Security Policies - Paper Example

Introduction

Security policies in an institution or an organization are very important as they aim at safeguarding the important information as well as the systems of the organization. Besides, the policies are good for protecting the reputation and any information that concerns the employees. Policies, unlike the constitution, are not meant to be solutions to the institution's problem rather, they are just vague statements written down if at all they are not keenly observed. They mostly are meant to point out the direction in which the efforts should channel. Security policies are defined as clarified, comprehensive, and clearly defined plans and regulations that aim at regulating any access to the institution's system or information ("Agenda for policy making", 2019).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

There are a handful of factors that influence the creation or change of the already existing policies in an institution. They include any changing of the law governing the organization, department, or stakeholders, a reported weakness in the current system of administration, an attempt to reduce risk or correct misbehavior, the annual reviews and updates, arising opportunity, a remarkable change in the organization like for instance change in leadership. In most universities, in case of an upcoming reform, the security department liaises with the information and technology department to make sure clearance is done and that anything related to the system is secure from unauthorized hands (Nathoo, 2018).

Computer Security Policies in the University

Security of a university's information is the topmost responsibility of any other university with the paramount mandate given to a body known as the Information Technology Advisory Committee (ITAC). A body that is appointed by the administration of the university to represent various constituents of the campuses. It is mandated to review the draft policies as well as the standards that enable a successful vetting of the proposals. The Information and Technology standards of the university are reviewed by the Information Technology Advisory Committee on annual basis. This is meant to maintain the university security up to date ("Agenda for policy making", 2019).

The stipulated standards normally outline the requirements needed by the university management to be able to comply with the policies of the university IT as well as any other policies and the laid down rules and regulations. Most of the standards normally include mandatory technical specifications that are to have adhered to the letter. There are also the procedures as well as the guidelines that are classified as the methods that are expected to comply with the developed standards as developed by the Information Technology Systems to ensure a compliant adhere to them on details on matters policies and maybe the standards (Nathoo, 2018)

University Council

The university council is responsible for the drafting of the computer security policy and standards. The council is mainly headed by the university's vice-chancellor who is mandated to appoint a committee that will come up with a well-written set of policies. Of course, it is after the university council has sat down and deliberated on the composition of the policies. It is later forwarded to the Information, Technology Advisory Committee that takes care of the editing of the policies, making of changes, and adjusting the specific policies when need be. The council takes into consideration the needs of the university that cuts across from the top leadership all the way to the students as well as the subordinate staff.

The making of the policies takes into consideration the top security of the content to be included in written form and for public use. There exist other guidelines that are kept beside away from the public eye and are produced upon request. They are kept by the operational unit and are never published. The only procedures that are published aims at giving direction on the daily running to the owners of the systems, heads of various departments, data owners as well as the general users in normal situations. This is because allowing access to the most confidential information by unauthorized people could affect the university in a big way.

The university policy is meant to cover all that comprises the institution as well as its stakeholders. The guidelines provided are meant to give a definite direction that is mostly linked to the goal attainment as well as meeting the mission and vision of the institution. Therefore, the policy aims at covering the entire fraternity so that even the enforcement of the policy can be easy since it involves all the aspects of the organization. It is expected therefore that, the persons obligated to be covered by the policy should understand clearly the data level they are responsible for accessing and if it is harmful to them or the university.

Determination

However, the staff or rather the people to be covered by the policy are expected to make their determination that is totally based on the classifications that have been applied by the institution. It is a collective responsibility as well as individual responsibility to maintain the security of their working stations, passwords to their computers as well as phones to mention just a few. It is a wise thing to always collect data when it is appropriate. It is advisable for people to seriously handle the numbers of bank account, the numbers of driver’s license, as well as those of social security since there is a reason as to why they were assigned specifically to an individual.

In the event an employee is not quite sure of the relevance of certain security information, it is always advisable to sensitively dispose of anything one is in doubt with. The behavior of collecting information that is not necessary should be discouraged by all terms possible since it so much leads to the compromising of the data. Collected data for generating policy should therefore be stored securely. It should never be stored in gadgets such as flash disks or any online option. Most custodian of the policy store data in such mediums and the mode of disposal is never appropriate. Incase data is irrelevant, deleting remains the only sure way of getting rid of unwanted confidential data.

Conclusion

In conclusion, policy in the university plays a vital role inside and out of the institution by covering the fraternity as well as taking care of the relationship with the stakeholders. The policy makes a university identifiable since its operation is mainly based on the policies laid down. The privacy of an institution is directly proportional to the success of the plans put forth. Data security goes a long way with the effectiveness and performance of any institution. Most of the above-outlined issues concerning the confidentiality of matters policy should be taken seriously to avoid future information leakage that could lead to massive technological destruction to the university including being prone to cybercrimes.

References

Agenda for policy making. (2019).
https://doi.org/10.1093/spp/20.3.218

Nathoo, R. (2018). Multi-level Negotiations on Digital Trade Policy. Trade Policy, 1(144), 11-18. https://doi.org/10.17323/2499-9415-2018-4-16-11-18.