In: Computer Science
Define, discuss and develop information security policy with all its elements.
Information Security Policy:
It is a set of policy issued by organization that all users within
the domain of organization stored digitally at any point in the
network
Information security is like arms race. Organizations will change
and grow over a period of time; hence they should have room for
required version updates. The policy needs to be revised at fixed
intervals, and all the revision need to be approved and documented
by te unauthorized person.
The information security policy has
a. It should be practical and enforceable.
b. It should have a room for revision and updates.
Elements:
1. Audience:The scope of the audience to whom the information
security policy applies should be mentioned clearly, it should
define what is considered as out of scope.
They define the audience to whom the information security
applies.
E.g. staff in anoter business unit which manages security separetly
may not be in the scope of policy
2. Asset
How asset will be categorized, how assets re-evaluated and what are
the details responsibility of a security team, IT team, Users? The
solution is special care should be taken to what has to be covered
here and what is in the asset management part of the policy.
Asset management basically the IT part of the asset. It will cover
the lifecycle of how the asset will be taken onboard, installed,
maintained, managed and retired.
3.Data classification:
policy classify data into categories which may include topscreat
secret confidential and public.
By using this to protect data and avoid needless security for
unimportant data.
4.Objectives
Information security classify 3 objectives
a. Confidentiality : information authorized to access and not to
disclosed others.
b. Integrity : keep data intact and accurate.
c. Availability: information is disposal of authorized users when
needed.
5.Security Behavior:
Share Security with your staff. Construct training session to
inform employees of security procedures and mechanism including
data protection measures, access protection measures and sensittive
data.
6.Authority:
The manager have the authority to decide what data can be shared
and with whom. The policy should outline the level of authority
over the data and IT systesm for each organization