INFORMATION SECURITY POLICIES CHANGES IN ORGANIZATIONS

Abstract

Computer security issues have been a fact of life since the beginning of electronic information sharing. With the development of the Internet, these issues became global. Computer systems have been under attack by hackers through using several techniques including malicious email attachments. There are various estimates about the cost of damage, but the most recent statistics are stated to be in the range of billions of dollars per year. Organizations have been slow in adopting strategies and developing policies to secure their information resources. Firms’ budget allocations appear unaffected by the accelerated rate of computer security incidents. Companies have been slow in spending more money and adopting strategies to secure their information resources. There is a trade-off between security and the budget allocation, and organizations are having a difficult time to find a balance. The initial step in the process of finding a balance is to conduct an analysis of the existing security situation and to understand where the company stands on the information resources risk. This study attempts to explore some of the policy issues with which organizations are faced in securing their information resources. The focus of this study is to show companies’ existing security policies situation and compare with those of a decade ago to see whether there have been any changes. The objective is to help organizations to realize their potential security weaknesses.