| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Policy Guides
|
|
Sample Policies
|
|
Security, It's Not Just Technical The goal of this paper is to introduce the need for an adequate information security policy within your respective workplace/organization. I will also show the basic types of security policies, the basics on how to construct an information security policy and the hierarchical structure needed to implement and enforce these policies.
By Kevin M. Dulany, 04/30/2004
|
|
Security Policies in a Global Organization In a global organization, special difficulties arise in creating and maintaining effective information security policies. Difficulties include varying risk tolerance levels among business units, legal and business cultural differences and policy differences arising through merger or acquisition. In order to deal with these issues, it is probably necessary to create a tiered structure of information security policies with some policies applying globally throughout the organization, and other policies applying to individual geographical, or regional entities.
By Gerald P. Long, 04/30/2004
|
|
The Use of Case Law in Negotiating the Acceptance of Post Secondary Computer Policies One of the most important initiatives that an organization will undertake is the development of Acceptable Use Computer Policies. The Computer Security Specialist is usually confronted with a situation where individuals are reluctant to accept the implementation of these policies. These individuals often include system, network and database administrators. They often believe that their functions are more important than security related issues and therefore security will be a forgotten entity until a security related incident has occurred. It is the intent of this paper to provide a compelling argument that will facilitate cooperation and compliance by persuading all individuals that there is little or no choice but to adopt a policy scheme that will act as the first line of defense for their organization.
By George B. Koszegi, 04/30/2004
|
|
Defining Policies Using Meta Rules This paper seeks to initiate a discussion on how to design and implement security policies within a company. It first describes a methodology for developing security policies based on the concept of meta-rules, rules which define how to write rules. It then describes how to use measures to determine the effectiveness of the policies in a business context. Finally it shows the relationship between a measurement system and a systematic review of policy to verify and validate the meta-rules chosen as the basis for security policy.
By Dan McGinn-Combs, 04/30/2004
|
|
Building and Implementing an Information Security Policy The purpose of this paper is to describe a process of building and, more importantly, implementing an Information Security Policy. The paper attempts to identify the important decisions regarding content, compliance, implementation, monitoring and active support, that have to be made in order to achieve an information security policy that is usable; a policy that lives and evolves as your organization infrastructure and operational requirements change and a policy that is understood and supported by management and colleagues.
By Martyn Elmy-Liddiard, 04/30/2004
|
|
Developing a Security Policy - Overcoming Those Hurdles This paper describes the real-life experiences involved in developing a security policy and gaining its endorsement in a medium sized company. The major challenges, as with all companies, is the big cost factor and the acknowledged belief that security is not a real issue. After all, who’d want to attack us and what damage could they do?
By Chris Wan, 04/30/2004
|
|
Security Policies: Where to Begin The intent of this paper is to guide you through the process and considerations when developing security policies within an organization; however it will not attempt to write the initial policies. There are a multitude of excellent websites and software products available that can assist with the actual development and provide sample formats.
By Laura Wills, 04/30/2004
|
|
Guidelines for an Information Sharing Policy This paper presents a set of guidelines which may be used in the creation of an Information Sharing Policy for small organizational units. To help facilitate these guidelines, a general overview of effective policy creation is presented. Following the step-by-step Information Sharing Policy guidelines, specific examples of the policy’s use are set forth. Concluding remarks include information on increasing policy effectiveness and awareness.
By Chris Gilbert, 04/30/2004
|
|
Implementing/Re-Implementing Change Control Policies All network environments change over time, whether the change is planned or unplanned. Change Control Policies help to minimize the inadvertent creation of security openings when implementing planned, unplanned, or recovery changes to a company’s network environment.
By Derek P. Milroy, 04/25/2004
|
|
How to teach employees to protect their passwords If you go into just about any office in America where passwords are required to access computer resources, odds are close to one hundred percent that you will find someone's password written on a Post-It note and stuck on the edge of their monitor. If it's not there, there's a darn good chance that it's on a Post-It on the right or left of the inside of the top desk drawer. This brief article, written for the business community, discusses the need for clear, enforceable password policies and the necessity of employee training to ensure the policy works as it should.
04/17/2004
|
|
Page: 1 2 34 |
