Presentation is loading. Please wait.

Presentation is loading. Please wait.

Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems.

Similar presentations


Presentation on theme: "Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems."— Presentation transcript:

1 Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems

2 Mobility Internet LAN Micro 2 The Challenge of Digital Enablement Mainframe Information Exposure Increases Management Ability Decreases

3 Record How You See Your Information

4 How Staff See Your Information Record Re……Record USB Record

5 How the Public Want to See Your Information Everywhere… and at all times!

6 The Policy Protection Model Policy Technology Identifies Procedures Which Requires Processes Leading To Educate Then We Control and Audit And For compliance with

7 Policies Set Our Expectations Users must not publish corporate information (applications, internal documents or files, press releases, price lists etc.) on any public facing computer system (e.g. website, social media site) unless the item has been authorised by the appropriate Manager and the Communications and Publicity Manager for public consumption. Online Services Policy: User 19.6 The Organisation must confirm the responsibilities of the cloud service provider with regard to information security. These responsibilities must be documented in an agreement which is signed by both the Organisation and the cloud service provider. Cloud Computing Policy: Technical 5.1.2 The Organisation must confirm the responsibilities of the cloud service provider with regard to information security. These responsibilities must be documented in an agreement which is signed by both the Organisation and the cloud service provider. Cloud Computing Policy: Technical 5.1.2 The access privileges of all users, systems and applications must be restricted based on the "need to know" and "least access" principles which require that there is a legitimate business need before access to any information systems resource is granted. Information Management Policy: Technical 2.3.2 The access privileges of all users, systems and applications must be restricted based on the "need to know" and "least access" principles which require that there is a legitimate business need before access to any information systems resource is granted. Information Management Policy: Technical 2.3.2

8 Where do IT Policies Fit? Why we are hereWhat Constrains UsWhat We are Going To DoWho or What Does ItHow We Are Going to Do ItIT PoliciesIT StrategyRegulatory FrameworkProcedures & ProcessesPeople & Technology

9 Why Have IT Policies? They don’t… Employers presume everyone knows about computers and IT Security

10 Consistent Rules and Guidelines Align With Best Practice Set Audit Benchmarks F irst line of Threat Defence Protect Corporate Information Good Governance Why Have IT Policies? Ensure compliance

11 Affects everyone – not just IT Users HR Risk Managers and Auditors Managers Stakeholders CEO – the buck stops here IT Policies Are Holistic

12 IT policies that are copies of best practice guides are like diet and exercise manuals…. Something to aspire to that you can never achieve IT Policies Must Be Relevant

13 Need to know versus need to withhold principle Well defined rules ensure that everyone knows what is expected of them IT Policies are an Access Enabler

14 IT Policies kept in a book on the back shelf in the IT Manager’s office will never be read Publish them on the Intranet And Available to All

15 But What Normally Happens… Defining Policy is too hard so no one actually gets around to it. Technology gets purchased without regard to policy Vulnerabilities get introduced because there are no rules

16

17

18

19

20

21

22

23 So you have IT Policies What Now?

24 Perception by Users

25 Let People Have Their Say Consultation is the key to Success

26 Review Feedback Feedback will be:- Constructive Positive Indifferent Unhelpful Critical Ridicule Disparaging

27 Incorporate Feedback Feedback should be incorporated if is:- Valid Relevant Helpful Achievable Doesn’t Negatively Impact on Anything Else

28 Workshop for Managers Important because:- Managers Lead By Example Managers Are Responsible for Their Staff Consistent IT Security Message for All If Managers Aren’t Supportive, No One Else Will Be

29 Get Sign-Off

30 Talk to HR HR have an important role to play in IT Security:- New employees sign the Acceptable Use Policy Induction process During Employment ✓ Add users ✓ Change user access ✓ Terminating users Termination process IT Policy enforcement

31 Technical Review Enforce policy by:- Implementing the appropriate technology Configuring the technology accordingly Ensure you can monitor for compliance Create a work plan:- Upgrade technology if needed Update technical skills where required

32 Workshops for Staff Raise security awareness by:- Show Staff the Policy System; Explain why it’s important Tell War Stories Concentrate on Highlights, Don’t Overdo the Detail Repercussions for Non Compliance Monitor Staff Usage of Resources

33 Raising Staff Awareness Is SPAM a danger to our information? Why we want you to change your passwor d

34 The IT Policy Lifecycle

35 Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems Email: tonyk@protocolpolicy.com Web: www.protocolpolicy.com Video: www.youtu.be/whbywf8ovK0 Demo: demo.protocolpolicy.com


Download ppt "Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems."

Similar presentations


Ads by Google