Security Policy: The Information Security Environment Is Essay

Security Policy:

The information security environment is evolving because organizations of different sizes usually experience a steady stream of data security threats. Small and large business owners as well as IT managers are kept awake with various things like malware, hacking, botnets, and worms. These managers and business owners are usually concerned whether the network is safe and strong enough to repel attacks. Many organizations are plagued and tend to suffer from attempts to apply some best practices or security paralysis on the belief that it was efficient for other companies or organizations. However, none of these approaches is a balanced strategy for safeguarding information assets or maximizing the value obtained from security investments (Engel, 2012). Consequently, many organizations develop a coherent data and information security policy that prioritizes and handles data security risks. Some organizations develop and establish a formal risk assessment process while others pursue an internal assessment.

Analyzing Data Security Risks:

As part of the development of data and information security policy, organizations need to develop a strong foundation for their security strategy. While it's commonly known as data security risk assessment, security risk analysis is essential to the information security of an organization. This is mainly because the assessment helps in ensuring that controls and expenditure are totally proportionate with the risks that the organization is exposed to. Based on flexibility and usability, most of the conventional means of conducting security risk analysis are increasingly becoming unsustainable.

Therefore, the modern virtual, dynamic, and global enterprises need an information security strategy that is based on an all-inclusive understanding of information assets. These strategies should also incorporate an understanding of threats to information assets, present controls to counteract those threats, and the resulting risks. Organizations of all kinds can no longer depend on a product-centric approach to security management that basically handles threat isolation.An information-centric risk management perspective that ensures every aspect of the organization's information security program is required for the efficient control of operational and business requirements ("EMC Information Risk Assessment," 2008). Such an information security risk assessment strategy include a five-step process that identifies information assets, locates information assets, classify information assets, performs a threat-modeling exercise, and finalizes data and starts planning.

Risk Analysis of EMC Information Security Policy:

The EMC Information Security Policy is developed and established for the purpose of showing clear management direction and commitment to safeguarding the integrity, availability, and confidentiality of every information asset through a comprehensive approach towards information security. The policy seeks to lessen risks, evaluate vulnerabilities, and mitigate probable threats in a proactive way as it also handles the physical, administrative, and logical controls that are necessary to offer protection, detection, and response capabilities. These controls promote the maintenance of a comprehensive information security posture in the entire organization.

The data and information security risks within the organization range across a wide range of the information security capabilities including the information network, databases, applications, storage, and endpoint. Some of the risks associated with these major segments of information capabilities include eavesdropping, loss, theft, device takeover, unauthorized access, unauthorized activities, leakage, unavailability, and media loss. The occurrence of these activities causes huge problems on the organization's data and information security capabilities.

Recovery Plan:

Since data loss or theft is one of the identified information security risks that can take place, data recovery is an important aspect of EMC Information Security Policy. In most cases, data recovery is important when the source material fails or when there is inadequate physical or logical backup within the organization. Data recovery is basically described as the process of retrieving data from damaged, corrupted,….....