Chapter 4: Information Security Policy

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Issue-specific Security Policy (ISSP)

An organizational policy that provides detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies.

Guidelines

Non-mandatory recommendations the employee may use as a reference in complying with a policy. If the policy states to "use strong passwords, frequently changed," the guidelines might advise that "we recommend you don't use family or pet names, or parts of your Social Security number, employee number, or phone number in your password

Procedures

Step-by-step instructions designed to assist employees in following policies, standards, and guidelines. if the policy states to "use strong passwords, frequently changed," the procedure might advise that "in order to change your password, first click on the windows start button, then..."

Information Security Policies

Written instructions provided by management that inform employees and others in the workplace about proper behavior regarding the use of information and information assets.

Standard

a detailed statement of what must be done to comply with policy, sometimes viewed as the rules governing policy compliance. if the policy states that employees must "use strong passwords, frequently changed," the standard might specify that the password "must be at least 8 characters, with at least one number, one letter, and one special character"

Practices

Examples of actions that illustrate compliance with policies. If the policy states to "use strong passwords, frequently changed," the practices might advise that "according to X, most organizations require employees to change passwords at least semiannually"

Policy

In business, a statement of managerial intent designed to guide and regulate employee behavior in the organization; in IT, a computer configuration specification used to standardize system and user behavior

System-Specific Security Policies (SysSPs)

Organizational policies that often function as standards or procedures to be used when configuring or maintaining systems. SysSPs can be separated into two general groups, managerial guidance and technical specifications, but may be written as a single unified SysSP document

Access Control Lists (ACLs)

Specifications of authorization that govern the rights and privileges of users to a particular information asset. Includes user access lists, matrices, and capability tables.

Enterprise Information Security Policy (EISP)

The high-level information security policy that sets the strategic direction, scope, and tone for all of an organizations security efforts. An EISP is also known as a security program policy, general security policy, IT security policy, high-level InfoSec policy, or simply an InfoSec policy


Ensembles d'études connexes

Trigonometric Identities - Algebra II

View Set

Management 300 Exam 2 Chapters 5-9

View Set

peds chapter 49- neurologic disorders

View Set

CompTIA Security+ Sy0-601 Chapter 10

View Set

T3: El empresario, clases de empresas

View Set

Live Virtual Machine Lab 12.1: Module 12 Networking Device Monitoring

View Set