90 likes | 93 Views
Developing Computer Security Policy Ward Parker Global Integrity. What Are Policies?. Management instructions Provide overall objectives Guidelines, Standards, Procedures Difference between “must” and “should”. Why are Policies Important?. Foundation of all Computer Security Operations
E N D
Developing Computer Security Policy Ward Parker Global Integrity
What Are Policies? • Management instructions • Provide overall objectives • Guidelines, Standards, Procedures • Difference between “must” and “should”
Why are Policies Important? • Foundation of all Computer Security Operations • Effective vs.. Chaos • Got a good lawyer? • Cart before the Horse Syndrome • Put Management to work for you
What Makes a Successful Policy? • Brevity is an Art • Clarity is your friend • Give them what they need, not what they want • Tailor to the organization • Eating an elephant
Types of Policies • Regulatory • Advisory • Informative
Common Components • Statement of Policy • Authorizing individual • Author • Reference to other policies, if any • Measurement of Expectations • Waiver Requests • Process for Requesting Change • Violation • Effective Date • Review Date
Publication Methods • Policy Manual • Personal Guides • Brochures • On-line Documents Whatever you choose, make sure they are accessible!
Implementation…Nobody Said It Would Be Easy • Management doesn’t understand importance • Lack of support throughout organization • Awareness & Training of users
Questions/Comments • Sources: • “Information Security Made Easy” • “Handbook of Information Security Management” • (703) 293-5302/wcp@globalintegrity.com