Beruflich Dokumente
Kultur Dokumente
Definitions
Policy: course of action used by organization to convey
instructions from management to those who perform duties
Policies are organizational laws
Standards: more detailed statements of what must be done
to comply with policy
Practices, procedures and guidelines effectively explain
how to comply with policy
For a policy to be effective, must be properly disseminated,
read, understood and agreed to by all members of
organization
Principles of Information Security, 2nd Edition
Policy Management
Policies must be managed as they constantly change
To remain viable, security policies must have:
Individual responsible for reviews
A schedule of reviews
Method for making recommendations for reviews
Specific policy issuance and revision date
Principles of Information Security, 2nd Edition
Information Classification
Classification of information is an important aspect of policy
Policies are classified
A clean desk policy stipulates that at end of business day,
classified information must be properly stored and secured
In todays open office environments, may be beneficial to
implement a clean desk policy
10
ISO 17799/BS7799
One of the most widely referenced and often discussed
security models
Framework for information security that states
organizational security policy is needed to provide
management direction and support
11
12
13
14
15
16
Security perimeter
Point at which an organizations security protection ends and
outside world begins
Does not apply to internal attacks from employee threats or
on-site physical threats
Principles of Information Security, 2nd Edition
17
18
19
20