Information Security Policies and Standards

875
-1

Published on

Presented by Ari Moesriami, Institut Teknologi Telkom
Bandung
mbarmawi@melsa.net.id

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
875
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
130
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • A policy may have many standards associated. A standard should have only one policy associated. A standard may have many guidelines associated........
  • Information Security Policies and Standards

    1. 1. Information Security Policiesand StandardsAri MoesriamiInstitut Teknologi TelkomBandungmbarmawi@melsa.net.id
    2. 2. The challenges Define security policies and standards Measure actual security against policy Report violations to policy Correct violations to conform with policy Summarize policy compliance for the organization
    3. 3. Where do we start?
    4. 4. The Foundation of Information Security
    5. 5. The Information Security Functions
    6. 6. Managing Information Security
    7. 7. Policies
    8. 8. The Purpose Provide a framework for the management of security across the enterprise
    9. 9. Definitions Policies  High level statements that provide guidance to workers who must make present and future decision Standards  Requirement statements that provide specific technical specifications Guidelines  Optional but recommended specifications
    10. 10. Security Policy Access to network resource will be granted Passwords through a unique will be 8 user ID and characters password long Passwordsshould includeone non-alphaand not found in dictionary
    11. 11. Elements of Policies Set the tone of Management Establish roles and responsibility Define asset classifications Provide direction for decisions Establish the scope of authority Provide a basis for guidelines and procedures Establish accountability Describe appropriate use of assets Establish relationships to legal requirements
    12. 12. Policies should…… Clearly identify and define the information security goals and the goals of the institution/unit/company.
    13. 13. The Ten-Step Approach
    14. 14. Policy Hierarchy Governance Policy Access User ID Control Policy Policy Access Password User ID Control Construction Naming Authentication Standard Standard Standard Strong Password Construction Guidelines
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×