1 / 9

Effective Computer Security Policies: A Guide for Implementation & Success

Learn the importance of computer security policies, their common components, and types. Discover what makes a successful policy, how to develop, and implement them effectively. Get insights on management instructions, guidelines, standards, and procedures, along with the difference between "must" and "should." Understand how policies form the foundation of security operations and how they prevent chaos. Find out ways to tailor policies to your organization and ensure clarity and brevity in their communication. Accessible publication methods are key, and implementation challenges such as lack of management support and user training are discussed.

ellenmendez
Download Presentation

Effective Computer Security Policies: A Guide for Implementation & Success

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Developing Computer Security Policy Ward Parker Global Integrity

  2. What Are Policies? • Management instructions • Provide overall objectives • Guidelines, Standards, Procedures • Difference between “must” and “should”

  3. Why are Policies Important? • Foundation of all Computer Security Operations • Effective vs.. Chaos • Got a good lawyer? • Cart before the Horse Syndrome • Put Management to work for you

  4. What Makes a Successful Policy? • Brevity is an Art • Clarity is your friend • Give them what they need, not what they want • Tailor to the organization • Eating an elephant

  5. Types of Policies • Regulatory • Advisory • Informative

  6. Common Components • Statement of Policy • Authorizing individual • Author • Reference to other policies, if any • Measurement of Expectations • Waiver Requests • Process for Requesting Change • Violation • Effective Date • Review Date

  7. Publication Methods • Policy Manual • Personal Guides • Brochures • On-line Documents Whatever you choose, make sure they are accessible!

  8. Implementation…Nobody Said It Would Be Easy • Management doesn’t understand importance • Lack of support throughout organization • Awareness & Training of users

  9. Questions/Comments • Sources: • “Information Security Made Easy” • “Handbook of Information Security Management” • (703) 293-5302/wcp@globalintegrity.com

More Related