Managing Data Security

Every IT organization has the critical responsibility of providing a certain level of service. Such services includes the following: 1. Data Access: Every IT organization has service level agreements that dictates how the organization will retain and manage user data. 2. Level of Service: IT organizations focus on high-level customer service. Every IT organization strives to provide high-level customer service. Functioning as the Agency ISP, the IT organization also sets a certain standard in regard to network uptime. In todays world, it is quite normal for most organizations to guarantee uptime of 99.99% or higher. This is critical to an agency operations. Although IT organizations have the responsibility of providing top-level service to the agency, it also has the responsibility to ensure security is the top priority. In order to provide service to internal and at times external customers, IT agencies have to follow policies. And in some cases, such policies require review. As an IT Specialist, I think these are four are very important to develop when it comes to protecting assets of an organization. 1. Develop a Physical Security Policy: A policy to control physical access to the facility and data center must be developed. Employees must go through a prover verification process and should only have access to areas where necessary. Important to also install security mechanisms for access, such as Security guards, badging systems, and biometric authentication mechanisms that will control physical access to the facility. 2. Network Access Policy: It’s critical that an agency define its network access policy. Although the IT organization has the responsibility to provide a service, its’ also important to set user expectation. A Network Access Policy is critical on defining what, who and how data will be made available, monitored, accessed and controlled. 3. Audit Policy: Policies must be followed. Auditing is critical on making sure that the agency and organizations are adhering to it. Auditing allows managers to verify and ensure that rules and policies are being followed. 4. Information Classification Security Policy: Government agencies and private sector corporations have employees. In order to hire, employees must go through the application and interview process. Information submitted by candidates during the application process must be available to HR. The IT department has the responsibility of ensuring the data is available and secure. In addition to that, access to this data must be only made available to authorized personnel. All data should have a certain level of classification (Confidential, Secret, etc.). Access to such data should be made available only to employees who undergo the proper verification. From the four listed policies, I think that the best policy for strengthening data security would be the Information Classification Security Policy. This policy would dictate the level of access someone would be granted and in addition to that it would also ensure that data is properly compartmentalized and access would only be available to people who been verified and actually need it.


Read more from SEC 402 Cyber Security