1.  1. Introduction  2. Policy  3. Why Policy should be developed.  4. www policies 2.

Slides:



Advertisements
Similar presentations
RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Advertisements

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Information Security Policy
information Security Blueprint
Information Security Policy
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Information Security Policies and Standards
Each problem that I solved became a rule which
Information Systems Security Officer
(Geneva, Switzerland, September 2014)
First Practice - Information Security Management System Implementation and ISO Certification.
Stephen S. Yau 1CSE Fall 2006 IA Policies.
The 10 Deadly Sins of Information Security Management
SOX & ISO Protect your data and be ready to be audited!!!
Stephen S. Yau CSE , Fall Security Strategies.
Risk Management Vs Risk avoidance William Gillette.
Introduction to Systems Analysis and Design
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
SEC835 Database and Web application security Information Security Architecture.
Evolving IT Framework Standards (Compliance and IT)
Occupational Health & Safety
ITC358 ICT Management and Information Security
TEL2813/IS2820 Security Management
SECURITY POLICIES Indu Ramachandran. Outline General idea/Importance of security policies When security policies should be developed Who should be involved.
1 Introduction to Information Security. 2 Historical aspects of InfoSec Critical characteristics of information CNSS security model Systems development.
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
FORESEC Academy FORESEC Academy Security Essentials (II)
Computer & Network Security
Auditing services for assurance in evaluation of companies’ information systems (technologies) efficiency Kherson State University Samchynska Yaroslava.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 Securing Channels of Communication Secure Sockets Layer (SSL): Most common form of securing channels.
MANAGEMENT of INFORMATION SECURITY Second Edition.
MANAGEMENT of INFORMATION SECURITY Third Edition C HAPTER 4 I NFORMATION S ECURITY P OLICY Each problem that I solved became a rule which served afterwards.
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Environmental Management System Definitions
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Introduction to Information Security
MANAGEMENT of INFORMATION SECURITY Third Edition C HAPTER 4 I NFORMATION S ECURITY P OLICY Each problem that I solved became a rule which served afterwards.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
CC3020N Fundamentals of Security Management CC3020N Fundamentals of Security Management Lecture 4 Security Policy, Standard, and Practices.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Purchasing Forum – May The integration of the activities, plans, attitudes, policies, and efforts of the people of an organization working together.
Mr C Johnston ICT Teacher
Information Security Policy
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
Information Security tools for records managers Frank Rankin.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Slide 1 INFORMATION SECURITY POLICY  ” Avoiding danger is no safer in the long run than exposure”. Helen Keller  “Anyone who has never made a mistake,
Information Security Policy Development for Management By Peter McCarthy.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Chapter 3 “A Case Study of Effectively Implemented Information Systems Security Policy[1]” John Doran, CST554, Spring 2008.
Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.
Primary Steps for Achieving ISO Certification.
Developing a Network Security Policy By: Chris Catalano.
Information Security Policy
Start Why ISO In WWM CRC?.
Security Standard: “reasonable security”
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
LAND RECORDS INFORMATION SYSTEMS DIVISION
Chapter 9 Control, security and audit
How to Mitigate the Consequences What are the Countermeasures?
Cybersecurity Threat Assessment
Appointing a Management Agent
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

1

 1. Introduction  2. Policy  3. Why Policy should be developed.  4. www policies 2

 Focuses on information security policy: ◦ What it is ◦ How to write it ◦ How to implement it ◦ How to maintain it 3

 Policy is an essential foundation of effective infosec program  The success of an information resources protection program depends on the policy generated, & on the attitude of management toward securing information on automated systems. 4

 You, the policy maker, set the tone & the emphasis on how important a role infosec will have within your agency.  Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws & regulations, & assurance of operational continuity, information integrity, & confidentiality.” 5

 A quality infosec program begins & ends with policy  Policies are least expensive means of control & often the most difficult to implement  Basic rules to follow when shaping policy: ◦ Never conflict with law ◦ Stand up in court ◦ Properly supported and administered ◦ Contribute to the success of the organization ◦ Involve end users of information systems 6

7 Focus on the systemic solutions, not specifics

1. Policies: first layer of defense 2. Networks: threats first meet organization’s network 3. Systems: computers & manufacturing systems 4. Applications: all applications systems 8

 Policies are important reference documents for internal audits & for resolution of legal disputes about management’s due diligence  Policy documents can act as a clear statement of management’s intent 9

10

 Policy: plan or course of action that influences & determines decisions  Standards: more detailed statement of what must be done to comply with policy  Practices, procedures & guidelines:explain how employees will comply with policy 11

 For policies to be effective, they must be: ◦ Properly disseminated ◦ Read ◦ Understood ◦ Agreed-to 12

 Policies require constant modification & maintenance  In order to produce a complete infosec policy, management must define 3 types of infosec policy: ◦ Enterprise infosec program policy ◦ Issue-specific infosec policies ◦ Systems-specific infosec policies 13

 1. Introduction  2. Policy  3. Why Policy should be developed.  4. www policies 14

 Identifies assets the company considers valuable.  Provides to the security team and its activities.  Provides a reference to review when conflicts pertaining to security arise.  States the company’s goal and objectives pertaining to security  Outlines personal responsibility.  Helps to prevent unaccounted –for events(surprises) . 15

 Defines the scope and functions of the security team  Outlines incident response responsibilties  Outline the company’s response to legal,regulatory and standards of due care. Note: Standards refer to mandatory activities, actions or rules.Standards can give support to policy and reinforcement in direction. 16

 Introduction  2. Policy  3. Why Policy should be developed.  4. www policies 17

 Web based malware and attacks are proliferating rapidly on the Internet. There are new web security indicators,techniques and policy communication mechanism sprinkled throughout the various layers of the web and HTTP.  Some of the points to be consider a) SSL : Use Public key encryption.server authentication,use HTTPS protocol. b) Session : use session instead of Cookies as it stores in browsers and easy for attackers to reveal your passwords. 18

 Thanks you 19

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.