INFORMATION SECURITY MANAGEMENT. Lecture 4: Information Security Policy. You got to be careful if you don’t know where you’re going, because you might not get there. – Yogi Berra. Principles of Information Security Management. Chapters 2 & 3. Chapter 4.
Information Security Policy
You got to be careful if you don’t know where you’re going,
because you might not get there. – Yogi Berra
Chapters 2 & 3
Include the following characteristics that will be the focus of the current course (six P’s):
“The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems”
Policy is the essential foundation of an effective information security program
Acceptable Use of Systems Policy
Many security systems require specific configuration scripts telling the systems what actions to perform on each set of information they process
Disaster at a University:
A Case Study in Information Security
Approach and Resolution
Figure 4-10 The VigilEnt policy center
Source: Course Technology/Cengage Learning
Alternative Approaches: Guide for Developing Security Plans for Federal Information Systems
Management of Information Security, 3rd ed.
Lest you believe that the only reason to have policies is to avoid litigation, it is important to emphasize the preventative nature of policy.