A Web security policy can save you money and embarrassment
Posted Thursday, September 3 2009 at 00:00
First, there is need to tighten the Web applications and get rid of holes in the software design. Seek professional assistance on this.
Also, the single most important step that an organisation can take to increase its site’s security is to create a written security policy.
The security policy should lay out the organisation’s policies with regard to who uses the system, when they are allowed to use it, what they are allowed to do, procedures for granting access to the system, system monitoring procedures and protocols for responding to suspected security breaches.
This policy needs not to be anything fancy. What is important is it must be an explicit summary of how the information system works, reflecting your organisation’s technological realities.
There are several benefits to having a written security policy. First, the organisation will understand what is and is not permitted on the system.
If you don’t have a clear picture of what is permitted, you can never be sure when a violation has occurred.
It will also guide people within the organisation to understand what the security policy is.
The written policy raises the level of security consciousness, and provides a focal point for discussion.
The policy may also help build a good legal case should the organisation ever need to prosecute for a security violation.
Hare is a director at African eDevelopment Resource Centre.