computer Special Interest Group, Microsoft Project, Silicon Valley Computer Society monthly newsletter and other nation-wide publications. During the past 20 years, he has spent a significant amount of time in IT security fields and has a deep understanding of the state of IT security issues and has developed frameworks and best practice methodologies for the field.

Mr. Yeung’s client list includes Flextronics, HP, Levis-Strauss, Loral, NeXT Computer, New York Life, Stanford University, Symantec and many other companies. Mr. Yeung also works closely with various VC firms and startups in the Bay Area as a Technology Advisor, IT & Operations Consultant. Mr. Yeung has a B.S. degree in Computer Science from Arkansas State University. He is also a Microsoft Certified Trainer (MCT) & System Engineer (MCSE).

Back to Top

Information Request Form

Sign up for TNS News Letter

Information Request Form

Select the items that apply, and then let us know how to contact you.

Request a Senior Partner contact me
Request a Web Meeting and / or Web Demo
Subject
Name
Title
Company
Address
E-mail
Phone

Business Partners

     

© Copyrights Triware Networld Systems, L.L.C. ® 1991-2010