Data security in an organization is very important for the business to safe guard the privacy, confidentiality and integrity of data. A security policy should aim at eliminating intrusion by unauthorized people in the organization (Andress, 2001). The main aim of data security is to ensure that information is protected to eliminate any interruptions. An application security policy is a guideline that comprises of measures that are deemed important to ensure that data is protected from security related risks. The application security of an organization is designed to enhance web application security and provide the latest security updates which may interfere with the operations of the website. An application security policy looks at the various elements that are involved to ensure that data is protected to eliminate instances of Denial of Service (DOS).
This work looks at three areas of data security used by Saab Automobile Company. The organization has data security system that is centered on the below listed areas:-
Detection: On this aspect of security, the company has established proper methods used in detecting intrusion or any form interference with data. The organization has a security alert system on its network and in the website to detect interruptions
Deterrence and prevention: these entail some of the measures that are used to inhibit the entry of any security related threats and emanate within the network system. Deterrence and prevention helps to avoid interruptions caused by viruses.
Recovery and correction methods: These are strategies employed to prevent data loss, the company has put in place good methods of data recovery to avoid data that may cause inefficiencies to the business
This study therefore looks at an application policy used by Saab Automobile Company which is an international company with its head quarters in Sweden. The design and implementation of the above mentioned application policy must embrace the principles of security and access to the data. The implementation process adopted by the organization embraces the need to include cross-functional members of the organization and what how they are expected to contribute in the implementation process. The process is guided by a well defined strategy that is cost effective and ensures efficient operations within the organization. The company has a policy implementation committee that ensures that design policy adopted conforms to data security standards in the automobile industry and has to meet the audit conditions that govern the industry. The implementation process also sticks to the expected practices and fosters employee education and awareness on the security system.
The three major security issues that one could face when: designing and implementing, a network security system are compliance issues to ensure that members of the organization can stick to the requirements of the policy to ensure efficiency within the organization. Compliance may achieved by setting an auditing team within the organization.
Enforcement policy issues to ensure that employees and organization are ready to adopt the security policies enforcement can be enhance by ensuring employee acceptance of the policy.
The other issue that is faced when designing and implement a security policy issue is the relevancy of the policy to the organization to ensure that policy adopted suits the organizations problems (Anderson & Kenneth, 2002).
Password policy: This application policy is used by the company to ensure that there is password to prevent unauthorized access to the data. The password policy adopted by Saab provides proper guide line on how passwords are used within the organization to access the network and provides proper guide lines of how guests can access the data if need arises. The passwords are protected and are revised from time to time to ensure that they are not unanimously known by people in the organization
Data encryption policy: The data encryption policy adopted by the company provides proper guide line of how data packets are converted through cryptanalysis to ensure that they are transmitted in a secure form whereby unauthorized parties cannot read it. The organization operates in an automobile industry where data hacking can make it loose its prototypes to the rival firms in the very industry. Encryption policy provides proper ways of data conversion into forms that are deemed secure for the benefit of ensuring security and confidentiality. Data encryption policy ensures the data sent by an individual can only be accessed and be read by the targeted recipient.
Virtual private network security policy: This is the application policy that is meant to safe guard the virtual private network to ensure that the network is connected to secure sources that are free from security risk factors. The company monitors its connection to the internet and ensures that no intrusion emanate from the external environment. It also ensures that information that shared within the organization does not get out through the external routers that provide connection to the external network system. The policy ensures that the network has good access guide lines to control intrusion.
Anderson, J. G. & Kenneth, W. G., (2002). Ethics and Information Technology. New York: Springer-Verlag.
Andress, M., (2001). Surviving Security: How toIntegrate People, Process, andTechnology. Sams Publishing.. 30-73.