Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Information Security Policies and Standards


Published on

Presented by Ari Moesriami, Institut Teknologi Telkom

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Information Security Policies and Standards

  1. 1. Information Security Policiesand StandardsAri MoesriamiInstitut Teknologi
  2. 2. The challenges Define security policies and standards Measure actual security against policy Report violations to policy Correct violations to conform with policy Summarize policy compliance for the organization
  3. 3. Where do we start?
  4. 4. The Foundation of Information Security
  5. 5. The Information Security Functions
  6. 6. Managing Information Security
  7. 7. Policies
  8. 8. The Purpose Provide a framework for the management of security across the enterprise
  9. 9. Definitions Policies  High level statements that provide guidance to workers who must make present and future decision Standards  Requirement statements that provide specific technical specifications Guidelines  Optional but recommended specifications
  10. 10. Security Policy Access to network resource will be granted Passwords through a unique will be 8 user ID and characters password long Passwordsshould includeone non-alphaand not found in dictionary
  11. 11. Elements of Policies Set the tone of Management Establish roles and responsibility Define asset classifications Provide direction for decisions Establish the scope of authority Provide a basis for guidelines and procedures Establish accountability Describe appropriate use of assets Establish relationships to legal requirements
  12. 12. Policies should…… Clearly identify and define the information security goals and the goals of the institution/unit/company.
  13. 13. The Ten-Step Approach
  14. 14. Policy Hierarchy Governance Policy Access User ID Control Policy Policy Access Password User ID Control Construction Naming Authentication Standard Standard Standard Strong Password Construction Guidelines