Tackling security policy management

OPINION: Successful organisations need core IT security polices, as well as the means to monitor employee adherence. How can Australian organisations get it right?

Each organisation needs to identify its specific areas of concern--whether it be to protect information, maximise operational effectiveness, minimise corporate liability or guard against damage to its reputation.

From there enterprises can then figure out the most effective way of dealing with these concerns. This may involve hardware and software solutions, and also company-wide rules about appropriate usage and employee behaviour.

To establish an e-mail policy companies must:

  • Show determination in enforcing the policy.
  • Be specific about why the policy exists. This could include examples, such as protecting staff and the company against legal threats, preserving company reputation and maintaining IT security.
  • Name the individuals responsible for implementing and monitoring policy
  • Clearly define what your organisation considers to be appropriate business and personal Internet usage, and the types of files that may not be circulated via e-mail or downloaded/uploaded via the Web.
  • Define company policies about the circulation of business material and explain potential pitfalls, such as how to avoid accidental distribution of confidential information and infringement copyright.
  • Explain the potential productivity losses, how to avoid them and what the consequences are.
  • Provide guidelines on avoiding data theft. This could include how to spot suspicious e-mails, Web pages and cookies.
  • Provide guidelines on avoiding viruses.
  • Make adherence to IT policies part of the terms and conditions of employment.

Large global organisations will probably find that a 'one size fits all' policy may not work for them. Laws vary between both states and countries, and each location may require its own version of the corporate policy. Many departments across locations--including HR, security, IT and legal--need to be consulted to define, document, maintain and enforce policies.

E-mail policies and related procedures need to be distributed rapidly and reliably throughout the organisation, accompanied by a test program to gauge employee understanding and confirm acceptance.

Setting up an IT security policy can be a daunting process, but it is one which Australian organisations should make sure they tackle.

Chy Chuawiwat is managing director at security vendor Clearswift Asia Pacific. He can be contacted at Chy.Chuawiwat@clearswift.com.au

Advertisement

Print feature brought to you by Adobe

Talkback 0 comments

Sponsored content

Power Centre - Content from our premier sponsors

Popular Phones & Plans

Powered by WhistleOut

1) Apple iPhone 3GS 32GB35 plans 3%
2) Apple iPhone 3GS 16GB35 plans 1%
3) Sony Ericsson Satio6 plans 1%
4) Nokia E6339 plans 1%
5) Nokia N9742 plans 1%
Three Virgin Mobile Vodafone
« 1 of »
1) Apple mobile phones 2%
2) Nokia mobile phones 2%
3) Sony Ericsson mobile phones 1%
4) Samsung mobile phones 1%
5) LG mobile phones 1%

Compare: Mobiles | Broadband

ZDNET Australia Partner Services

Blogs

  • Suzanne Tindal Sick of broken tender sites
    Some of the state governments desperately need to invest in more user-friendly tender sites so that looking for information on government tenders doesn't have to be a game of blind man's bluff.
  • Array Cyberwar: What is it good for?
    In this week's episode, Cyberwar. What is Australia's place in the world of digital warfare? What are the implications for the NBN?
  • Array Is wholesale-only backhaul just a pipedream?
    The potential acquisition of Pipe Networks by SP Telemedia has raised the question about whether vertically integrated backhaul providers will mean higher wholesale prices for ISP customers.
  • More blogs »

Tags

  1. 490 articles are tagged with 3g
  2. 43 articles are tagged with afact
  3. 14 articles are tagged with anu
  4. 1279 articles are tagged with apple
  5. 83 articles are tagged with asic
  6. 141 articles are tagged with ato
  7. 1308 articles are tagged with broadband
  8. 14 articles are tagged with cenitex
  9. 671 articles are tagged with cio
  10. 254 articles are tagged with conroy
  11. 319 articles are tagged with court
  12. 47 articles are tagged with david thodey
  13. 156 articles are tagged with exchange
  14. 152 articles are tagged with firewall
  15. 1039 articles are tagged with government
  16. 790 articles are tagged with hp
  17. 1306 articles are tagged with ibm
  18. 224 articles are tagged with iinet
  19. 353 articles are tagged with iphone
  20. 289 articles are tagged with isp
  21. 7 articles are tagged with jodee rich
  22. 11 articles are tagged with kim carr
  23. 36 articles are tagged with michael malone
  24. 1484 articles are tagged with microsoft
  25. 36 articles are tagged with mike quigley
  26. 67 articles are tagged with minister
  27. 1127 articles are tagged with mobile
  28. 220 articles are tagged with national broadband network
  29. 400 articles are tagged with nbn
  30. 202 articles are tagged with new zealand
  31. 198 articles are tagged with nsw
  32. 61 articles are tagged with one.tel
  33. 930 articles are tagged with open source
  34. 885 articles are tagged with optus
  35. 16 articles are tagged with pdc
  36. 21 articles are tagged with pipe networks
  37. 173 articles are tagged with queensland
  38. 2653 articles are tagged with security
  39. 10 articles are tagged with sp telemedia
  40. 180 articles are tagged with stephen conroy
  41. 656 articles are tagged with sun
  42. 85 articles are tagged with supercomputer
  43. 177 articles are tagged with sydney
  44. 232 articles are tagged with telco
  45. 61 articles are tagged with telecom nz
  46. 2447 articles are tagged with telstra
  47. 140 articles are tagged with tender
  48. 32 articles are tagged with tpg
  49. 177 articles are tagged with victoria
  50. 79 articles are tagged with wholesale

Back to top

Featured