によって Wirda munira 1年前.
121
CHAPTER 4: INFORMATION SECURITY POLICY by Hafisha Amila
Crafting an effective information security policy involves multiple layers and specific approaches tailored to various organizational needs. System-specific security policies (SysSPs)
開く
CHAPTER 4: INFORMATION SECURITY POLICY by Hafisha Amila Guidelines for Effective Policy
Management processes are established to perpetuate the
policy within the organization A senior manager or executive at the appropriate level and
the organization’s legal counsel review and formally
approves the document The policy is designed and written Policy Bull’s-eye model layers Applications System Network Policies essential foundation of an effective
information security program System-Specific Security Policies (SysSPs) Combination SysSPs
Configuration Rules
Access Control Lists
•Read
•Write
•Execute
•Delete methods of implementing •Configuration rules •Access control lists Applies to any technology that affects the
confidentiality, integrity, or availability of information Issue-Specific Security Policy (ISSP)
provides detailed, targeted guidance to instruct all
members of the organization in the use of a resource organization’s ISSPs should Contain a statement on the organization’s position on an issue
Require frequent updates
Address specific technology-based systems fair and
responsible use policies Enterprise Information Security Policy (EISP)
should not contradict the organizational
mission statement guides the development,
implementation, and management requirements of the
InfoSec program Essential foundation of an
effective information security program
