Documente Academic
Documente Profesional
Documente Cultură
Policy
Why is Developing Good Security Policy Difficult?
Must be comprehensive
Business model
Goals/Mission
Organizational Personality
Structure
Risk Analysis
Policy developer(s) need to know
the risks facing an organization
Reactive
Tool driven
Focused in the technical domain
Performed by technicians (IT) primarily
Lack of connection to business drivers, mission
Security relegated to the responsibility of IT
IT-based security decisions based on their drivers
Focused on information or network security, but not
administration, operations, or infrastructure (physical)
Standards
Know and understand the
organizational standards that will be
used for guidance within the policy.
Access control
Unauthorized software
Unauthorized use
Data protection
Personnel requirements
Etc.
Applicability
Identifies Where, How, When, To
Whom and To What the security/IA
policy applies