- Security policies are the foundation of the security infrastructure.
- A Security policy is a document or set of documents that describes the security controls that will be implemented in the company at high level
Goals of SECURITY POLICIES:
- Maintain an outline for the management and network security
- Protection of organization's computing resources
- Elimination of legal liabilities from employees or third parties
- Ensure customers integrity and prevent waste of company computing resources
- Prevent unauthorized modification of data
- Reduce risks caused by illegal use of resources, loss of sensitive, confidential data, and potential property
- Differentiate the users access rights
- Protect confidential, proprietary information from misuse, theft, unauthorized disclosure
Classification of SECURITY POLICIES:
User Policy
- Defines what kind of user is using the network
- Defines the limitations that are applied on users to secure the network
- Ex: Password Management policy
IT Policy
- Designed for the IT department to keep the network secure and stable
- Ex: Backup policy, server configuration, patch update, and modification policies, firewall policies
General Policies:
- Defines the responsibilities for general business purposes
- Ex: High Level Program Policy continuity plans, crisis management, disaster recover
Partner Policy
- Policy that is defined among a group of partners
Issue Specific Policy
- Recognize specific areas of concern and describe the organization's status for top level management
- Ex: Physical security policy, personal security policy, communications security
No comments:
Post a Comment