Steps to Create and Implement SECURITY POLICIES
- Perform risk assessment to identify the risks to the organization's assets
- Learn from standard guidelines and other organizations
- Include senior management and all other staff in policy development
- Set clear penalties and enforce them and also review and update of the security policy
- Make final version available to all of the staff in the organization
- Ensure every number of your staff read, sign, and understand the policy
- Install the tools you need to enforce policies
- Train your employees and educate them about the policy
Examples of SECURITY POLICIES
- Acceptable-Use Policy::
It defines the acceptable use of system resources - User-Account Policy::
It defines the account creation process and authority, rights and responsibilities of user accounts - Remote-Access Policy::
It defines who can have remote access, and defines access medium and remote access security controls - Information-Protection Policy::
It defines the sensitivity levels of information, who may have access, how is it stored and transmitted, and how should it be deleted from storage media - Firewall-Management Policy::It defines access,management and monitoring of firewalls in the organization
- Special-Access Policy::
The policy defines the terms and conditions of granting special access to system resources - Network-Connection Policy::
It defines who can install new resources on the network, approve the installation of new devices, document network changes, etc. - Email Security Policy::
It is created to govern the proper usage of corporate email - Passwords Policy::
It provides guidelines for using strong passwords protection on organization's resources
No comments:
Post a Comment