Security policies and implementation issues
Software Engineering
Reply to this article.
Automated enforcement means that security policies are managed by a server, system, or software. There is less room for human error, and these systems can multitask and monitor every asset on the network. Automated enforcement is great for large organizations or ones that use enterprise networking. Manual policy enforcement is a mix of human and automated, but it relies more on the human enforcement than from the automated, basically it’s waiting for the human to press the big red button to initiate. Manual is good if you have a small business with a small amount of computers.
When it comes to liability of risks, threats, and vulnerabilities, executive management is accountable for controlling risks. The organization bears most of the liability since they utilize, store, and transmit the data. Users can still be held liable if there is a violation or unlawful use of data which can cause them to be terminated, charged, and prosecuted for their actions. In the end, it is the organization’s responsibility to protect its data, enforce security procedures, and to educate its employees to prevent loss, theft, or misuse.
Information systems security organizations or officers (ISSO) enforces security policies that the program level, while the front-line supervisors enforce it at an employee level.
Proverbs 27:23 says, “Know well the condition of your flocks, and give attention to your herds.” Organizations should make sure its employees are fully trained and aware of threats and risks. If they are not, they should make the effort to properly train them in order to protect its information systems and data. Johnson, R. (2015). Security policies and implementation issues. Burlington, MA: Jones & Bartlett Learning.
