100%(7)7 out of 7 people found this document helpful
This preview shows page 1 - 4 out of 11 pages.
The preview shows page 2 - 4 out of 11 pages.
MMT2 Task 31Evaluation of Security PoliciesWestern Governors UniversityEvaluate Effectiveness of Policies in Regards to Ethics
MMT2 Task 32At its most basic definition, a security policy is a policy that defines the methods and/orprocesses a person, system or organization takes to ensure its own security.Security policiesattempt to regulate decisions and actions of internal employees and external users whom haveaccess to a company’s resources.An effective security policy should be easily understood,readily available and detailed enough as to leave no reasonable question unanswered.TheEmployer Security Policy addresses the constraints placed on the behaviors of its employees,guests and business partners which include the use of passwords, swipe cards and restrictingaccess to areas of the facility based on a predefined “need to know” basis.These controls serveas an active deterrent for individuals that may think of engaging in unethical behavior.The DataSecurity Policy addresses the privacy of employees and clients and aims to secure their data fromsecurity breaches.It addresses the use of company email, access to databases as well as papercopy information such as company memos.This policy includes a signed employeeacknowledgement, which is a plus and something that the other two policies discussed here lack.The Accounting Security Policy addresses the practice of data collection by the company.Thepolicy states that one reason for this practice is to conduct trend analysis, which are shared withappropriate management staff to confirm acceptable use.This policy does a good job ofexplaining why data collection is required but does not address the consequences of unethical useof the data collected.AEnergy’s security policies address many areas that cover ethical use ofthe company’s resources but none of the policies address unethical behavior specifically.TheData Security Policy and Accounting Security Policy would be strengthened by adding a non-disclosure agreement for guests and external business partners such as vendors and clients.TheAccounting Security Policy and Data Security Policy would be strengthened by addressing theissue of unauthorized use of Personally Identifiable Information (PII) by staff members.
MMT2 Task 33Potential unethical uses of company technology and/or data by internal users1.The Employer Security Policy encourages employees to mark personal emails sent fromcompany accounts as “personal”.Since email can be monitored at any time, the intent ofthis suggestion is to insure that emails marked as “personal” are not monitored.However, this practice could lead to the opposite of what is intended and lead to unethicalmonitoring.An email marked “personal” would stand out from the rest and make it aneasy target for monitoring by an unethical member of the staff.On the opposite end ofthe spectrum, if a person were engaging in unethical business practices such as stealing or