Sunday, May 3, 2020

Significance of Company Email-Samples for Students- Myassignment

Question: Write a report on Significance of Company Email Security Policy to an Organization. Answer: Introduction Companies over the recent past have been faced with various misconducts in relation to management of company information and emails. This has resulted to the need and formulation of email security policy which assists an organization to safeguard information obtained and sent through email. A policy is a set of rules and requirements which are required by an organization to create a path to various or specific objective set with the organization. Security policies are therefore the means of security for a system within a given entity. Security policy addresses the constraints on various behaviours of a workforce in an organization (Kaldor and Rangelov 2014). Security policies are constraints which can be imposed on members behaviour and adversaries through application of various mechanisms such as locks, doors walls and keys. The main concern and security policy discussed within the content of this paper is email security policy as one of the many constraints that an organization can impose on adversaries existing within the organization. Email security policy addresses rules and constraints on functions and flow of rules and guidelines on access by various adversaries and systems including information received or sent through mails, important data and other material information by the workforce (Ifinedo 2014). Formulation and creation of an email security system requires specific guidelines and procedures in order to become a success within an organization. The content of this paper with keen analysis of other previous studies discusses various guidelines and a procedure on an email security policy. The content also discusses various recommendations on how a company should come up and facilitate an email security policy as discussed below. Literature Review According to various previous studies, organizations have been found suffering from various risks in relation to information security. Miss management of information and data in various institutions have been found to be one of the most challenging threats to various organizations. However, the challenge of mismanagement of information can be minimised or even eliminated with proper implementations of security policies such as email security policy. An email security policy is one of the most appropriate ways of monitoring and managing the use and access to information which can be reached by staff members within an organization. According to this study as well as other previous studies, it is important for any given company to have a working email security policy in order to cover various risks imposed by undue access by workforce via emails (Kaldor and Rangelov 2014). Over the recent past various organizations have been dismissing the concern about emails and this has caused severa l firms to undergo risks due email mismanagement. Organizations as revealed in various studies have overlooked threats which comes due to improper management of emails due to ignorance that emails are very easy to use and manage and most people are comfortable using mails. One of the recent articles, however, cited improper management of emails as one of the factors which caused Hilary Clinton her quest to become president of the United States (Herath and Rao 2009). According to this article, it has therefore been noticed by the current study the significance of an email security to an organization. Various companies as have suffered fraud, phishing scams as well as ending up with a clogged up system with endless information instruction the organization to reply to all messages (Ifinedo 2014). With implementation of a proper email security, such risks may be avoided. Email security policy should also be implemented by an organization as many of the firms currently using the policy have their employees equipped with adequate knowledg e on how to handle information inform of mail. The use of email policy according to various studies assists employees of an organization to understand the rules about use of an email (Safa et.al 2016). A working email security is also important to an organizations as it provides employees as well as managing staff with some advice on how reduce email overload, email etiquette as well as ensuring that all staff members use emails appropriately. Even though other studies indicate that various firms have over the recent past seen and felt the sense to be secure, many firms have not yet reached the required standards in relations to email security policy (Herath et.al 2014). Many firms have not yet come up with very specific and enforcement mechanism which are strong enough while implementing email security policies. Studies have revealed several organised methodologies and strategies of risk management that should be adopted by various organizations in order to ensure completeness of security policies and a sure that the set policies and guidelines in relation to emails are properly and appropriately enforced (Thomas 2014). According to the current study, various companies and firms currently implementing have some setbacks in formulation of email security policies. Email security policies just as other security policies should be developed in accordance with the staff member; it should have a justified scope and monitoring strategy. Complex systems of information require policies to be decomposed into various sub policies in order to facilitate appropriate allocation of the set security mechanisms for sub policies enforcement (Thomas 2014). Even though many firms are currently trying to properly utilise the system of decomposing the email policy, many firms and organizations with complex information security systems have witnessed pitfalls. Various security policies works very easy through a very simple and direct approach. The easy way of managing various security approaches is by going direct to the sub policies which are the most essential operational rules and dispense them with a top level policy formulated by the company understandable to every employee within the organization (Shao et.al 2016). Various studies as well as the current stud y have found that atop level security policy is significant and essential to every organization with a serious set of security schemes. It is evident from the study that any set requirements and rules of operation are as well as meaningless without the integration of a top level security policy. Formulation of any security policy requires basic understanding of an organization and firms should have a clear knowledge of their employees before coming up with a set of policies. Any security policy should have a well-defined purpose and proper briefing. Security policies work well when developed with a proper scope and policy elements should be well organised and started (Shao et.al 2016). According to various studies, various organizations whose policy element as well as scope is not clear have seen their policies fail. A security policy such as email security policy requires a proper monitoring channel and strategy in order to succeed. Methodology The methodology employed while developing email security policy is a complete well written methodology. The method used to develop email guidelines in this paper is a well written set of rules which are clearly understandable to all parties and will only require updates. Identifications of policies to be enforced The methodology used started by research on various key areas which are deemed by the company to be critical. Through the research various the first step resulted into development of polices that the organization is planning to enforce. Development of policies requires one to only develop a plan for policies the management are planning to enforce as others which the company is not planning to enforce are deemed as useless (Shao et.al 2016). After settling on the policy to enforce, the purpose of the policy is then well outlined. Purpose of the policy Policies to be utilised by the company should be well outlined to meet a specific objective (Siponen and Vance 2014). The surety for the need an email security policy and guidelines should be structured to meet the specific goal the policy is trying to accomplish. Development of guidelines which do not require frequent updates Email security guidelines should not be too strict as this may lead to frequent updates. The study after research identified various ways on how to arrive at policies which do not require frequent updates. The guidelines developed are not too rigid for the employees and are well selected in relation to the management demands (Bulgurcu, Cavusoglu and Benbasat 2010). After considering policy updates as another step of security guideline development, the guidelines were then differentiated from the standard recommendations which are the fourth step. Differentiation of policies guidelines from recommended guidelines After the third step above, policies were then separated from more detailed recommendations (Herath and Rao 2009). The selected guidelines are then made sure at this step to be comprehensive and thorough but not too specific and rigid from this step the guidelines are then made available to the employees and not within a vacuum. Arrangement of reinforcement team After ensuring that the guidelines are available to everyone within the working vicinity, a team that monitors and ensures that all members are adhering to the step guidelines are organised to enforce the policy. Stipulated disciplinary actions are then taken to ensure that no undue access is allowed in the company. Key recommendations Organizational emails are very essential tools of operation which should be well secure and protected from malpractices and undue access. These guidelines have therefor been developed in relation to the findings from the other studies which require that email policy guidelines should be created according to scope and proper understanding of an organization. Appropriate use of company email All company employees have the freedom to their company email for work related duties without any restriction and can use their company emails for the following purposes: Employees are allowed to use company email to communicate with various current and prospective partners and customers. All company employees are allowed to have passwords and log in to various company purchased software without any limitation. Without any limitations, company workers are allowed to give various personalities they meet at conferences and company events their email address. Guidelines for use of company mails for personal purposes Company employees are allowed to use company email for their personal use but only for limited reasons. Company employees are allowed to register for meetups and classes using the company email. Employees are allowed to communicate with family members using company email in condition that the communication do not spam or disclose confidential information concerning the company. All employees are allowed to search and download various e-books, guiding contents as well as other contents for their personal use as long as the process is safe and secured. Email security guidelines For the company email to be secure from various often threats such as medium hacks, breaches of confidentiality, viruses as well as other malwares, employees are required to: Choose strong passwords for logins with more than eight characters with combined lower and upper cases. They are not allowed to use personal information for passwords. Employees are required to remember their passwords instead of writing them down as this may lead to undue access imposing threat to the system. The company also require employees to remember their passwords after a period of two months. Employees are required to remain vigilant and avoid opening attachments and contents which are not adequately explained. They should not open or check bit titles and catch emails that may carry phishing attempts. Employees are required to keep their anti-malware programmes updated for security purposes. Disciplinary actions All employees are required to adhere to the stipulated guidelines in relation to company email usage. The email security guideline developed should be respected and upheld by the employees. Employees who do not adhere to the present policy will be faced with a properly outlined disciplinary action and termination. Any employee of the company found using a corporate email address to send information or data which is not confidential without authorization would be terminated. Sending of an offensive email to customers and partners by an employee of the company will lead to termination of the employee from the company. An employee should also be terminated if found using company email for any illegal activity. Conclusions The significance of an email security policy as discussed above is quite evident to any organization. Through the discussion above, a well working email policy have been created in accordance with the requirements. A security policy such as email security policy is quite significant to an organization. With proper development of security guidelines and polices firms and organizations are able to evade risks which may occur as a result of ignorance and undue access to information and data. It is therefore recommended for nay organization dealing with emails to adopt and implement a well organised email security policy. References Kaldor, M. and Rangelov, I. eds., 2014. The handbook of global security policy. John Wiley Sons. Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information Management, 51(1), pp.69-79. Thomas, R.G., 2014. Indian Security Policy: Foreword by Joseph S. Nye. Princeton University Press. Shao, Y., Chen, Q.A., Mao, Z.M., Ott, J. and Qian, Z., 2016, February. Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. In NDSS. Bulgurcu, B., Cavusoglu, H. and Benbasat, I., 2010. Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), pp.523-548. Herath, T. and Rao, H.R., 2009. Protection motivation and deterrence: a framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), pp.106-125. Herath, T., Chen, R., Wang, J., Banjara, K., Wilbur, J. and Rao, H.R., 2014. Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service. Information systems journal, 24(1), pp.61-84. Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations. computers security, 56, pp.70-82. Siponen, M. and Vance, A., 2014. Guidelines for improving the contextual relevance of field surveys: the case of information security policy violations. European Journal of Information Systems, 23(3), pp.289-305.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.