Information Security Policies - A review on the challenges, effectiveness and successful usage

Abstract

We live in a society in which all implemented technologies are changing our lives forever and every sphere in the society is going through transitions. One of these spheres is the Information Technology (IT).We are overwhelmed with IT gadgets and applications in our every- day lives. We are used to absorbing the necessary information as easily as possible and the devices like desktops, laptops, mobile smartphones, tablets, etc. are our information resources. These recourses provide us with the necessities of knowledge and learning, and that is why they play a vital role in the modern society. However, most of these devices are commercial. This means when they are bought, they come with pre-de ned settings which, amongst other things, include Information Security. Each device comes with a mediocre level of protection and security for our sensitive data. This is the reason why we need to be careful when we pick our device's manufacturer, along with its service provider. We need to ask ourselves: What kind of data protection does this manufacturer o er? Can this service provider be compatible with the device's capabilities? To answer these questions, we need to be careful in choosing our device, service provider, and the way we handle sensitive data. Handling sensi- tive data is always left for the Information Security O cer, who creates the Information Security Policy. The proper Information Security Policy is very important for a person who is careful with his data. Most of the Information Security Policies cover the standard protocols and proce- dures, but if we analyze deeper, we will nd that there are weaknesses and failures that may cost a lot if Information Security Policies are not chosen properly. Picking a strong Information Security Policy is vital when we are willing to secure our data. The Information Security Policy is supposed to provide us and our organization a proper set of rules, which, if we respect and obey, we will get bene ts of it. This means that, as much as we follow protocols and procedures, which are well-de ned, structured, and capable of data protection, we will be safe. This paper is focused on the question how to comprehend Information Security Policies and what they are supposed to bring to us and our organization. It is an overview of Information Security Policy challenges, e ectiveness, and consequences of its non-adequate usage.