CST 481/598 x.2.  Broad overview of policy material  What is a “process”  Tiers (not tears) Many thanks to Jeni Li.

Slides:



Advertisements
Similar presentations
Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
Advertisements

Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
ORGANIZATION. 2 Purchasing & Inventory Assessment Occurrence Management Information Management Process Improvement Customer Service Facilities & Safety.
Financial Policies Training: Formulation and Issuance of University Financial Policies (2.1.9) Effective: October 1, 2008.
GReening business through the Enterprise Europe Network EN Giovanni FRANCO European Commission Enterprise and Industry EN
6-1 Full and Fair Reporting Electronic Presentation by Douglas Cloud Pepperdine University Chapter F6.
Appendix B: Designing Policies for Managing Networks.
Implementing SMS in Civil Aviation: the Canadian Perspective.
OASIS Reference Model for Service Oriented Architecture 1.0
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
Prepared by: Dr. fatma Baddar King Saud university college of nursing Nursing administration & education Dep. mission, vision, goals, objectives, values,
ASPEC Internal Auditor Training Version
The purpose of SOP is to describe the Performance of a controlled process and if it is written to fulfill only that purpose efficiently and effectively,
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
1 Tuesday, August 16, 2005 W E B C A S T August 16, 2005 Policy Development Theory & Practice: An Emphasis on IT Pat Spellacy Director of Policy & Process.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
G17: Recordkeeping for Business Activities Carried out by Contractors Patrick Power, Manager Government Recordkeeping Programme Archives New Zealand.
Performance Auditing at PPS: Guidelines and Success Factors Richard C. Tracy District Performance Auditor April 16, 2007.
Security Policies Jim Stracka The Problem Today.
Unit 5:Elements of A Viable COOP Capability (cont.)  Define and explain the terms tests, training, and exercises (TT&E)  Explain the importance of a.
IS 460 Notes IS Strategic Planning By Thomas Hilton.
Creating an Effective Policy Central Missouri Chapter Jesse Wilkins April 16, 2009.
CST203-2 Database Management Systems Lecture 2. One Tier Architecture Eg: In this scenario, a workgroup database is stored in a shared location on a single.
BUSINESS OPERATIONS Business Management. Today’s Objectives 1. We will identify workplace safety & security measures. 2. We will analyze components included.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
The Key to Writing Policies and Procedures Updated: February 2012 Public Health Nursing & Professional Development Unit Eunice Inman, RN Gay Welsh, RN.
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Health and Safety Policy
Dobrin / Keller / Weisser : Technical Communication in the Twenty-First Century. © 2008 Pearson Education. Upper Saddle River, NJ, All Rights Reserved.
1 Unit 1 Information for management. 2 Introduction Decision-making is the primary role of the management function. The manager’s decision will depend.
Communication 2 Report Writing.
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
SE: CHAPTER 7 Writing The Program
Environmental Management System Definitions
DOC Web Policies & Best Practices Jennifer Hammond NOAA Research WebShop 2002 August 7, 2002.
2008 EPA and Partners Metadata Training Program: 2008 CAP Project Geospatial Metadata: Introduction Module 1: Introduction & Overview of the FGDC CSDGM.
SAFETY MANAGEMENT SYSTEM IN TURKISH STATE RAILWAYS (TCDD)
IAEA International Atomic Energy Agency Methodology and Responsibilities for Periodic Safety Review for Research Reactors William Kennedy Research Reactor.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
Regulation of Lobbying Act 2015: Presentation to members of the media Sherry Perreault Head of Lobbying Regulation Standards in Public Office Commission.
Copyright 2010, The World Bank Group. All Rights Reserved. Recommended Tabulations and Dissemination Section B.
Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.
Prepared By: Razif Razali 1 TMK 264: COMPUTER SECURITY CHAPTER SIX : ADMINISTERING SECURITY.
MINE SAFETY MANAGEMENT PLAN. DIRECTORATE GENERAL OF MINES SAFETY DGMS n It is recommended that mines be required to put in place Mine Safety Management.
Policy Guidance. I.Policy Statement II.Purpose III.Definitions IV.Standards V.Responsibilities VI.Authorization VII.Legal References VIII.History Policy.
Dobrin / Weisser / Keller: Technical Communication in the Twenty-First Century. © 2010 Pearson Education. Upper Saddle River, NJ, All Rights Reserved.
Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.
Copyright © Houghton Mifflin Company. All rights reserved.8-1 Chapter 8 Developing an Effective Ethics Program.
#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.
 P lanning is an intellectual process, consicous determination of courses of action, the basing of decisions on purpose, facts and considered estimates.
Information Security Policy
Chapter 4 Policy, Procedures, and Guidelines
Program Quality Assurance Process Validation
Tracy Mitrano NWACC Workshop
Training Course on Integrated Management System for Regulatory Body
Setting Actuarial Standards
Server Security Policy
IS4550 Security Policies and Implementation
Importance of Law and Policies in the Environmental Management System
Software Requirements Specification (SRS) Template.
Briefing to the Portfolio Committee on Police Audit outcomes of the Police portfolio for the financial year 13 October 2015.
Module 3 Part 2 Developing and Implementing a QI Plan: Planning and Execution Adapted from: The Health Resources and Services Administration (HRSA) Quality.
Introduction to Fiscal Policy Program
The Key to Writing Policies and Procedures Updated: February 2012
Health & Safety Policy.
Presentation transcript:

CST 481/598 x.2

 Broad overview of policy material  What is a “process”  Tiers (not tears) Many thanks to Jeni Li

 Guide employee behavior  Enable accountability measures  Manage expectations (to an extent)  Ensure self-regulation  Protect information  Protect the company

Policy  High-level, brief  General requirements on a specified subject area  Tier 1, 2, 3  Standards  Mandatory requirements that support individual policies  Procedures  Mandatory, step-by-step actions to complete a task  Guidelines  Recommendations (not mandatory) to enable policy compliance  May provide a framework to implement procedures

 Overall vision  Address organizationwide issues  Fairly broad, brief, and general  Usually developed or approved by committee  Require little modification over time  Examples  Records management  Corporate communications  Business continuity planning

 Components  Topic with “Hook”  Scope  Responsibilities  Compliance and Consequences

 Specific topic or department  Address single issues of current relevance  Usually issued by a single senior official  Require more frequent updates  Examples  Electronic mail  Workstation security  Data access control

 Components  Thesis statement  What the policy addresses and why it exists  Relevance  Where, how, when, and to whom it applies  Responsibilities  Compliance  May be more specific than Tier 1  Supplementary information  Metadata; e.g., contact, ownership, revision dates

 Specific application, function, or system  May be issued by the system owner  Should derive from mission objectives  Business and application mission objectives  Proactive, not reactive  Format is more variable  Examples  Payroll and time submission  Web application server access

 Easy to understand  Visible  Applicable  Do-able  Enforceable  Phased in on introduction  Proactive  Diplomatic (avoid absolutes)  Supportive of the business objectives

 See if you can just change an existing one  Address the business objectives  Use the business language  Use the existing policy format  Write it well  Be succinct  Grammar and spelling matter  Be realistic (balance protection with productivity)  Consider the audience  Sell before and train after

 Policies state goals in broad terms  Standards define what to do in specific terms  Procedures tell how to meet the standards

 Standards should  Have management support  Be reasonable, flexible, and current  Be practical and applicable  Be reviewed and updated regularly  Ensure adherence to externally imposed standards

 Procedures should  Fulfill a real need  Does the task have to be completed in a specific manner?  Identify the target audience  Describe the task  Its purpose, scope, and goals  Any prerequisites to beginning the task  Describe the expected outcome

 Some possible components  Title  Intent  Scope  Responsibilities  Sequence of events  Approvals  Prerequisites  Definitions  Equipment required  Warnings  Precautions  Procedure body (the actual steps)

 Formats vary  Content, depth and specificity/generality

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.