Definition of Policies and Procedures
What is a security policy?
A security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security environment.
|
|
Policies and Procedures
|
|
Operationalizing Security & Policy Compliance: A Unified Approach for IT, Audit and Operation Teams ~ Sponsor
Learn the five major information security areas where progress has been made in Security and Policy Compliance, and the ongoing need for continuous improvement. This paper provides a detailed discussion of the internal and external regulatory challenges now faced by organizations, the scope of these challenges, and the ways in which they can be addressed through better business processes and automation.
Read the Article
|
CERIAS - Toward Autonomic Security Policy Management34 min. 30 sec.
The assurance of network security is dependent not only on the protocols but also on polices that determine the functional behavior of network security devices. Network security devices such as Firewalls, IPSec gateways, IDS/IPS operate based on locally configured access control policies. However, the complexity of managing security polices, particularly in enterprise networks, poses many challenges for deploying effective security. For example, security policies are usually configured in isolation from each other, even though they are not necessarily independent as they interact with each other to form the global security policy.
Watch the Video
|
Information Security as a Process
Information security is a maturing field that doesn't have many of the processes that other areas of IT take for granted. In this article we will explore one of the obvious processes that should be in place in any security department and then use this example to illustrate how Policy, Procedure, and Standards, can support this. Discussing how these three elements work together in the grand scheme of information security can provide you with information that will make more efficient use of your time and resources.
Read the Article
|
What makes a good security policy and why is one necessary
Security does not come from automated applications, rather it is compromised of security applications or systems, processes and procedures and the personnel to implement both the systems and processes. In order to properly address security, the most fundamental item necessary is a security policy.
Read the Article
|
Combating the Lazy User: An Examination of Various Password Policies and Guidelines
This paper demonstrates that many published policies and guidelines will allow for the creation of weak passwords by lazy or inexperienced users. Such passwords may provide a relatively easy method of attack using custom dictionaries and readily available password cracking tools. This paper also makes recommendations by which the Security Administrator can improve the strength of the passwords.
Read the Article
|
Acceptable Use: Whose Responsibility Is It?
This paper focuses on the Information Technology and Information Security ramifications of acceptable computer use policy and attempts to show how responsibility can be shared with the less technical Human Resources and Legal departments. The goals of the policy are to (1) meet productivity goals of the Human Resources department; (2) meet liability concerns of the Legal department; (3) protect the organization's information and technical resources; and (4) meet the security goals of the Information Technology and Information Security departments.
Read the Article
|
Introduction to Security Policies, Part One: An Overview of Policies
This is the first in a series of four articles devoted to discussing about how information security policies can be used as an active part of an organization's efforts to protect its valuable information assets. In a world that is essentially technology driven; where the latest IIS exploit is countered with a mad rush to install the relevant patch and where the number of different operating systems in a network exceeds the number of hairs on the security administrator's head that haven't turned gray, policies give us an opportunity to change the pace, slow things down and play the game on our own terms. Policies allow organizations to set practices and procedures in place that will reduce the likelihood of an attack or an incident and will minimize the damage caused that such an incident can cause, should one occur.
Read the Article
|
Introduction to Security Policies, Part Two: Creating a Supportive Environment
As we concluded the first article of this series, we pointed out that policies in themselves are ineffective; their effectiveness is directly proportional to the support they receive from the organization. Thus it is crucial that the organization be aware of the importance of security policies and create an environment in which security is given a high priority. The bigger the organization, the more important this support becomes. This article will go over a few of things that can be done to ensure that security policies given the full support of the management of the organization, which will thereby increase the efficacy of the policies.
Read the Article
|
Introduction to Security Policies, Part Three: Structuring Security Policies
This is the third in a four-part overview of security policies. In the first article, we looked at what policies are and what they can achieve. In the second article, we looked at the organizational support required to implement security policies successfully. In this installment, we shall discuss how to develop and structure a security policy.
Read the Article
|
Introduction to Security Policies, Part Four: A Sample Policy
This is the fourth in a four-part overview of security policies. In the first article, we looked at what policies are and what they can achieve. The second article looked at the organizational support required to implement security policies successfully. The third installment discussed how to develop and structure a security policy. This installment will take a look at a few examples of security policies.
Read the Article
|
|
|
Page: 1 2 3 4
Members currently browsing this category:
|
|
