Introduction and Acceptable Use Policy
Before determining the most important policies to establish for a company you have to
know exactly what you need to protect, how things work, and risks in the industry. There are
some policies that are seen as standards and others that are more specialized or specific to a
company. That being said, important issues that should be addressed by the policies include
expectations, access and authorization, training, system maintenance, & incident response/
recovery. In my research of these policies one of the main ones I came across was the acceptable
use policy. This policy includes an agreement to adhere to guidelines and practices for any and
all employees of a company prior to using any equipment or network. This also highlight the
proper practices for company devices as well. Setting these expectations and the consequences in
case of failure to reach these expectations allows for a more professional and coordinated
environment (Adsero Security).
Incident Response Plan and Access Control
With cybercrime and security breaches becoming increasingly more prevalent it is now
essential for companies to prepare for them. One of the best methods being an incident response
plan. These plans help mitigate the damage caused by attacks and recovery after the attack. This
also can include ensuring there are backups in place and methods of minimizing downtime (5
Cybersecurity Policies 2022). Ensuring the access to your companies’ network and systems are
limited and secure is a big step towards protecting your data and preventing breaches. Access
control policies can log who accesses the system, what they do while logged in, and when they
sign out. This is important for authentication as well so every employee has access to the system
that reflects their rank or position (9 Policies and Procedures 2018).
Security Training and Maintenance
When any incident occurs peoples first response is almost always panic. With security
awareness training employees will be able to react to an issue in a calm and timely manner as
well as identify security threats as they happen. This policy also informs employees of acts on
their end that are security risks like opening suspicious emails, phishing or fraud attempts, or
giving out sensitive information. Ensuring that your systems are working and up to date and
maintaining them are also a big factor in mitigating issues (Adsero Security). A maintenance
management policy would ensure that this is done. Keeping the systems updated reduces the
likelihood of equipment failure and in the case of equipment failure, delegates responsibility to
other equipment to minimize downtime. This also minimizes the costs of replacing equipment by
prolonging the life of the equipment already on hand, ensuring the safety and integrity of your
companies and employees data (5 Cybersecurity Policies 2022).
Conclusion
While these are not all of the policies necessary for this company in the design of this
security policy these five policies are essential on a base level to maintain the company’s
integrity and security. Acceptable use to establish expectations and consequences. Incident
response to mitigate damage and quickly recover from attacks. Access control to monitor
behavior in system. Security training to prevent or recognize risks, and maintenance to keep
everything working and up to date.
References
“5 Cybersecurity Policies Every Medium-Sized Business Needs.” IT Services – IT Force, 21
Dec. 2022, www.itforce.ca/blog/cybersecurity-policies-every-business-needs.
“9 Policies and Procedures You Need to Know about If You’re Starting a New Security
Program.” CSO Online, 16 Mar. 2018, www.csoonline.com/article/564894/9-policies-
and-procedures-you-need-to-know-about-if-youre-starting-a-new-security-program.html.
Adsero Security. “10 Must Have IT Security Policies for Every Organization.” Adsero Security,
23 Jan. 2024, www.adserosecurity.com/security-learning-center/ten-it-security-policies-
every-organization-should-have/.