Information Security Polices in the Business Environment

Abstract

According to research, the number of cyber attacks grew a lot in the first half of 2022. Therefore, the implementation of information security policies in companies has become fundamental for data security. With the advancement of technology, the majority of the population and the business environment are not aware of the risks that the internet can cause. With the lack of knowledge of security policies, people become vulnerable to attacks. The general objective of this work is to analyze the management of security policies in a company. In this work, bibliographic research was used in order to collect theoretical data on the subject. Exploratory research was also carried out to collect data on the company. In addition to a case study on the subject. When comparing the policies followed by the company with the norms, we can see that it does not fit in several aspects, and due to the lack of training for its employees and allowing them to send any information that may be confidential, the company is subject to a series of security risks such as viruses, trojans and spyware. The work reached its objectives, having the opportunity to identify and make viable the adjustments necessary for the company to continue its business safely in addition to suggesting the implementation of an information security policy.