Name: Denosta, Hazel A.

Program&Section: BSIT-3C

The security policies are crucial to the effectiveness of any organization. They are the foundation of all
procedures and must be consistent with the company's overall mission and dedication to security. They
define who is responsible for what information inside the organization. The security policies transform
how organizations train for and respond to incidents involving security. Information security is based on
established policies that are understood and adhered to by every employee of an organization.

As the person responsible for securing the company's data and electronic assets, I suggest implementing
a comprehensive set of policies, procedures, and guidelines across departments and for end-users.
These are the proposed measures:

Change Management Policy. Changes to an information system operate, accepted, and identified
through an organization's change management policy. The company needs to ensure that any changes
are implemented with consideration to minimize any adverse impacts on customers and services. The
change management policy included are moves, delete, adds, software, hardware, database, and many
more. The person who is incharge for securing security and safety of data should protect user IDs and
maintain password confidentiality, also educating users about password authentication to avoid any
hacking activities done by scammers. Conduct a training session to keep employees educated about the
latest mitigation strategies and threats for security. Establish policies that back up all data to prevent
data loss if the system fails and ensure all employees only have access to the company's important data.
Educate all the employees about maintaining the company's assets and resources, including its
computers, networks, etc. and informed them of the possible consequences if they handled it carelessly.

The business can create an effective security system and guarantee the safeguarding of data and
electronic resources by putting these rules and regulations into practice. Upholding a secure
environment requires frequently enforcement, updates, and monitoring.