How to Cheat at Managing Information Security

Security Policy Revisited

As mentioned, the security policy is driven by the security strategy. The security policy sets rules on how we treat information security. A good security policy is:

  • Directive It should read like a set of rules, in very plain, forceful English. It is definitely not a discussion document, and we are not asking for compliance; it is simply a condition of working in your company.

  • Abstracted from technology The policies should be written so that operating systems can be changed or augmented without a need for any changes to policy. The technology is just a tool.

  • Supported You must ensure that the management signs off on the policy. Worse still, it is likely to be your job to ensure that management is compliant.

  • Implemental Policies must be capable of being complied with, in a reasonable and constructive may.

  • Owned Someone must own the document, its updating, and its enforcement.

A good policy should contain the components shown in the following sidebar. It is a good idea to stay with this format.

Tools & Traps Components of a Good Security Policy

A good security policy includes the following components:

  • Objective/purpose This states clearly the purpose of the policy by indicating what it is designed to protect the organization from.

  • Scope This typically says something like this policy applies to all permanent and contract employees.

  • Policy statements See the section in this chapter...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Parking Control Systems and Products
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.