Developing Security Policies and Procedures - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Developing Security Policies and Procedures

Description:

Responsibilities - who is responsible for what. Who do you contact if you have questions. ... Compliance - who is responsible for enforcing the policy. What ... – PowerPoint PPT presentation

Number of Views:71
Avg rating:3.0/5.0
Slides: 15
Provided by: norma129
Category:

less

Transcript and Presenter's Notes

Title: Developing Security Policies and Procedures


1
Developing Security Policies and Procedures
  • Norma Jean Schaefer
  • ITC/ISO
  • Kansas Bureau of Investigation

2
Ooooo policies. Yuck!
  • Policies are administration directives.
  • Policies set goals and assign responsibilities.
  • To users, policies are a pain.

3
Types of policies
  • Program policies - high level
  • System-specific policies - rules to protect
    systems and data
  • Issue-specific policies - loss of equipment,
    obtaining access, etc.

4
Anatomy of policies
  • Purpose statement
  • Scope - who and what the policy effects.
  • Responsibilities - who is responsible for what.
  • Who do you contact if you have questions.
  • Compliance - who is responsible for enforcing the
    policy. What the disciplinary action will be.

5
Policies need to be...
  • supported by administration.
  • written by a team.
  • reviewed by the legal division.
  • customizable and allow user input.
  • enforced automatically.

6
Tips on writing policies
  • Detailed policies are clearer but create an
    administrative burden and users wont read them.
  • Write the full document distribute the short
    version.
  • Make policies available in paper and on an
    Intranet.

7
Tips on writing policies
  • Dont reinvent the wheel.
  • Review policies annually.
  • Have new employees sign them before obtaining
    access to systems.

8
Training
  • Provide awareness training on policies.
  • Dont threaten your users/Enlist your users.
  • Make them ISOs.
  • Make posters.
  • Give away prizes.

9
Some issue-specific security policies
  • Administrator
  • Internet and E-mail Use
  • PC and Network
  • Vendor
  • Network Connection

10
Procedures
  • Follow the same process with procedures.
  • Do not distribute procedures except on a need to
    know basis.
  • If procedures need to be distributed to users,
    mark classified and explain to users why.

11
Positive attitude
  • Keep the delivery of policies positive.
  • Give praise.
  • Help users be successful.

12
Your reward
  • Safer network.
  • More productive work force.
  • More up-time.
  • More time to do other tasks.

13
Reference
  • Practices for Protecting Information Resource
    Assets
  • Texas Department of Information Resources, Austin
    TX, March 2000

14
  • The security blueprint needs to be enforced and
    equality/fairness has nothing to do with it.
    Computer attacks are not fair to anyone. They are
    anything but equal.
  • -Defending your Digital Assets, Randall K.
    Nichols, Daniel J. Ryan and Julie J.C.H. Ryan
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Developing Security Policies and Procedures" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!