[Latoya Stoudmire]

There are multiple policies needed to ensure a strong security program. Some of those programs consist of information security access control, data protection and incident response, just to name a few. A company’s information security policy sets the standard. It allows the company to make clear what their requirements are to operate at their full potential in a secure environment. With this policy we see the CIA triad confidentiality, integrity, and availability. We also consider risk management strategies in this policy. Another important policy that cannot be overlooked is the access control policy. This policy Is used to monitor and make clear which users have access to which systems or applications. This policy is important seeing how most security issues are caused by users. The access control policies are put in place to inform an organization of any users attempting to access information that they are not governed. The incident response policy is also important to an organization’s data safety. The incident response policy negates how any events or potential threats will be handled in an organization. The policy will give a detailed explanation on how different events should be documented and handle, and in some cases, it will give step-by-step procedures for handling the specific incident. There are more policies that I have not discussed yet. These are the policies I thought were most imperative to securing an organization’s data.