2/29/2016 Fundamentals of Data Security Policy in I.T. Management - IT-Toolkits.org http://it-toolkits.org/blog/?p=56 1/6 Fundamentals of Data Security Policy in I.T. Management - IT-Toolkits.org We all know that I.T. stands for “information technology” and that’s no accident. In fact, it’s a reflection of the primary mission of every I.T. organization – to provide the means and methods for creating, storing, transmitting, printing and retrieving business related information. By design, this operational mission is driven by the need to “protect”, which also includes preventing unauthorized access, uncontrolled modification and unwarranted destruction. The priorities are self evident – data integrity is vital, and vital needs must be met with purpose and committment. The tricky part is to balance vital interests with the associated costs and operational overhead. This is the higher purpose of data security and the goal of related policy development. Data Security Practices and Policy Purpose As discussed, “data security” provides the means by which business data and related information is protected and preserved. This is realized in multiple ways, as listed below: Data security technology and practices provide the means by which data can be safely created, stored, transmitted, printed and retrieved. Data security technology and practices provide the means by which data accuracy and integrity is ensured and maintained. Data security technology and practices provide the means to prevent and control unauthorized access, modification and destruction. Data security technology and practices provide the opportunity to minimize the risks and costs associated with data loss, data corruption and unauthorized access. Of course, the physical means of “securing data” are essential to the process. You must have the technical ability (through hardware and software) to physically meet each of the above listed objectives. But that will only take you part of the way. To realize all of the intended benefits, data security practices must be “institutionalized” – i.e. integrated into the corporate culture and made part of how a given organization works. This is achieved through the
6
Embed
Protecting business interests with policies for it asset management it-toolkits
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
2/29/2016 Fundamentals of Data Security Policy in I.T. Management - IT-Toolkits.org
http://it-toolkits.org/blog/?p=56 1/6
Fundamentals of Data Security Policy in I.T.
Management - IT-Toolkits.org
We all know that I.T. stands for “information technology” and that’s no accident. In fact, it’s a
reflection of the primary mission of every I.T. organization – to provide the means and methods for
creating, storing, transmitting, printing and retrieving business related information. By design, this
operational mission is driven by the need to “protect”, which also includes preventing unauthorized
access, uncontrolled modification and unwarranted destruction. The priorities are self evident – data
integrity is vital, and vital needs must be met with purpose and committment. The tricky part is to
balance vital interests with the associated costs and operational overhead. This is the higher
purpose of data security and the goal of related policy development.
Data Security Practices and Policy Purpose
As discussed, “data security” provides the means by which business data and related information is
protected and preserved. This is realized in multiple ways, as listed below:
Data security technology and practices provide the means by which data can be safely created,
stored, transmitted, printed and retrieved.
Data security technology and practices provide the means by which data accuracy and integrity is
ensured and maintained.
Data security technology and practices provide the means to prevent and control unauthorized
access, modification and destruction.
Data security technology and practices provide the opportunity to minimize the risks and costs
associated with data loss, data corruption and unauthorized access.
Of course, the physical means of “securing data” are essential to the process. You must have the
technical ability (through hardware and software) to physically meet each of the above listed
objectives. But that will only take you part of the way. To realize all of the intended benefits,
data security practices must be “institutionalized” – i.e. integrated into the corporate
culture and made part of how a given organization works. This is achieved through the
2/29/2016 Fundamentals of Data Security Policy in I.T. Management - IT-Toolkits.org
http://it-toolkits.org/blog/?p=56 2/6
development and implementation of effective “data security policy”. Policy is a governance
mechanism, used to translate tangible security objectives into organizational terms that can be
implemented and enforced. In the case of data security, related policies provide the “how, what, and
why” to communicate security objectives and promote expected compliance.
To fulfill this mission, data security policy must be developed and documented to reflect the following
components and answer the underlying formative questions:
Policy Purpose
What are the specific goals of this data security policy?
Why has the policy been created (considering the background events leading to policy
development)?
What will the policy accomplish considering data security goals and objectives?
Policy Basis
What is the underlying authority and/or organizational basis for this data security policy