In: Computer Science
It is very important about how you craft your organization's security policies with your organization.
Your policy should comprehensively address all the main security vulnerabilities and risks within your organization.
Remember your overall security policy, not all covers computers, internet, applications, servers, user access, etc.. but many other areas which we will delve into. Attached is a sample acceptable use policy from the SANS Institute.
What sections really stand out to you and why?
Answer: Security Policy is a document that contains all the methods and procedures to protect the organization from various types of threats such as financial threats,laws and regulations,virus attacks,malware,careless employees,threats to the data of an organization etc.Security policy can be considered as a well defined plans and practices to access the organization system and the information.Security policy is a document that contains all the threats and also contains the things we need to do when the threat occurs.
Security policy must contains the following features:
Purpose of preparing a security policy:
There are many threats in an organization such as natural threats,financial threats,unintentional threats,IT related threats,Intentional threats.The combination of all the threats and vulnerabilities is known as Risk.There are many risk factors to be considered while preparing a security policy for an organization.
Risk is a loss or damage which results from the threats to an organization.
The various threats and risks to the organization are:
The factors that needs to be stands out in a particular security policy are:
This security policy includes the security policy of a particular organization.It includes the objectives of security policies and it also provides detailed information that how to achieve it.This security policy is for all the risk factors of the organization.Its scope is to covers all the risk factors such as financial,environment,IT,Legal,Human Resource,Market and Operations Risks.It deals with all of this and defined the policies to handle it.
Security Objectives:
Security is must in any kind of an organization.The objectives of the security policy are:
Responsibilities:
Responsibilities of each department and their respective head must be stands out in a security policy.
Each person or department is responsible for each kind of security.The responsibilities can be defined in such a way:
Notifications of any kind of mishappening
The mishappening related to the loss of data,system downtime,virus and malware attacks must be informed to the IT security manager.
Risk Management
Risk Management is the process of identifying and analyzing the risk and performed various operations to minimize the risk.
How Risk Management is done
Above are all the sections that needs to stands out in a particular organization's security policy.