Documente Academic
Documente Profesional
Documente Cultură
Assignment
On
Information Security Policy
Adopted for
MORPHOSIS Media
Advertisement Agency
Submitted by,
Gopi Krishnan S,
1st year M.Tech/CSE/IS
Information Security Policies for Advertisement Agency
MORPHOSIS Media
1 Organization’s Profile
1.1 Organization
This was organized in such a way they can easily control the people under
them. Here we have two levels of Administration or management, and multiple
hierarchy level of employers. They are commonly having a communication channel to
Industrial Standardization team and all the employers are enabled to communicate
thru IT infrastructure. The sample block of organization is shown in figure 1.1
Before defining the policy let’s analyse the threats of various ways of the
organizations. In our organization we have an IT infrastructure which is connected
public network makes us more vulnerable for the data theft. Also we can not trust all
the employees in our organization. We need to analyse the threats as a preliminary
step for deploying a policy.
2.1.1 Competitors
As far we know that the world is so competitive. A loss of focus for a minute
can cause losses that need several years to compromise. We have several competitors
such as Square Squared Advertisement, Modern Girls Advertisement, Blue Metal
Advertisement, and etc.
2.1.2 X-Employee
If a X-Employee intent to attack their for various reason such as politics, un-
appreciated work, termination without legal reason, etc,. Perhaps lot and lot of reasons
are there.
Generally they are the students who are practicing their hacking skills, may
use their skill set on our organization’s sensitive data for the purpose of testing their
skills or just for fun.
Some people make the following mistakes without having any intention to
make threat to our organization.
• Destruct the sensitive data
• Carry sensitive data out of organization without proper physical security
• Access the unauthorized information
But it may cause threat without their knowledge. These people may not have proper
skill in using computers or how to behave in a corporate environment, etc. They do
mistakes unknowingly. This possibly creates a problem for our organization.
Other than this we cannot able to guess other threats apart from this. Possibly
they will attack us in feature. Discovery of new threats require some experience.
After the discovery of new threats we can able to improve our security policy.
3 Possible ways for preventing the treats
Hence the client will analyze the standards of an organization before assigning
a new job. Also these are required to run our organization smooth without any
problem.
Each new problem will help to create a new policy. This process of updating
policies will make the standardization one day.
5.2 Responsibilities
The Industrial Standardization Team has high responsibility. Thus the QMS
(Quality Management System) and IS (Industrial Safety) Engineers are the main
responsible for any problem that occurs in an organization. In all meetings these
Engineers are treated as highly prioritized persons.
Hence they should analyze the new tasks and analyse whether the existing
policy is enough or require more policy. They should update the policies for each
process whenever they are required.