Definition of Policies and Procedures
What is a security policy?
A security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security environment.
|
|
Policies and Procedures
|
|
Electronic Data Retention Policy
Imagine this scenario. During a routine staff meeting, a coworker from the legal department alerts your team to the fact that a sexual harassment case has recently been filed against an employee. Since both the plaintiff and the defendant use electronic systems that you administer, your assistance is required. Therefore, they need all the electronic documents owned or edited by the employees regardless of where that data may be stored. They need everything from the previous twelve months. This includes all forms of electronic information including email messages sent and received. Backup tapes must be checked as well. Since this is an active case, you can no longer delete any electronic information that could potentially be relevant to this case since it may be requested for evidence as well. Consequently, you may no longer be able to recycle backup tapes or clean up disk space until the case is over. Failure to preserve potential evidence could result in sanctions.
Read the Article
|
Adventures in implementing a strong password policy
Password authentication is high in the list of potential security vulnerabilities. This paper explores the issues we had to negotiate in strengthening our passwords, some of the of the special situations which had to be handled as exceptions to the policy, and our planned future directions.
Read the Article
|
The Firewall has been Installed, Now What? Developing a Local Firewall Security Policy
Given the responsibility of configuring firewalls for a departmental network, I discovered that a local firewall security policy had not been written. This paper details the process I used to draft a perimeter device security policy for these firewalls. The firewall policy at the end of this document completes the policy draft process. The information gathered to draft a local firewall policy also lead to the creation of a PIX Firewall Security Services and Requirements matrix. This matrix maps HIPAA and local security requirements to the security technology solutions provided by the PIX firewall.
Read the Article
|
Computer security means establishing policies
Security policies are only part of an effective computer security program, but they are the core on which the rest of the program is built. In this brief article targetted towards the business world, the necessity for an information security policy is presented. Information Security IS policies.
Read the Article
|
How to teach employees to protect their passwords
If you go into just about any office in America where passwords are required to access computer resources, odds are close to one hundred percent that you will find someone's password written on a Post-It note and stuck on the edge of their monitor. If it's not there, there's a darn good chance that it's on a Post-It on the right or left of the inside of the top desk drawer. This brief article, written for the business community, discusses the need for clear, enforceable password policies and the necessity of employee training to ensure the policy works as it should.
Read the Article
|
Implementing/Re-Implementing Change Control Policies
All network environments change over time, whether the change is planned or unplanned. Change Control Policies help to minimize the inadvertent creation of security openings when implementing planned, unplanned, or recovery changes to a company's network environment.
Read the Article
|
Guidelines for an Information Sharing Policy
This paper presents a set of guidelines which may be used in the creation of an Information Sharing Policy for small organizational units. To help facilitate these guidelines, a general overview of effective policy creation is presented. Following the step-by-step Information Sharing Policy guidelines, specific examples of the policy's use are set forth. Concluding remarks include information on increasing policy effectiveness and awareness.
Read the Article
|
Security Policies: Where to Begin
The intent of this paper is to guide you through the process and considerations when developing security policies within an organization; however it will not attempt to write the initial policies. There are a multitude of excellent websites and software products available that can assist with the actual development and provide sample formats.
Read the Article
|
Developing a Security Policy - Overcoming Those Hurdles
This paper describes the real-life experiences involved in developing a security policy and gaining its endorsement in a medium sized company. The major challenges, as with all companies, is the big cost factor and the acknowledged belief that security is not a real issue. After all, who'd want to attack us and what damage could they do?
Read the Article
|
Building and Implementing an Information Security Policy
The purpose of this paper is to describe a process of building and, more importantly, implementing an Information Security Policy. The paper attempts to identify the important decisions regarding content, compliance, implementation, monitoring and active support, that have to be made in order to achieve an information security policy that is usable; a policy that lives and evolves as your organization infrastructure and operational requirements change and a policy that is understood and supported by management and colleagues.
Read the Article
|
|
|
Page: 1 2 3 4
Members currently browsing this category:
|
|
