Ch. 4 Information Security Policy

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Standard

More detailed statement of what must be done to comply with policy. Are built on sound policy and carry the weight of policy.

System-specific security policies

Often function as standards or procedures to be used when configuring or maintaining systems.

Information Security Policies

Written instructions, provided by management, to inform employees and others in the workplace of the proper behavior regarding the use of information and information assets.

(3) Types of InfoSec Policy

-Enterprise Information Security Policy (EISP_ -Issue-Specific Security Policies (ISSP) -System-specific security policies (SysSP)

Rules when shaping a policy:

-Policy should never conflict with law -Policy must be able to stand up in court if challenged -Policy must be properly supported and administered

Guidelines for Effective Policy

1. Developed using industry-accepted practices 2. Distributed using all appropriate methods 3. Read by all employees 4. Understood by all employees 5. Formally agreed to by act or affirmation 6. Uniformally applied and enforced

Policy

A plan or course of action, as of a government, political party, or business, intended to influence and determine decisions, actions, and other matters. Policies comprise a set of rules that dictate acceptable and unacceptable behavior within an organization.

Practices, Procedures and Guidelines

Explain how employees are to comply with policy. Include detailed steps required to meet the requirements of standards.

Access Control Lists (ACLs)

Include the user access lists, matrices, and capability tables that govern the rights and privileges of users. Regulate the following aspects of access: -Who can use the system -What authorized users can access -When authorized users can access the system -Where authorized users can access the system from -How authorized users can access the system

Issue-specific security policy (ISSP)

Provides detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as a process or a technology employed by the organization.

Examples of user privileges (aka permissions)

Read, write, execute, delete

Enterprise Information Security Policy (EISP)

Sets the strategic direction, scope, and tone for all of an organization's security efforts.


Ensembles d'études connexes

CGF Unit 7 Practice Questions- Gastrointestinal Disorders

View Set

Classroom Assessment Chapter Four

View Set

Chapter 3: Theoretical Perspectives

View Set

Major Rivers of the World - Fact Card

View Set

Chapter 8 Summary Natural Selection

View Set

Unit 2 Investment Adviser Representatives

View Set