There is need to have information security policy to guide the introduced frequent shopper program in Kudler Fine Foods. The program is to enhance sales and to boost customer loyalty. There I the need to have information access policy that will ensure that the people who are authorized to access information can do so. It is vital to show who has access to what information and who is not. When this is well indicated in the policy cases of unauthorized access is reduced. Information is a vital entity to any organization and thus access to information should be well managed and this is effective when there is a proper computer policy to guide the responsible personnel to handle the tasks.
With information security being a critical aspect in computer use today, computer polices have come up that help to enhance security. One policy that is internal is Internet use. The computer policy should entail a network and internet policy. The policy clearly indicates the roles of the network administrator and all the relevant security personnel responsible for maintaining the network. It should clearly outline the security measures for the network and also have a guideline for users to follow. Internet and networks are channels for sharing of information the policy should thus provide a user guideline indicating what should be communicated across the network and what should not for security purposes, the policy should also guide on the use of internet and online services. It should be clearly indicated in the policy which websites the users are not allowed to access while online, what content they are not allowed to download and why and which online services they are allowed to use and which ones not to use.
There is also a need to have proper customer awareness training for all employees and staff so that they are aware of the need to protect customer information. With this program being introduced, if not well taken care of, there will be unauthorized access to customer information with the view to tamper with the their information. There will be need to make the employees aware of aspects of data integrity, confidentiality and access. Data should be the way they are without tampering with their meaning. They should be kept the way they are in the database. Data access is another training awareness that should be taught to the employees. This will help them to understand the information access restrictions. They will know what to protect and if they do not get access to some information that they deem fit, they will not take this in bad faith but will just accept this as a requirement. They should be taught of the privileges that that each user has in the system.
Employees should be taught of rules that govern data within any given organization. They should know the legal implications and the punitive measures that can be taken for people found tampering with other people’s data without their permission. They should know the policies that govern data and information and the rights that customers have regarding their data. They should know how customers can take legal action against perpetrators of illegal data access. Another aspect of training awareness for the employees is the levels of access that each of them is accorded. They should understand that not all people have access to the same level of information.
References
Allen, J. (2003). The ultimate guide to system security. Boston: Madison-Wesley.
Dhillon, G. (2007). Information systems security and principles. New York: John Wiley & Sons.
