Information Technology Policy Management Framework for A Bank: Management Essay

Information Technology Policy Management Framework for A Bank
Name
Institution
Due Date
Information Technology Policy Management Framework for A Bank
Introduction
Banking must have a framework on how to carry out the activities especially maintain and upgrade of the high breed network system. Information security is one of the key function of the planning that is carried out to ensure an organization’s specific needs are met. In this process, roles are divided depending on the duties. The management exercises the planning process with a mission of driving business to a particular direction of development. The source of threats to a banking system lack of planned security, emergency response in an event bank system is bridged (Safa et al., 2016).
Banks have impressed technology, but information created and shared among the worker and the public is enormous. Employees may spend a lot of their time using their personal devices on social networks, either sharing private information of letting out sensitive files. This can only be dealt with by data protection. Because file sharing, social media, and phones present a risk in management challenges. Therefore, policies governing information technology requires collective commitment. Planning is meaningful not only for the system but also for a cohesive environment among the workers in the bank. Use of technology should be reliable and secure and implementing more efficient products and services. The aspect of effective execution of risk management when introducing new services in the banking system requires close monitoring (Safa et al., 2016).
Acceptable computer use policy
Acceptable rules governing the use of computers in a banking system needs to be strictly adhered to. The network security of every member in the banking system should be carefully monitored if there is bridging of information this should be dealt with. These policies should be strictly followed to avoid outpour of important data to the public. The following should guide the users of the banking system (Khalifa, 2013).
The users of the system should not trespass or enter into the use of machines that are not assigned to them to void the display of ethical information. Improper or interference with one’s rights while using the system should not be allowed. Users must comply with the software guidelines, and the data networks banking system must find the security to protect information because finance does not accept fraudulent activities (Khalifa, 2013).
Access Controls Standards Policy
Access controls determine the process on who should use certain information at what circumstances. Such activities include the aspect where the users of the banking system are to be authorized through certain security scrutiny to be able to access data. The information secured in the banking system has to be tuned with either complex or watertight producers to safe guide their sensitive information (Muawanah & Gunadi, 2018).
Bank using access controls system should consider the following, rules, the structure, and the process of accessing the information. The rules governing the access control requirements on how to manage who accesses certain data and duration specified should be provided. The structure or the model of the system written for provision of security properties of the control system is crucial. It also gives out the rules governing the system security system used by many users that require integrated data processing cluster to ensure bridging of information is dealt with (Muawanah & Gunadi, 2018).
Information Technology Planning Policy
Banks have impressive technology, but information created and shared among the works and the public is enormous. Employees may spend a lot of their time using their personal devices on social networks, either sharing private information of letting out sensitive files. This can only be dealt with by data protection. Because file sharing, social media, and phones present a risk in management challenges. Policies governing information technology requires collective commitment (Safa et al., 2016).
Information and computer use policy
This policy focuses on outlining the various acceptable use of computer equipment alongside information assets at the bank. Importantly, any form of inappropriate use of the IT exposes the organization to risks that entails the unauthorized disclosure of information, virus attacks, compromise of the established network systems alongside services including the potential legal issues. The aspect of information security entails the process of managing technology as well as assurance mechanisms that allows the organization to put integrity in their transactions. The information applicable should be usable and appropriately manage various forms of failures owing to error, deliberate forms of attacks or disaster. There should be a provision whereby confidentiality of information is a priority (Safa et al., 2016).
This policy applies to various stakeholders such as the employees, consultants, contractors, alongside other workers within the bank. At the same time, the policy is applicable to various equipment owned by the bank (Safa et al., 2016). Communication of this policy is incorporated within all induction training for the banking staff and therefore, considered as part of the refresher training course for the current staff. All employees are expected to sign-off the policy on a yearly basis with copies of the forms safely kept on personal files for purposes of record. All new employees will be supplied with the copies of the policy document and requested to hand-over signed copy on the first day of employment (Safa et al., 2016).
Electronic Communications Policy
Internet, in this case, represents a wider public accessible network encompassing of millions of customers connected on the global platform. The email represents one of the popular features of the Internet. The policy states that access to the Internet is enabled to benefit the banking staff as well as the customers. The Internet enables employees to connect to a wide range of business information resources globally. The use of social networks, emails system enables the employees to fulfil their job responsibilities. Such services help increase productivity, specifically for business and not non-business activities (Safa et al., 2016).
Some of the controls required for the purposes of securing and ensuring continuous availability abs usability of the email system entail limiting of the mailbox sizes to 50 GB per email account. Such is a system enforced policy that demands all employees to manage their email accounts. On the same note, there is the aspect of storing as well as processing all emails through an external mail solution for security, archiving, as well as compliance alongside other corporate purposes (Safa et al., 2016). The capacity of the outgoing mails will be limited to 25Mb per mail at all time. However, the company data will be stored within the Corporate Dropbox as well as the local authorized user computers.
The following guidelines shall safeguard the use of the Internet and email:
Acceptable use of the Internet demands that employees accessing the Internet are representatives of the company. It is the responsibility of each employee to ensure that the Internet is used ethically, effectively and lawfully with a high-level integrity. There is permission to use the Internet at a personal level provided it does not interfere with work performance. Such usage should be made outside of scheduled hours, provided the use is consistent and in line with the professional work conduct (Safa et al., 2016).
The use of social network platform such as Facebook is applicable on a reasonable platform. Employees shall be held responsible and accountable for the post of any content on social media or various public forums associated with the bank. It will be considered a serious breach of policy in the event that an employee post items on social media that contravene the reputation of the bank, therefore, affecting its profile negatively. There will we continuous monitoring of the information passing through the internet infrastructure. Acceptable use includes the use of Web browsers in obtaining business-related information from commercial Web sites, accessing various information databases as required by the company, use of email for business contacts as well as using company mobile devices such as smartphones to transact company business (Safa et al., 2016).
Hardware and Software Acquisition Standards Policy
This section provides the necessary boundaries on acceptable use of the company’s electronic resources that entails the hardware and software, including the network systems. The various hardware devices and software programs acquired by the company are utilized only for creation, researching as well as the processing of company-related materials. All the stakeholders using the company’s hardware, software, and network system should assume personal responsibility, therefore, comply with the policy (Cloete, 2003).
All the software acquired on behalf of the organization shall be deemed as part of the company property. The software should be applicable in compliance with the bank’s licenses, contracts alongside agreements. The purchasing of the organization’s software shall be centralized with the IT department to ensure that all applications conform to the set corporate software standards. The software standards installed on the company computers fully supported by the IT Department include MS Windows Professional 8.1 or 10, Microsoft Office 365 Suite, Sage Pastel, Broll Online, Adobe DC, Dropbox for Business, Microsoft Windows Defender, Sage Pastel, Skype for Business, LifeSize Cloud Communication System. Any software other than the listed should not be incorporated into the system unless by authorization of the IT department. The employees are denied the right to copy, load or run any software that is not properly licensed or lad their own software onto the company’s computers (Gamundani & Uuzombala, 2016).
The IT department is charged with the responsibility of installation and configuration of all company computers by use of a standard operating system as well as an office suite. They should also store and provide protection of all company software and periodically check computers to ensure that bank policy is enforced. In this company, the computer hardware entails all the physical Information Technology equipment that entails (laptops, printers, photocopie...