Cyber Security Policy

Cyberspace is a complex environment consisting of interactions between people, software, and services, supported by the worldwide distribution of information and communication technology (ICT) devices and networks.

Insider threats affect more than 34% of organizations worldwide each year because of this, cybersecurity needs to be a top priority and concern for all employees within a company, not just the senior management and IT staff. Employees are frequently the weakest point in a company’s security strategy because they unintentionally click on malicious links and attachments, share passwords, and fail to encrypt sensitive files. A cybersecurity policy that details each employee’s obligations for safeguarding the organization’s systems and data is a useful tool for educating staff members about the significance of security.

Cybersecurity plays a crucial role within the field of the digital world. Securing information and data became one of the most important challenges in the present day. Whenever we expect cybersecurity the primary thing that involves our mind is cyber crimes which are increasing immensely day by day. Various Governments and Organizations are taking many measures to stop these cybercrimes. Besides various measures, cybersecurity remains a massive concern to several.

The Top Three Cybersecurity Trends

• Ransomware
• Cyber attack Surface (IoT supply chain and Remote work systems)
• Threats to IT infrastructure

 

In the extensive growth of the IT sector in different countries, ambitious plans for rapid social transformation and inclusive growth, and providing the right kind of focus for creating a secure computing environment and adequate trust and confidence in electronic transactions, software, services, devices, and networks, has become one of the compelling priorities for all.

Cyberspace is vulnerable to a wide variety of incidents, whether intentional or accidental, manmade or natural, and the data exchanged in cyberspace can be exploited for nefarious purposes. The protection of information cyberspace and preservation of the confidentiality, integrity, and availability of information in cyberspace is the essence of secure cyberspace.

Fig:2 Cybersecurity Cycle

Cybersecurity Policies

1. Acceptable Use of Data Systems Policy

The purpose of this policy is to stipulate the suitable use of computer devices at the corporate/company. These rules protect the authorized user and therefore the company also. Inappropriate use exposes the corporate to risks including virus attacks, compromise of network systems and services, and legal issues.

2. Account Management Policy

The purpose of this policy is to determine a typical for the creation, administration, use, and removal of accounts that facilitate access to information and technology resources at the corporate.

3. Anti-Virus

This policy was established to assist prevent attacks on corporate computers, networks, and technology systems from malware and other malicious code. This policy is meant to assist prevent damage to user applications, data, files, and hardware. Antivirus software is a computer program that detects, prevents, and takes action to disarm or remove malicious software programs, such as viruses and worms. Most antivirus programs include an auto-update feature that enables the program to download profiles of new viruses so that it can check for new viruses as soon as they are discovered. Anti-virus software is a must and a basic necessity for every system.

4. E-Commerce Policy

The frequency of cyber-attacks has been high in recent years. E-commerce security refers to the measures taken to secure businesses and their customers against cyber threats. This e-commerce policy is to be used as both a suggestion and a summary within the management of the E-Commerce electronic services.

5. E-Mail Policy

Email security may be a term for describing different procedures and techniques for shielding email accounts, content, and communication against unauthorized access, loss, or compromise. Email is usually wont to spread malware, spam, and phishing attacks. Attackers use deceptive messages to entice recipients to spare sensitive information, open attachments, or click on hyperlinks that install malware on the victim’s device. Email is additionally a standard entry point for attackers looking to realize an edge in an enterprise network and acquire valuable company data. Email encryption involves encrypting, or disguising, the content of email messages to guard potentially sensitive information against being read by anyone aside from intended recipients. Email encryption often includes authentication. The purpose of this policy is to determine rules for the utilization of corporate email for sending, receiving, or storing electronic messages.

6. Hardware And Electronic Media Disposal Policy

The company-owned surplus hardware, obsolete machines, and any equipment beyond reasonable repair or reuse, including media, are covered by this policy. This policy will establish and define standards, procedures, and restrictions for the disposition of non-leased IT equipment and media in a legal, cost-effective manner.

7. Security Incident Management Policy

This policy defines the need for reporting and responding to incidents associated with the company’s information systems and operations. Incident response provides the corporate with the potential to spot when a security incident occurs.

8. Information Technology Purchasing Policy

The reason for this strategy is to characterize norms, methods, and limitations for the acquisition of all IT equipment, programming, PC-related parts, and specialized administrations bought with organization reserves. Acquisition of innovation and specialized administrations for the organization should be supported and facilitated through the IT Department.

9. Web Policy

The reason for this policy is to set up guidelines for the utilization of the organization’s Internet for access to the Internet or the Intranet.

10. Log Management Policy

Log management is often of great benefit during a sort of scenario, with proper management, to reinforce security, system performance, resource management, and regulatory compliance.

11. Network Security And VPN Acceptable Use Policy

The purpose of this policy is to define standards for connecting to the company’s network from any host. These standards are designed to attenuate the potential exposure to the corporate from damages, which can result from unauthorized use of the company’s resources. Damages include the loss of sensitive or company confidential data, property, damage to critical company internal systems, etc.

12. Password Policy

The concept of usernames and passwords has been a fundamental way of protecting our information. This may be one of the first measures regarding cybersecurity. The purpose of this policy is to determine a typical for the creation of strong passwords, the protection of these passwords, and therefore the frequency of changing passwords must be followed.

13. Patch Management Policy

Security vulnerabilities are inherent in computing systems and applications. These flaws allow the event and propagation of malicious software, which may disrupt normal business operations, additionally placing the corporate in danger. To effectively mitigate this risk, software “patches” are made available to get rid of a given security vulnerability.

14. Cloud Computing Adoption

The purpose of this policy is to make sure that the corporate can potentially make appropriate cloud adoption decisions and at an equivalent time doesn’t use, or allow the utilization of, inappropriate cloud service practices. Acceptable and unacceptable cloud adoption examples are listed during this policy.

15. Server Security Policy

The purpose of this policy is to define standards and restrictions for the bottom configuration of internal server equipment owned and/or operated by or on the company’s internal network(s) or related technology resources via any channel.

16. Social Media Acceptable Use Policy

The use of external social media within organizations for business purposes is increasing. The corporate faces exposure to a particular amount of data that will be visible to friends of friends from social media. While this exposure may be a key mechanism driving value, it also can create an inappropriate conduit for information to pass between personal and business contacts. Tools to determine barriers between personal and personal networks and tools to centrally manage accounts are only starting to emerge. Involvement by the IT Department in security, privacy, and bandwidth concerns is of maximal importance.

17. Systems Monitoring And Auditing Policy

System monitoring and auditing are employed to work out if inappropriate actions have occurred within a data system. System monitoring is employed to seem for these actions in real-time while system auditing looks for them after the very fact.

18. Vulnerability Assessment

The purpose of this policy is to determine standards for periodic vulnerability assessments. This policy reflects the company’s commitment to spot and implementing security controls, which can keep risks to data system resources at reasonable and appropriate levels.

19. Website Operation Policy

The purpose of this policy is to determine guidelines with reference to communication and updates of the company’s public-facing website. Protecting the knowledge on and within the corporate website, with equivalent safety and confidentiality standards utilized within the transaction of all the corporate business, is significant to the company’s success.

20. Workstation Configuration Security Policy

The purpose of this policy is to reinforce security and quality operating status for workstations utilized at the corporate. IT resources are to utilize these guidelines when deploying all new workstation equipment. Workstation users are expected to take care of these guidelines and to figure collaboratively with IT resources to take care of the rules that are deployed.

21. Server Virtualization

The purpose of this policy is to determine server virtualization requirements that outline the acquisition, use, and management of server virtualization technologies. This policy provides controls that make sure that Enterprise issues are considered, alongside business objectives, when making server virtualization-related decisions. Platform Architecture policies, standards, and guidelines are going to be wont to acquire, design, implement and manage all server virtualization technologies.

22. Wireless Connectivity Policy

The purpose of this policy is to secure and protect the knowledge assets owned by the corporate and to determine awareness and safe practices for connecting to free and unsecured Wi-Fi, which can be provided by the corporate. The corporate provides computer devices, networks, and other electronic information systems for goals and initiatives. The corporate grants access to those resources as a privilege and must manage them responsibly to take care of the confidentiality, integrity, and availability of all information assets.

23. Telecommuting Policy

For the needs of this policy, a reference is formed to the defined telecommuting employee who regularly performs their work from an office that’s not within a corporate building or suite. Casual telework by employees or remote work by non-employees isn’t included herein. That specializes in the IT equipment typically provided to a telecommuter, this policy addresses the telecommuting work arrangement and therefore the responsibility for the equipment provided by the corporate.

24. Firewall

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. All messages entering or leaving the Internet pass through the firewall present, which examines each message and blocks those that do not meet the specified security criteria. Hence, firewalls play an important role in detecting malware.

25. Malware scanner

This is software that sometimes scans all the files and documents present within the system for malicious code or harmful viruses. Viruses, worms, and Trojan horses are samples of malicious software that are often grouped together and mentioned as malware.