1 / 9

Developing Computer Security Policy Ward Parker Global Integrity

Developing Computer Security Policy Ward Parker Global Integrity. What Are Policies?. Management instructions Provide overall objectives Guidelines, Standards, Procedures Difference between “must” and “should”. Why are Policies Important?. Foundation of all Computer Security Operations

ellenmendez
Download Presentation

Developing Computer Security Policy Ward Parker Global Integrity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Developing Computer Security Policy Ward Parker Global Integrity

  2. What Are Policies? • Management instructions • Provide overall objectives • Guidelines, Standards, Procedures • Difference between “must” and “should”

  3. Why are Policies Important? • Foundation of all Computer Security Operations • Effective vs.. Chaos • Got a good lawyer? • Cart before the Horse Syndrome • Put Management to work for you

  4. What Makes a Successful Policy? • Brevity is an Art • Clarity is your friend • Give them what they need, not what they want • Tailor to the organization • Eating an elephant

  5. Types of Policies • Regulatory • Advisory • Informative

  6. Common Components • Statement of Policy • Authorizing individual • Author • Reference to other policies, if any • Measurement of Expectations • Waiver Requests • Process for Requesting Change • Violation • Effective Date • Review Date

  7. Publication Methods • Policy Manual • Personal Guides • Brochures • On-line Documents Whatever you choose, make sure they are accessible!

  8. Implementation…Nobody Said It Would Be Easy • Management doesn’t understand importance • Lack of support throughout organization • Awareness & Training of users

  9. Questions/Comments • Sources: • “Information Security Made Easy” • “Handbook of Information Security Management” • (703) 293-5302/wcp@globalintegrity.com

More Related