Enterprise Information Security Policy

Enterprise Information Security Policy

Introduction

This study is based on a case study of Co-operate Insurance Company (CIC) which has decided to move towards knowledge management systems and provide high-level security to its system to provide protection. The only way they could find to migrate on to reliable system integrity by taking step towards primitive online security system which is oriented towards Enterprise Information Security Policies. Previously the company tried taking security measures without defined policies and it ended up exposing its online environment against severe no integrity controls. Production data could be easily deleted or edited who knows the basics of programming skills. Identified tasks were developed for the project plan, ensured milestones and assigned resources were met (Whiteman, 2011). The focus was towards the management and maintenance of information assets and knowledge of the company, developing new groups, creating data within datasets along with access to objects under appropriate permissions. In batch and interactive mode, training was provided regarding documentation to guide the users so that they can gain access to the new systems. User communities were given training through managers, and managers themselves were subject to mini-bootcamp trainings so that they can guide the users. Moreover more candidates were recruited from other departments to help manage and prevention of crash during the trainings of user support. Minor glitches were experienced and further problems were lessening to the approval of external and internal auditors (Whiteman, 2008).

Discussion

Problems

Lack of existence of procedures, standards or security policies seem to exist in CIC. System support department consist of administration holding of only one person working for the security of the systems. Online applications are being managed only by the in-house support functions such as authorization and authentication. No lockout attempts for putting up wrong passwords and lack of provisions for the users in the company. Unencrypted account passwords and their id's in the security file section and print out can be made for the files. Plus there is no way of finding out the records or discoveries regarding failed sign on attempts.

No installed firewalls to prevent external threats from threatening the online application and knowledge systems of the company. Any basic programmer can make changes to the listed data by deleting, adding or changing it. Clear visibility of downtime of systems especially when developers are changing, modifying or testing the production data, which is the data is saved a night before developers are making any changes to it. The online applications are accessed using emulation software's and programs which have no expiry to its passwords and id's. No standard guidelines regarding improvement or sustenance of security systems of the company. These problems were brought into attention by the external and internal auditors to the senior management (Walton, 2002).

Enterprise Information Security Policy Measures for CIC

Following are the overview of the policy statements which are adopted by CIC Insurance company for adapting themselves for EISP measures for systems security:

Information and data should be protected from illegal access

Privacy of Information shall be managed and ...