Internet security policy

Introduction Since its inception, the Internet has experienced threats in its underlying communications network and nodes, protocols, network administration as well as host systems.Advertising We will write a custom essay sample on Internet security policy specifically for you for only $16.05 $11/page Learn More These threats have repeatedly been located in the security mechanisms of the hosts (Doddrell, 1995, Highland, 1996), examples being the capacity to obtain unauthorized private access, and the aptitude to gain unauthorized access to passwords. Furthermore, the commercial usage of the Internet has introduced new threats, such as the interception of data in transit by competitors or criminals. Hackers, competitors, disgruntled employees and ex-employees have been exploiting Internet threats (Doddrell, 1995), forcing banks to recognize the changed nature of the Internet environment from uncompetitive and trustworthy to competitive and hostile. There is also increasing fear within the banking sectors over threats emanating from their own, trusted employees. In other words, banks and other organizations are not only exposed to Internet threats from outside their boundaries, but also represent threats to other internet users. This rather new Internet security problem for organizations demands solutions in the form of different security policies, procedures and mechanisms. This paper will discuss acquired expertise, judgment and maturity on the subject of cyber/information security, as well as Internet security policy and associated procedures which convey security guidance and rules to an organization and its employees. Organization’s policy on the use of corporate digital resources The networking of distributed data and documents requires the interoperability of systems and services, which in turn require standards. In the development of an Internet security policy for a bank, it is essential that the risks to the organiza tion arising from the Internet connection be addressed. This requires the detection of pertinent risks, followed by a prioritization of the risks by the use of a risk assessment (Gollmann, 1999). Banks need to implement holistic perspectives in any solution to information security (Hartmann, 1995; Hitchings, 1995; Lichtenstein, 1996; Yngstrom, 1995), and for this reason, their Internet security policies should include administrative, human and technical Internet security considerations.Advertising Looking for essay on it? Let's see if we can help you! Get your first paper with 15% OFF Learn More Though, organizations have largely disregarded the need for Internet security policy. This may be partly because of the limited guidance which has been available for the development and definition of such policy. In line with this, the framework for an organization’s Internet security policy must considers the Internet risks experienced by the organization, and features a holistic approach to development. Use of the framework will allow the production of well-structured, comprehensive and effective Internet security policies for the organizations (Engestrom, 2000). Internet Security Policies Various Internet security policies for banks exist; for example, the NASA Internet Acceptable Usage Policy (NASA, 1996). Though, current bank policies appear to be acceptable usage policies, or information protection policies, the following six sub policies form part of an organization’s Internet security policy: Enterprise Internet acceptable usage policy Employee Internet acceptable usage policy Internet information protection policy Internet information publication policy Internet information access policy Internet employee privacy protection policy Each of these is summarized below: Enterprise Internet acceptable usage policy: This policy should contain guidelines for the organization indicating acceptable and unacceptable uses of their Internet co nnection Employee Internet acceptable usage policy: This policy should contain the security responsibilities for individual employees, and the acceptable and unacceptable purposes for which the employees may use the organization’s Internet connection. Internet information protection policy: This policy should contain guidelines for the protection of the organization’s information resources from risks emanating from other Internet participants.Advertising We will write a custom essay sample on Internet security policy specifically for you for only $16.05 $11/page Learn More Internet information publication policy: This policy should contain guidelines for the division, allocation, electronic publication, and dissemination of information via the Internet. Internet information access policy: This policy should contain guidelines for allowing and disallowing access to an organization’s information resources via the Internet. Internet em ployee privacy protection policy: This policy should contain guidelines for providing an organization’s employees with privacy protection from other Internet participants. Conclusion Standards and practices for interoperability of digital information in the banking sector must incorporate the means to authenticate senders, receivers, sources, data, and documents, and to determine copyright and access permissions (Baskerville, 1988). Finding ways to address these requirements while facilitating open access to information ease of use, and adaptation to local practices is among the grander challenges of constructing an information infrastructure (Agree, 2003). With the implementation of empirical data indicating current and planned activity in Internet security policy within organizations, it is obvious that success can be achieved. Reference List Agree, P. E. (2003). Information and institutional change: The case of digital libraries. Cambridge, MA: MIT Press. Baskerville, R. ( 1988). Designing Information Systems Security. Hoboken, New Jersey: John Wiley Sons.Advertising Looking for essay on it? Let's see if we can help you! Get your first paper with 15% OFF Learn More Doddrell, G. R. (1995). â€Å"Information security and the Internet†. Information Management Computer Security, 3(4), 15-19. doi: 10.1108/09685229510123629 Engestrom, Y. (2000). Activity theory as a framework for analyzing and redesigning work. Ergonomics, 43(7), 960-974. Retrieved from http://www.ncbi.nlm.nih.gov/pubmed/10929830 Gollmann, D. (1999). Computer Security. Hoboken, New Jersey: John Wiley and Sons. Hartmann, A. (1995). Comprehensive information technology security: A new approach to respond ethical and social issues surrounding information security in the 21st Century. Eleventh International Conference on Information Security, 13(2), 100-220. Retrieved from http://www.wwic2013.org/ Highland, H. J. (1996). Random bits bytes bytes. Computers Security 16(1), 4-13. Retrieved from http://www.informatik.uni-trier.de/~ley/pers/hd/h/Highland:Harold_Joseph.html Hitchings, J. (1995). Achieving an integrated design: The way forward for information security. Eleventh Inte rnational Conference on Information Security, 13(2), 100-220. Retrieved from http://www.wwic2013.org/ Lichtenstein, S. (1996). Information security principles: a holistic view. Melbourne, Australia: Monash University Press. NASA. (1996). NASA Internet acceptable usage policy. Technical report, 14(8), 220. Retrieved from http://tmf-web.jpl.nasa.gov/Ops/TMF%20Network%20Security%20Procedure.htm OECD. (1992). Guidelines for the security of Information systems. OECD/GD, 190(92), 166. Retrieved from http://www.oecd.org/internet/ieconomy/oecdguidelinesforthesecurityofinformationsystems1992.htm Yngstrom, L. (1996). A Systemic-Holistic Approach to Academic Programmes in IT Security. Eleventh International Conference on Information Security, 13(2), 220. Retrieved from http://citeseerx.ist.psu.edu/index This essay on Internet security policy was written and submitted by user Lina L. to help you with your own studies. You are free to use it for research and reference purposes in order to write your own paper; however, you must cite it accordingly. You can donate your paper here.