The value of physical equipment is often far less than the value of the data it contains. The loss of sensitive data to a company’s competitors or to criminals can be costly. Such losses can result in a lack of confidence in the company and the dismissal of computer technicians in charge of computer security. To protect data, several methods of security protection can be implemented.

An organization should strive to achieve the best and most affordable security protection against data loss or damage to software and equipment. Network technicians and the organization’s management must work together to develop a security policy that ensures that data and equipment are protected against all security threats. In developing a policy, management should calculate the cost of data loss versus the expense of security protection and determine which trade-offs are acceptable. A security policy includes a comprehensive statement about the level of security required and how this security will be achieved.

You may be involved in developing a security policy for a customer or organization. When creating a security policy, ask the following questions to determine the security factors:

When creating a security policy, these are some key areas to address:

The security policy should also provide detailed information about the following issues in case of an emergency:

The scope of the policy and the consequences of noncompliance must be clearly described. Security policies should be reviewed regularly and updated as necessary. Keep a revision history to track all policy changes. Security is the responsibility of every person within the company. All employees, including non-computer users, must be trained to understand the security policy and notified of any security policy updates.

You should also define employee access to data in a security policy. The policy should protect highly sensitive data from public access, while ensuring that employees can still perform their job tasks. Data can be classified from public to top secret, with several different levels between them. Public information can be seen by anyone and has no security requirements. Public information cannot be used maliciously to hurt a company or an individual. Top secret information needs the most security, because the data exposure can be extremely detrimental to a government, a company, or an individual.