The rate of technology indecency in both developed and third world countries have continued to increase. This calls for any institution that deals with computerized systems to install security systems that must be adhered to by all participants without exception so as to ensure that data is secure as well as the secrets of the company do not go out of the company. Below is a draft of a security plan for a middle level company.
Before the installation of the security plan, any middle level company should have policy that governs the computerized systems. Among the key issues to be addressed by the policy are; pledging allegiance to the company, signing a confidentiality policy so as to ensure that no secret is unauthorized that is transmitted out of company, defining the roles of every person dealing with the system, an organization structure that shows responsibility of the computerized systems. The main aim of the policy is to prepare the involved parties psychologically about the importance of the security system (Chitty, Barker, & Valos 2011). This will erode any of the thoughts that the company does not trust them. However, it should be noted that there is no person whom the company should overly trust. The creation of security policy should involve all the stakeholders in the system at the preliminary level. Then the strategic management team should analyze and sieve the details given before coming up with a comprehensive policy.
Current state
Currently, many middle level companies have great risks in their computer systems. One, most of the persons who are mandated to deal with the systems is not specialized in computer training. The middle level companies prefer hiring a semi-specialized person then out source maintenance personnel when necessary to reduce the financial input into the systems. The other risks that are prevalent in middle level companies are irregular updating of systems. Most of the computerized systems require regular update. Most of hackers and other persons involved in technological indecency always create a new virus, counter technology or device means to counter old systems operations (Chitty, Barker, & Valos 2011). Thus by using an un-updated system, a company sits on a risk. The other risk is lack of control on data handling.
Requirements
In devising a computer security plan, a middle level company requires to set aside funds in its budget so as to meet all the financial demands. The other major requirement is personal who is specialized in computerized systems and who is experienced in that field of operation. Also, there is always a need to create a local area network and subscribe to wide area network so as to ensure speedy and timely updater into the systems (Fleming, 2007).
Recommendations
The management should ensure that the security policy is only in the hand s of trusted persons. Accountability of security measures by un-trusted persons has lead to sabotage to many companies. This calls for limit in the number of persons who change passwords and also issue them. Where the company contracts outside persons to maintain the systems, it should ensure that one of its trusted staffs is the one responsible for changing and assigning of passwords (Fleming, 2007). The keys to computer rooms should always be in the hands of the chief of the IT department. The management should also ensure that, connections to the main server cannot be updated from the remote servers. This will ensure that no irregular update is done by the staff. Where cards are used, the management should ensure that the chief of information technology department receives them back from the staff leaving the company (Chitty, Barker, & Valos 2011).
Follow up
There is always a need for a follow up to the security systems and policy so as to reduce any risk. One, the management should always ensure that the policy is reviewed every year so as to accommodate any new challenges that have been experienced through the year. Also, new technological developments should always be embraced to ensure that the company is not at risk. The allegiance of the staff dealing with data should be gauged from time to time and those seem sabotaging laid off to reduce any risk (Fleming, 2007).
References
Chitty, W., Barker, N.,& Valos M. ( 2011). Integrated Marketing Communications Asia Pacific
Edition. Australia: CengageBrain
Fleming, L., (2007). Excel HSC Business Studies. Australia: Pascal Press
