Question

WEEK 1: GOOD COMPONENTS OF A SECURITY POLICY

What are good components of an organizational information security policy? What are some areas that you think should be addressed? What are some obstacles that keep organizations from having a well thought-out security policy? How can they be overcome?

Answer 1

What are good components of an organizational information security policy? What are some areas that you think should be addressed?

Whether you are tasked with the writing your organization’s Information the Security Policies and to updating the existing security policy and the security policies, knowing what is in the well crafted policy is the important. Below are details of many of areas you should the include:

Security Definition – All the security policies should include the well-defined security the vision for organization. The security vision should be clear and the concise and the convey to readers intent of the policy. Also included in the section should be details of what if any the security standards your the organization is following.

Examples of which are ISO 27001 Information the Security Management of the System (sometimes still referred to ISO 17799), the NIST Standard (National Institute of the Standards and the Technology) and any of other standards available to us.

Enforcement – This section should clearly to identify how policy will be enforced and how the security breaches and misconduct will be handled. Whatever the enforcement actions us enact should be the cohesive with enforcement actions that you already have in the place for any enterprise the security breaches.

User Access to the Computer Resources – This section should identify the roles and the responsibilities of the users accessing resources on the organization’s network. The procedures should be included such as but not the necessarily limited to:

          The Obtaining Network Access and the Application permissions

            The prohibiting personal use of the organizational computer systems

            Use of the portable media devices

            Applicable to e-mail standards of the conduct

            The Specifications for both acceptable and prohibited the internet usage

            The account termination process

            Threat the notification procedures.

What are some obstacles that keep organizations from having a well thought-out security policy? How can they be overcome?

Ideally, the effective risk assessment the program should ensure the necessary security controls are in the place or to put in the place based on information risks and threats that the organization faces. The risk assessment process should identify and to prioritize any gaps found. In other words, the effective risk assessment program should drive the organization’s security initiatives and the program.

However, the security risks assessments are subjective the exercises. The risk assessments can be inadvertently and the advertently skewed based on the interpretations and the result in not to implementing the necessary security the controls. Reluctance to the spend money and perform unplanned the activities and change user experience are the other factors that can affect the risk assessment the results. We’ll take the look at these challenges and the ways to the overcome them in the order to improve risk assessment the process.