Categorieën: Alle - security - access - configuration - enterprise

door Wirda munira 1 jaar geleden

112

CHAPTER 4: INFORMATION SECURITY POLICY by Hafisha Amila

Crafting an effective information security policy involves multiple layers and specific approaches tailored to various organizational needs. System-specific security policies (SysSPs)

CHAPTER 4: INFORMATION SECURITY POLICY by Hafisha Amila

CHAPTER 4: INFORMATION SECURITY POLICY by Hafisha Amila

Guidelines for Effective Policy

Management processes are established to perpetuate the policy within the organization
A senior manager or executive at the appropriate level and the organization’s legal counsel review and formally approves the document
The policy is designed and written

Policy

Bull’s-eye model layers
Applications
System
Network
Policies
essential foundation of an effective information security program

System-Specific Security Policies (SysSPs)

Combination SysSPs
Configuration Rules
Access Control Lists
•Read •Write •Execute •Delete
methods of implementing
•Configuration rules
•Access control lists
Applies to any technology that affects the confidentiality, integrity, or availability of information

Issue-Specific Security Policy (ISSP)

provides detailed, targeted guidance to instruct all members of the organization in the use of a resource
organization’s ISSPs should
Contain a statement on the organization’s position on an issue
Require frequent updates
Address specific technology-based systems
fair and responsible use policies

Enterprise Information Security Policy (EISP)

should not contradict the organizational mission statement
guides the development, implementation, and management requirements of the InfoSec program
Essential foundation of an effective information security program