Information Security Policies and Standards
Upcoming SlideShare
Loading in...5
×
 

Information Security Policies and Standards

on

  • 689 views

Presented by Ari Moesriami, Institut Teknologi Telkom

Presented by Ari Moesriami, Institut Teknologi Telkom
Bandung
mbarmawi@melsa.net.id

Statistics

Views

Total Views
689
Views on SlideShare
689
Embed Views
0

Actions

Likes
0
Downloads
64
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • A policy may have many standards associated. A standard should have only one policy associated. A standard may have many guidelines associated........

Information Security Policies and Standards Information Security Policies and Standards Presentation Transcript

  • Information Security Policiesand StandardsAri MoesriamiInstitut Teknologi TelkomBandungmbarmawi@melsa.net.id
  • The challenges Define security policies and standards Measure actual security against policy Report violations to policy Correct violations to conform with policy Summarize policy compliance for the organization
  • Where do we start?
  • The Foundation of Information Security
  • The Information Security Functions
  • Managing Information Security
  • Policies
  • The Purpose Provide a framework for the management of security across the enterprise
  • Definitions Policies  High level statements that provide guidance to workers who must make present and future decision Standards  Requirement statements that provide specific technical specifications Guidelines  Optional but recommended specifications
  • Security Policy Access to network resource will be granted Passwords through a unique will be 8 user ID and characters password long Passwordsshould includeone non-alphaand not found in dictionary
  • Elements of Policies Set the tone of Management Establish roles and responsibility Define asset classifications Provide direction for decisions Establish the scope of authority Provide a basis for guidelines and procedures Establish accountability Describe appropriate use of assets Establish relationships to legal requirements
  • Policies should…… Clearly identify and define the information security goals and the goals of the institution/unit/company.
  • The Ten-Step Approach
  • Policy Hierarchy Governance Policy Access User ID Control Policy Policy Access Password User ID Control Construction Naming Authentication Standard Standard Standard Strong Password Construction Guidelines