There are many policies that are needed to ensure the protection of the company and customer data involved in the Frequent Shopper Program. Items to identify are the policies related to the use and handling of data that help in determining defensive measures and procedures that will be used by the company. These policies include users, IT, and general policies of the company. User Policies- should define what users are allowed to do with the network and data as well as defining the security settings that will affect users. These policies include password policies, proprietary information use, internet usage, system use, virtual private networks and remote user system usage, and acceptable use of hardware and software as well as Email and IM policies. Employee management and training procedures belong in this category. IT Policies- these policies should define the policies that the IT department uses to manage and govern the network for security. These policies also include general policies for the IT department. Policies include firewall policies, virus incident policy, security incident policy, client update, backup policy, data recovery policy, policies for configuration, patch updating, modification policies, router and switch policies, VPN policies, and wireless policies. General policies-should define who is responsible for the policies, as well as business continuity planning, backup and recovery policies. These include crisis management and disaster recovery.
3
In addition, there must be policies set for the classification of data. There are three general classifications of data; high risk, confidential and public. General classification data that is protected by legal governing bodies will fall into this category, as well as, payroll and human resources data will fall into this classification. Confidential classification data that is not protected by legal governing bodies, but should be protected from non-authorized disclosure will fall into this classification. Public classification data that free to be shared with the public will fall into this classification.
Using these steps Learning Team D is certain KFF will be able to put in place strong security policies that will ensure all business users and IT will understand how to understand how data is stored digitally within the organization.
4
References: http://www.comptechdoc.org/independent/security/recommendations/secpolgen.html Kostadinov, D. (2012). Key Elements of an Information Security Policy. Retrieved from http://resources.infosecinstitute.com/key-elements-information-security-policy/
Analysis of Brand Activation and Digital Media On The Existence of Local Product Based On Korean Fashion (Case Study On Online Clothing Byeol - Thebrand)