Research Paper Example: Organizational Security Policy

The BlueCross BlueShield Company needs a policy in place that will ensure that there is a high level of security of the information. To achieve this, the company has to ensure that its sites are accessed by authorized personnel who are trained and are competent to use the system in place. Therefore, the company needs to have some policies in place to ensure such actions are followed through.

The employees who are authorized to access the sites that companys information are stored or processed should undergo extensive security and compliance training on a regular basis (Bayuk, 2009). In their training, the employees will undertake regulatory and compliance lessons that will inform them of the existing and new regulations in the organization. Furthermore, the companys employees will be required to learn the security and procedural policies that are in place to safeguard the clients private information. Subsequently, the employees will undertake assessments that will test the knowledge learned and will have to pass in order to be allowed to use the sites. In addition to the training undertaken, the employees should learn the companys compliance and business norms so as to reduce the overall risks to the company.

When it comes to the handling of the clients information, the personnel should verify the customers identity through sets of questions that are related to the customers data or activities in the customers account. The customers personal information such as passwords should not be accessible to the companys employees.

On the clients side, they will be required to pass through intensive verification process when using the online services. They will be required to have one-time authentication system to confirm their identities. Moreover, the clients who are found to be engaging in irregularities shall be suspended at the sole discretion of the company.

Compliance

The policies that have been established by the company are aimed to protect the company, the employees and the clients privacy rights against any security risks. The policies are in line with the current cyber laws and regulations and are bound to safeguard the company from possible security threats.

The employees are therefore expected to adhere to the policies, and any violation shall be subjected to the applicable laws. The requirements such training that is stipulated by the policy should be undertaken, and failure to do so may result to reprimand or termination.

Risks and Vulnerabilities

The company shall grant access to internal users as per the job specification only. This will reduce the risks that are associated with granting users access to restricted information. The companys, employees and clients data shall only be accessed by the personnel whose clearance statuses permits them. Such action shall safeguard the information data from being compromised.

The company shall limit the external connections so as to reduce the chances of outside attacks. This will enable the connections that are necessary for the companys sites to be monitored closely for any suspicious activities. By reducing the number of external connection points, it will be easier to detect potential security threats and malicious intents that may compromise the companys data and information.

The company shall train its personnel on the overall rules and regulations that govern them. This will enable the employees to have the knowledge and information to spot violation and prevent damages hence reducing risks to the company (Information Security Policy Templates. n.d.). Experienced employees should supervise the junior personnel since they are able to quickly spot malicious activities.

Security Policy Sections

Privacy

The company retains the right to have access all the equipment used by employees in the company in case there is viable suspicion on any activity that poses as security to the company. The companys resources that are allocated to the employees shall remain to be the property of the company and will be subject to usage regulations that have been established by the company. Therefore, it is vital for the employees to comprehend that they shall not enjoy their right to privacy while working.

Social Media

The companys management limits the access to some social media sites that require intensive bandwidth. The Company will grant access to personnel on a need basis that will be determined by their role in the Company.

Email Usage

The companys employees shall be required to conduct all the business communication or any transactions using the corporate emails issued by the company. Personal emails are restricted due to the security challenges they pose.

The companys email addresses are subjected to use as per the companys terms and code of business conduct. The violation of such shall result in disciplinary actions and some instances termination.

Internet Usage

The company shall restrict the employees from accessing sites that are not deemed to be work-related. The internet access and usage shall be closely monitored, and the employee(s) found to violate the policy shall be reprimanded. Routine use of sites that may pose a security issue to the company may lead to termination.

References

Bayuk, J. (2009, July 16). How to Write an Information Security Policy. Retrieved October 04, 2017, from http://www.csoonline.com/article/2124114/strategic-planning-erm/how-to-write-an-information-security-policy.html

Information Security Policy Templates. (n.d.). Retrieved October 04, 2017, from https://www.sans.org/security-resources/policies