Information Assurance Policy- MAC Technologies
|Topics:||Artificial Intelligence, Cyber Security, Innovation|
Table of Contents
Information Assurance Policy
The nature of business of MAC technologies makes information an important asset to the organization. The collection and processing of information, including handling of third party data within our system, place significant responsibility on the organization. Essentially, MAC technologies depend on the integrity and availability of necessary customer information to offer its services. The case implies that ensuring effective control of data within our custody and its security is fundamental to our business. Also, as part of the development process, which has been observed to take a multifaceted approach and to require the use of data, it is necessary to ensure accessibility and security of data (Lakshmi & Mallika, 2017, p. 2133). There is an overwhelming consensus that places emphasis on not only having an information assurance policy, but ensuring that the policy is easily achievable (Ezingeard, McFadzean, & Birchall, 2005).
While MAC Technologies will strive to ensure its system design provides a secure information environment, there has been much concern on the human aspects. For instance, Safa, VonSolms, and Furnell (2016) indicate that technology alone cannot guarantee a secure environment (p.71). It is with such design and operation limitations that this policy is conceived. As such, this policy aims to approach information assurance from a collective perspective as MAC Technologies. The policy recognizes the need for a team effort that places responsibility on all employees.
The formulation if this policy understands that, while the IA policy is critical to the organization, it may result in bottlenecks, or hindrance to smooth flow of information across the organization. Primarily, this policy applies to any persons directly or indirectly in contact with company information. Based on the nature of the company which requires it to work with third parties closely, and customers, the following groups are expressly mentioned; Company employees, third parties, and company service providers.
The following policies will apply to persons either directly or indirectly using MAC technologies organizational information assets and will be based on existing information protection standards. The standards will be updated on a continuous basis to consider new developments in the industry. Some of the standards are provided in the Related standard section of this policy.
- All employees of MAC technologies with access to MAC Technologies information assets must ensure that such data is protected through through legal and data protection standards.
- Any user dully authorized to use or access information has the responsibility to report, upon noticing promptly, or any misuse, loss or unauthorized use of protected company information as defined in this policy. This policy extends data protection responsibility to any individual in MAC Technologies to actively participate in protecting the firm from events that may lead to information security breach.
- Employees are permitted to collect, use or share company information as long as it is duly authorized in this policy or by management to fulfill their daily job activities.
- Employees are responsible for the data they collect, use, or distribute in their capacity as MAC Technologies employees. They are therefore required to exercise a reasonable duty of care to ensure its safety
- Employees are acting in their own individual capacity in public spaces, including in social media sites, should ensure clarity is made that they are not acting as MAC Technologies employees.
- MAC Technologies will have unfettered access to its information assets assigned to any employee for the purposes of auditing and compliance monitoring.
This policy aims to improve MAC Technologies information security behavior. As observed by McFadzean & Birchall (2011), this policy attempt to avoid, rather than fix information security problem. It is also based on the understanding that information security breaches are not only costly but may affect the continuity of the MAC Technologies (Safa, VonSolms, & Furnell, 2016, p. 71). As such, this policy should be viewed as a set of rules and guidelines (Yazdanmehr & Wang, 2016, p. 36) that are aimed to influence employee information security behavior by creating awareness of the potential consequences and ascription of personal responsibility (p.44).
MAC Technologies will use the policy guidelines as a measurement tool to assess compliance on a regular basis. The tools may include reports, observations, and feedback from auditors or any other person or party.
Any MAC Technologies personnel found in breach this policy will be subject to necessary disciplinary actions. In case of any exceptions from the requirements of this policy, the affected persons must obtain approval from MAC Technologies ICT department.
This policy shall be read together with other subject-specific policies including:
- Public engagement policy
- Information access policy
- Ezingeard, J., McFadzean, E., & Birchall, D. (2005). A Model of Information Assurance Benefits . Information Systems Management, 22(2), 20-29.
- Lakshmi, D. R., & Mallika, S. S. (2017). A Review on Web Application Testing and its Current Research Directions. International Journal of Electrical and Computer Engineering (IJECE), 7(4), 2132-2141.
- McFadzean, E. E., & Birchall, D. (2011). Information Assurance and Corporate Strategy: A Delphi Study of Choices, Challenges, and Developments for the Future. Information Systems Management,, 28(2), 102-129.
- Safa, N. S., VonSolms, R., & Furnell, S. (2016). Information security policy compliance. Computers & Security, 56, 70-82.
- Yazdanmehr, A., & Wang, J. (2016). Employees’ information security policy compliance: A norm. Decision Support Systems, 92, 36-46.