Think you don’t have anything of value to protect? Think again. The key asset that a security program helps to protect is your data — and the value of your business is in its data. You already know this if your company is one of many whose data management is dictated by governmental and other regulations — for example, how you manage customer credit card data. If your data management practices are not already covered by regulations (Trent, 2008).
With that said it is not realistic to say we can cover everything, but we can try our hardest to make sure things are covered and if a problem arises we can grab ahold of it and control it. We have to be mindful that our customers/vendors have valuable information that we can see. Our company needs to keep our information as well as our customers/vendors information secure. We can do this in multiple ways, one being having a set password policy. Having our employees change their passwords every 90 days and having to be at least twelve characters long using at least one capital and lower case letter special character and number, minimum life on one password fifteen days, and not using the same password within ten passwords. IE password being A2!gh%GhqJ this password cannot be changed until fifteen days after it was created; it cannot be repeated until after ten different passwords have been used. Another way to keep our customers/vendors information safe is restricting who can see the information. If a manager in accounting is trying to see something in shipping, then they are way outside of their realm. We can set up a system to manage who sees what. Security Policy Recommendations
Security Policy Analysis
A policy is typically a document that outlines specific requirements or rules that must be met. In the information/network security realm, policies are usually point-specific, covering a single area. For example, an "Acceptable Use" policy would cover the rules and regulations for appropriate use of the computing facilities. We can use a standard to protect our systems like our; networks, servers and everything else that we use. However, we need to take time to make requirements to for each item specifically to work at the best possible level.
A standard is typically a collection of system-specific or procedural-specific requirements that must be met by everyone. For example, you might have a standard that describes how to harden a Windows 8.1 workstation, like the tablet I am using, for placement on an external (DMZ) network. People must follow this standard exactly