SlideShare a Scribd company logo

Harrisburg University ISEM 547 IT Policy Objectives

Download as DOCX, PDF
S
shericehewat

This document discusses IT policies, procedures, guidelines, and standards. It defines each term and explains that policies establish principles and rules to govern organizational actions, while procedures provide specific instructions to implement policies. Guidelines are recommended best practices, while standards provide a basis for comparison. The document notes that written policies and procedures help ensure consistency, manage risk, and prove due diligence. It provides tips for writing good policies and procedures, including making them clear, specific, enforceable, and flexible. The document also discusses when a procedure is needed to support a policy.

Education
1 of 32
Harrisburg University ISEM 547 IT Policy Objectives Why Policy? Policy, Procedures, Guidelines Writing IT Policy (Best Practices) IT Policy Management 2 IT Policy 3
What is Policy, Procedures, Guidelines & Standards ? Policy: are principles, rules, and protocols formulated or adopted by an organization to govern its actions. The requirements outlined in policies, are used to control and guide important organizational decisions (e.g., managerial, financial, administrative, acquisitions, contractual, programmatic, operational, technical, etc.); within the boundaries set by them Procedures are specific instructions to be used to implement policy requirements in a specific way; they are enforceable through the policy Guidelines are general rules, practices, and/or instructions that can be referenced to comply with policy; they are not enforceable but recommended as best practices that should be followed Standards: refer to something that is considered by an authority or by general consent as a basis of comparison (e.g., industry, protocols, academic, etc.) The purpose of standards is to outline agreed principles or criteria, so that their users can make reliable assumptions about a particular product, service or practice Standards are often referenced in policies or can be used to frame a policy Policies should have a formal lifecycle and change management process 4
Why IT Policy is Important Primary reasons for IT Policy: Protecting corporate assets (keeping systems and corporate information safe) The policy aligns stakeholders and drives desired behaviors, actions, and provides guidance on how to do things Only written and published policy can be used to prove the company has exercised “Due Diligence” in a court of law There may be legal or regulatory reasons a policy must be created and published (e.g., HIPAA, FTI1075, Federal Green- Book Standard, etc.) Enable an organization to manage business risk through defined controls that provide a benchmark for audit and corrective action Without documented policies and procedures each and every employee and contractor will act in accordance with their own perception of acceptable use and system management will be ad-hoc and inconsistent 5 Features of good policy Features of good policy usually include the following Specific- Policy should be specific/definite. If it is uncertain, then the implementation will become difficult. Clear & Understandable - Policy must be unambiguous. It should avoid use of jargons and connotations. There should be no misunderstandings in following the policy. Unclear policies can lead to indecisiveness and uncertainty in minds of those
who look into it for guidance Uniform- Policy must be uniform enough so that it can be efficiently followed by the subordinates. Appropriate- Policy should be appropriate to the present organizational strategies and goals and address the intended policy objectives. Simple- A policy should be simple and easily understood by all in the organization. Inclusive/Comprehensive- In order to have a wide scope, a policy must be comprehensive. Flexible- Policy should be flexible in operation/application. This does not imply that a policy should be altered always, but it should be wide in scope so as to ensure that the line managers use them in repetitive/routine scenarios. Enforceable- Policy should be monitored with established criteria as to how it will be enforced and determine compliance Doable- ensure that the policy can be successfully implemented and not so restrictive or costly that the mission of the organization is placed at risk. 6 IT Policy Types of Policy 7 IT Policy Types & Domains?
Policy Types General Program Policy: sets the strategic directions of the enterprise for global behavior and assigns resources for its implementation( e.g., conflict of interest, codes or standards of conduct, etc.) Topic Specific Policy: addresses specific issues of concern to the organization (e.g., e-mail, Internet usage, social media, physical security, application development, systems maintenance, BYOD, etc.) System/Application –Specific Policy: focus is on decisions taken by management protect a particular application or system (e.g., controls for financial management associated with AP, AR, business expenses; employee appraisal system, etc.) Each ITP is categorized based on its primary subject matter. This categorization is called a domain. IT Policy Domains Security Applications & Software Architecture/Infrastructure Services Project Management Procurement IT Finance & Budgeting 8 Creating IT Policies
9 Creating IT Policy – Getting Started Determining need for and framing a new or revisions to existing IT policy? What is the problem or issue(s) that you are trying to solve? Has a risk assessment been completed and validated the extent of the potential risks involved with the problem or issue(s) (e.g., financial, legal, public relations, security vulnerability, etc.) ? How would a policy assist in remediating or mitigating the problem or issue(s)? Can the problem or issue(s) be resolved by creating new or changing existing standard operating procedure (SOP), guideline, process, and/or training program? How will the policy effect/impact your stakeholders? Will this policy apply to the entire community or a subset? 10 Creating IT Policy – Getting Started Determining need for and framing a new or revisions to existing
IT policy? Will this policy apply to the entire community or a subset? Will this policy apply to users of a given product/service, regardless of their affiliation (e.g., O365 users, SAP users, windows machines, etc.)? Will any costs be involved in implementing this policy? How will your policy clarify how IS/IT does its business? Will this policy impact your business partners and/or require contract modifications (e.g., background checks, nondisclosure agreements, security controls, product reference listings, etc.)? Engage stakeholders and inquire as to what other factors should be evaluated and/or considered when creating this policy? How would a policy impact customers in accessing and using your business and/or IT services? 11 Creating IT Policy – Getting Started Determining need for and framing a new or revisions to existing IT policy? What teams are responsible for the product and/or service area that is impacted by this policy? Are there multiple teams? How will these teams coordinate the administration of the policy? Will any costs be involved in implementing this policy? Is there any other related document that you want to refer to or incorporate in your policy (e.g., procedures, guidelines, Standards, other policies, etc.)? Who is the policy owner (considered the source of the authority
for this policy)? Who shall review and approve this policy? Note: The some of above information may appear in your policy, but it will confirm for you whether or not you really need a policy. 12 Creating IT Policy – Getting Started When developing policy, need to be careful in saying too much or saying too little. The more complex and detailed the policy, the higher degree of maintenance and training required Policies should be written at a high level and incorporate standards, procedures, and/or guidelines to provide those affected by the policy with methods for implementing and ensuring compliance When incorporating standards, ensure the standards are reasonable, relevant, flexible, and current Conduct research for existing policy examples that can be referenced 13 Creating IT Policy – Getting Started
Consult with subject matter experts and stakeholders when drafting the policy (e.g., policy content and understanding impacts) Do not embed the content of procedures, guidelines, and industry standards in the policy document. Should reference them but keep them as separate documents. Sometimes, a policy has progressive discipline actions. For example, policy language can list the situation: for the first offense, you will receive sanction 1, for the second offense, you will receive sanction 2, etc. Your policy language should state that the sanctions are enforced and are in the best interest of the service provider and the larger community. Should be written keeping in mind the features of good policy 14 Creating IT Policy - Draft Draft the language Now that you have your information, you are ready to write a draft. Who will write the draft? Don't assume that the team's content expert should be the person to write the draft. Find out who is the most experienced writer on your team (could be the content expert) and ask that person to write the first draft. The first draft is important because it sets the tone you want to
present for the policy. 15 Creating IT Policy – Draft Suggestions Here are some suggestions to help you write your draft: Create a brief outline of the topics you want to cover State clearly what your stakeholders can and cannot do Explain how to correct an action Include any terms that might be confusing to the customer and provide definitions If appropriate, list any special circumstances in which this policy would not apply If appropriate, include any time constraints (e.g., does this policy apply only at the beginning or end of the a specific business cycle, or only at tax time)? 16 Policy Elements IT policy document should contain the following sections: Organization Name & Logo Policy Title
Policy Number (logical number sequence and categorized by policy domain area) Date the policy was written Date policy was last revised Date the policy will be effective Policy Statement Purpose Scope/Jurisdiction Objectives Definitions Policy Requirements & Controls References The organization who is responsible for policy lifecycle management usually facilitate the creation and maintenance of polices and IT Governance Charters 17 Creating IT Policy – Suggestions Review and get final approval It's time to send the draft out for review. Send the draft to the appropriate reviewers and let them know that this is a draft and that their comments are welcomed If you receive comments that are confusing, unclear, or contradict other's points of view, consider conducting a face to face meeting to review all the comments. That way, you will ensure that everyone has heard all the suggested changes and has agreed on the revised wording. Where appropriate, incorporate the comments and be sure you indicate these changes.
Circulate the draft again until everyone agrees on the wording Send the policy to the approver(s) for a final approval 18 Creating IT Policy –Suggestions Communicate to the Stakeholders You have final approval for your policy and are ready to make it public How do you want to promote this policy? What medium and communications channels will be used to promote the policy? Corporate Home page or IT Intranet site, CIO newsletter, webinars, forums, visits to departments direct mail, and/or campus-wide email? What is the timing for this policy (immediate, phased, big- bang)? Depending on the breadth and impact of the policy, you might choose different strategies Certain corporate and IT polices require reoccurring training certain times during the calendar year or every 2-5 years. 19 Creating IT Policy – Suggestions
Recommended bodies to use reference for IT Policies: National Institute of Standards and Technology (NIST) American National Standards Institute (ANSI) Gartner Inc. Institute of Electrical and Electronics Engineers (IEEE) 20 IT Security Policy Considerations Every organization should have a strategy for how it will implement Information Security principles, technologies, and policies All these require, in some form, a written IT security policy: PCI Data Security Standard (DSS) Health Insurance Portability and Accountability Act (HIPAA) HITECH Act Sarbanes-Oxley Act (SOX) ISO family of security standards Graham-Leach-Bliley Act (GLBA) 21
IT Security Policy Considerations IT security polices within an organization typically encompass the following areas: Acceptable Use Organization Security IT Asset Classification Personnel Security Physical & Environmental Security Authentication & Access Controls (e.g., guest, employees, remote, business partners, etc.) Business Continuity Data/Information Security (e.g., encryption, data classification, e-commerce, DLP) Network & Firewall Incident Response Policy 22 IT Security Policy Considerations Why is IT policy important? Think of a situation that could have been or can be prevented had an IT policy been in place? List and briefly describe five features for structuring good policy? What elements should be contained in your policy outline?
23 Group Discussion IT Policy Management 24 IT Policy Adoption and Management It is important to a group within the IT Organization who oversees IT Policies and performs compliance audits. The IT policy group also coordinates with business side of the house regarding HR polices related to IT. IT policy organization should establish policy life cycle model with processes and procedures e.g., request, create, modify, review, approve, communicate, publish, etc.) New and/or changes to existing IT policy should require a formal review and approval leveraging IT governance entities IT Policy Domain Workgroups or Subcommittees shall review IT polices on a annual basis to examine waiver patterns, relevancy, and alignment and recommend changes to higher level governance entity 25
IT Policy Adoption and Management There should be a IT policy waiver process to grant exceptions on a temporary basis. The IT policy waiver process should be linked to risk management and audit compliance processes as well. IT Policy Dashboard should be maintained to provide the stakeholder community with a transparent and high-level reporting mechanism for all IT polices currently in the governance process Create a policy glossary to be referenced as a common standard language of terminology and definitions to ensure consistency when developing policy Establish routine (20-day review), expedited (10-day review), and emergency (as determined by CIO or CISO) process categories to be able to make IT policy changes in a timely manor based on the situation Leverage a robust EDMS with configurable workflow process to facilitate the IT Policy LSM processes. 26 IT Policy Adoption and Management Policy Reference Matrix A policy matrix should be developed and maintained; typically a source or record for the IT Policy Dashboard This matrix maps existing policies with other policies. This provides IT policy stakeholders with a reference to what policies may affect other policies, particularly if a policy is modified or rescinded The policy matrix captures all published policies and their
current status (active, create, modify, rescinded, etc.) The policy matrix captures information on whether a policy has Product Standards references The policy matrix captures the IT policy Business Owner The IT policy coordinator should review the policy matrix on a routine basis and provide the necessary revisions based on the current IT policy environment The policy matrix is usually an internal IT document but it can be made available at the request of policy stakeholders 27 IT Policy Adoption and Management Key Steps in IT Policy Creation Determine Need (new policy or changes to existing policy) Request Submission (New of Change) Policy request and approval Research, Evaluation, & SME consultation (Impacts, standards, exist references, requirements, scope, costs, enforceability, etc.) Draft initial draft policy document Stakeholder initial review and feedback on draft policy document Evaluation and consideration of feedback/recommendations Revisions and creation of final policy draft Stakeholder secondary review and feedback Evaluation and consideration of feedback/recommendations Create signature ready IT Policy Final Policy Approval Communications to stakeholders Publication
28 29 30 IT Policy Adoption and Management Important to establish a IT policy lifecycle management program from creation to recension. Formal process should exist for the following: Policy Change Management Policy Release Management Policy Audit & Compliance Management Policy Records Management
31 IT Security Policy Considerations Why is it important to require new and/or changes to existing IT policy ? What is the importance of establishing IT Policy Dashboard, Matrix, and Glossary? What key processes should be established to support the lifecycle management of IT policies? 32 Group Discussion Assignments Chapter 8 (IT Managers Handbook) Homework 4: IT Policy Management & Procedures 33
Harrisburg University ISEM 547 IT Policy Procedures Objectives Policy, Procedure, Guidelines, Standards When do you need a procedure Creating Procedures Considerations Guides to writing procedures 2 What are Policies, Procedures, Guidelines & Standards ? Policy: are principles, rules, and protocols formulated or adopted by an organization to govern its actions. Procedures are specific instructions to be used to implement policy requirements in a specific way; they are enforceable through the policy. Procedures are action oriented, factual and instructional. Procedures are often integral components in policies outlining the particular actions or steps to meet policy compliance requirements
Guidelines are general rules, practices, and/or instructions that can be referenced to comply with policy; they are not enforceable but recommended as best practices that should be followed Standards: refer to something that is considered by an authority or by general consent as a basis of comparison (e.g., industry, protocols, academic, etc.) Standards are often referenced in policies or can be used to frame a policy 3 Creating Procedures 4 When do you need a procedure? Not everything or IT policy needs a procedure. The number-one rule of procedure writing is to make sure there's a reason to create a procedure Polices require specific processes or protocols are to be followed for compliance
Staff forget to take certain actions, perhaps they keep on getting things wrong Tasks are so long and complex that people need guidance on doing things right Serious consequences result when a process if done wrong When a process or situation demands consistency A written procedure is necessary only if the issue is important or if there will be a significant benefit from clarifying a process or outlining specific actions required for policy compliance. 5 Procedures 6 Creating Procedures - Considerations Good procedure means understanding the process and the environment (things that influence or integrate with process) Procedures documents will vary in specific features, based on the type of information that is detailed. Effective procedure documents are those that have clear and consistent formatting so that readers know how to follow the material. Paragraphs should begin and end without confusion so readers
should not have to wonder where one step ends and another begins. In describing steps: use strong action verbs, provide enough specificity and explanations to ensure that readers know exactly what to do Embed relevant icons, images, graphs/charts, flow charts, or tables in the procedures to guide and facilitate understanding. 7 Procedures 8 Creating Procedures - Considerations The writing style for a procedure document should rely on clear and concise language. All procedural information should be accurate, and any acronyms should be clarified for instance, the "Food and Drug Administration (FDA)." For procedure document that will be in circulation for some time, avoid using specific information that might become outdated quickly. Technical language and jargon that will be unfamiliar to most, should be clearly defined (SaaS, DR, COTS, DDOS, MIPS, etc….).
9 Creating Procedures - Considerations Effective procedure documents should be in outline format with clear headings, sub-headings, and labels (Diagrams & tables). Those responsible for writing procedure documents are also responsible for reviewing them periodically. If the information is not effective in helping employees, or attaining the desired outcomes; then the procedure should be revised and improved 10 Creating Procedures - Considerations Writing a procedure that is accurate, brief, and readable isn't always easy. But, with a bit of knowledge and practice, you can learn effective procedure-writing skills. Well-written procedures help improve productivity and the quality of work within your organization Ensure that the people who need to use a procedure have not only read it, but also understand and have used it. Validate procedure before publication 11
Creating Procedures 12 Creating Procedures – Starting Block The key planning activities for writing effective procedures is to research and gain a keen understand the process that the procedure will document Have a clear understanding of the purpose, scope, objectives, circumstances, and target audience of the procedure Research and collect information (consulting with subject matter experts, observe and interview process owners and process doers) 13 Creating Procedures – Starting Block Procedure document should be derived from what you have learned from the planning phase Once the research an planning phase is complete, define the
core functions being performed, associated processes and sub processes (e.g., inputs, outputs, steps, activities, logical sequencing, interdependencies, resources, location, etc.) Integrate meaningful illustrative components such as process maps, flow-charts, outlines, examples, and value streams 14 Creating Procedures – Illustrations Helpful 15 Creating Procedures – Illustrations Helpful 16Budget ScheduleItemQ1Q2Q3Q4OwnerBudget AnalysisxxxxCFO, COO, VPsBudget RequestVP & Department HeadsIncome StatementxxxxFinance & AccountingSales ForecastxSales & MarketingCustomer AnalysisxxSales & MarketingStaffing AnalysisxHuman Resources & Department
Heads Creating Procedures – Illustrations Helpful 17Business Systems Technical Specification Compliance RequirementsItemSystem 1System 2System 3System 4OwnerTechnical Specification AxxxxSecurityTechnical Specification Bx x N/Ax Infrastructure & OperationsTechnical Specification CxN/AxxApplicationsTechnical Specification D N/A xN/A N/A Help DeskTechnical Specification E N/A x N/A xEnterprise MessagingTechnical Specification F X N/A xN/A EDC Creating Procedures Core Steps 18
Creating Procedures – Core Steps Preparation: Conduct research Provide a purpose statement (why this procedure) Provide an overview of the procedure Identify prerequisite knowledge and skills, if any Highlight any specific issues and other precautions Define list of recourses, systems, equipment, supplies, or parts needed for the procedure 19 Creating Procedures – Core Steps Writing Procedure Define a logical sequence of steps and substeps Define decisions and decision criteria Ensure clarity and economy of words. Write to the level of the reader's ability Define unfamiliar terms Include hints and helps Add illustrations, analogies, models, charts, pictures, workflows, tables, or anything that will aid understanding of the process and steps involved
20 Creating Procedures – Core Steps Validate Walk through and/or pilot test your procedure. Obtain feedback and recommendations from the target audience during this step. Is it understandable, effective, complete? Does it produce the desired results? Revise & Revalidate Evaluate and incorporate the feedback and recommendations and then retest and validate. Finalize the procedure document. Publish Issue the procedure document and establish mechanisms to periodically review to determine accuracy and relevancy as things may change within the environment or policy. 21 Creating Procedures Procedure Document Outline 22
Creating Procedures - Outline Title page. This includes 1) the title of the procedure, 2) identification number, 3) date of issue and last revision, 4) the name of the agency/division/branch the SOP applies to, and 5) the owner and author(s) of procedure. Table of Contents. This is only necessary if your procedure is quite long, allowing for ease of reference. A simple standard outline is what you'd find here. Purpose. Define the reason and rationale for the procedure. Include applicable policies, standards, and/or regulatory requirements that may be affiliated or driving need for procedure document Scope and applicability. describe who shall follow, and how and when it's used. Include policies, standards, regulatory requirements, roles and responsibilities, and locations. 23 Creating Procedures - Outline Overview. Provide an synopsis of the procedure and processes outlined in the document Methodology and procedures. The meat of the issue -- list all the processes and steps with necessary details, including resources, inputs, outputs, sequential procedures, decision criteria, approvals, exceptions, and relationships to business and/or IT operations.
Clarification of terminology. Identify acronyms, abbreviations, and all phrases that aren't common. Resources. Complete list of what is needed and when, where to find systems, equipment, supplies, etc. (If required) References. Be sure to list all cited or significant references. If you reference other SOPs, be sure to attach the necessary information in the appendix Appendix. Section to append additional support documentation (if required) 24 Procedures Typically, under what circumstances do you require a procedure? What are the core steps in creating a procedure document? Why is it important to validate the procedure? Does anyone use or occasionally refer to procedures in their work environment? 25 Group Discussion Assignments Chapter 8 (IT Managers Handbook) Homework 3: IT Policy Management Project 2: Part A: Create an IT Governance Matrix
Part B: Create a Governance Charter for Enterprise Security Committee Part C: Write a Information Security Policy for Data Classifications 26

Recommended

How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good PoliciesMurray Security Services
 
Information security policy how to writing
Information security policy how to writingInformation security policy how to writing
Information security policy how to writingPasangdolmoTamang
 
CHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aCHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aMaximaSheffield592
 
Policy Framework
Policy FrameworkPolicy Framework
Policy FrameworkLai En Xin
 
Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)
Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)
Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)Bonagiri Rajitha
 
Putting policy into practice
Putting policy into practicePutting policy into practice
Putting policy into practicerm4dummies
 
What are policies procedures guidelines standards
What are policies procedures guidelines standardsWhat are policies procedures guidelines standards
What are policies procedures guidelines standardsManish Chaurasia
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...IT-Toolkits.org
 

Recommended

How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good PoliciesMurray Security Services
 
Information security policy how to writing
Information security policy how to writingInformation security policy how to writing
Information security policy how to writingPasangdolmoTamang
 
CHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aCHAPTER 5 Security Policies, Standards, Procedures, a
CHAPTER 5 Security Policies, Standards, Procedures, aMaximaSheffield592
 
Policy Framework
Policy FrameworkPolicy Framework
Policy FrameworkLai En Xin
 
Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)
Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)
Importanceofasecuritypolicy 13281642117262-phpapp01-120202003227-phpapp01 (1)Bonagiri Rajitha
 
Putting policy into practice
Putting policy into practicePutting policy into practice
Putting policy into practicerm4dummies
 
What are policies procedures guidelines standards
What are policies procedures guidelines standardsWhat are policies procedures guidelines standards
What are policies procedures guidelines standardsManish Chaurasia
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...IT-Toolkits.org
 
develop security policy
develop security policydevelop security policy
develop security policyInfo-Tech Research Group
 
Writing Effective Policies & Procedures
Writing Effective Policies & ProceduresWriting Effective Policies & Procedures
Writing Effective Policies & Proceduresnoha1309
 
Writing Effective Policies & Procedures2
Writing Effective Policies & Procedures2Writing Effective Policies & Procedures2
Writing Effective Policies & Procedures2noha1309
 
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of PrinciplesSheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principlesiasaglobal
 
Creating Effective Policies & Procedures for Your Incubator
Creating Effective Policies & Procedures for Your IncubatorCreating Effective Policies & Procedures for Your Incubator
Creating Effective Policies & Procedures for Your IncubatorMark Long
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managGrazynaBroyles24
 
Policy management framework_for_managing
Policy management framework_for_managingPolicy management framework_for_managing
Policy management framework_for_managingMajiiiAbd
 
Why do you need an it policy it-toolkits
Why do you need an it policy it-toolkitsWhy do you need an it policy it-toolkits
Why do you need an it policy it-toolkitsIT-Toolkits.org
 
The benefits of technology standards it-toolkits
The benefits of technology standards it-toolkitsThe benefits of technology standards it-toolkits
The benefits of technology standards it-toolkitsIT-Toolkits.org
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
ISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxjojo82637
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
CLE-Unit-III.ppt
CLE-Unit-III.pptCLE-Unit-III.ppt
CLE-Unit-III.ppt20214Mohan
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Governing IT | TechExpress.co
Governing IT | TechExpress.coGoverning IT | TechExpress.co
Governing IT | TechExpress.coTechExpressTools
 
ComplianceGuidelinesUploaded6.14PDF
ComplianceGuidelinesUploaded6.14PDFComplianceGuidelinesUploaded6.14PDF
ComplianceGuidelinesUploaded6.14PDFPaulette Wunsch
 
CIS333 – Assignments and Rubrics Assignment 1 Creatin.docx
CIS333 – Assignments and Rubrics Assignment 1 Creatin.docxCIS333 – Assignments and Rubrics Assignment 1 Creatin.docx
CIS333 – Assignments and Rubrics Assignment 1 Creatin.docxAASTHA76
 
Article 1Question1.  What is that project Provide complete .docx
Article 1Question1.  What is that project Provide complete .docxArticle 1Question1.  What is that project Provide complete .docx
Article 1Question1.  What is that project Provide complete .docxdavezstarr61655
 
Strategic management and business policy
Strategic management and business policyStrategic management and business policy
Strategic management and business policyDipankar Dutta
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docxdurantheseldine
 
You have been asked to explain the differences between certain categ.docx
You have been asked to explain the differences between certain categ.docxYou have been asked to explain the differences between certain categ.docx
You have been asked to explain the differences between certain categ.docxshericehewat
 
You have been asked to help secure the information system and users .docx
You have been asked to help secure the information system and users .docxYou have been asked to help secure the information system and users .docx
You have been asked to help secure the information system and users .docxshericehewat
 

More Related Content

Similar to Harrisburg University ISEM 547 IT Policy Objectives

Writing Effective Policies & Procedures
Writing Effective Policies & ProceduresWriting Effective Policies & Procedures
Writing Effective Policies & Proceduresnoha1309
 
Writing Effective Policies & Procedures2
Writing Effective Policies & Procedures2Writing Effective Policies & Procedures2
Writing Effective Policies & Procedures2noha1309
 
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of PrinciplesSheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principlesiasaglobal
 
Creating Effective Policies & Procedures for Your Incubator
Creating Effective Policies & Procedures for Your IncubatorCreating Effective Policies & Procedures for Your Incubator
Creating Effective Policies & Procedures for Your IncubatorMark Long
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managGrazynaBroyles24
 
Policy management framework_for_managing
Policy management framework_for_managingPolicy management framework_for_managing
Policy management framework_for_managingMajiiiAbd
 
Why do you need an it policy it-toolkits
Why do you need an it policy it-toolkitsWhy do you need an it policy it-toolkits
Why do you need an it policy it-toolkitsIT-Toolkits.org
 
The benefits of technology standards it-toolkits
The benefits of technology standards it-toolkitsThe benefits of technology standards it-toolkits
The benefits of technology standards it-toolkitsIT-Toolkits.org
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
ISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxjojo82637
 
CLE-Unit-III.ppt
CLE-Unit-III.pptCLE-Unit-III.ppt
CLE-Unit-III.ppt20214Mohan
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Governing IT | TechExpress.co
Governing IT | TechExpress.coGoverning IT | TechExpress.co
Governing IT | TechExpress.coTechExpressTools
 
ComplianceGuidelinesUploaded6.14PDF
ComplianceGuidelinesUploaded6.14PDFComplianceGuidelinesUploaded6.14PDF
ComplianceGuidelinesUploaded6.14PDFPaulette Wunsch
 
CIS333 – Assignments and Rubrics Assignment 1 Creatin.docx
CIS333 – Assignments and Rubrics Assignment 1 Creatin.docxCIS333 – Assignments and Rubrics Assignment 1 Creatin.docx
CIS333 – Assignments and Rubrics Assignment 1 Creatin.docxAASTHA76
 
Article 1Question1.  What is that project Provide complete .docx
Article 1Question1.  What is that project Provide complete .docxArticle 1Question1.  What is that project Provide complete .docx
Article 1Question1.  What is that project Provide complete .docxdavezstarr61655
 
Strategic management and business policy
Strategic management and business policyStrategic management and business policy
Strategic management and business policyDipankar Dutta
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docxdurantheseldine
 

Similar to Harrisburg University ISEM 547 IT Policy Objectives (20)

develop security policy
develop security policydevelop security policy
develop security policy
 
Writing Effective Policies & Procedures
Writing Effective Policies & ProceduresWriting Effective Policies & Procedures
Writing Effective Policies & Procedures
 
Writing Effective Policies & Procedures2
Writing Effective Policies & Procedures2Writing Effective Policies & Procedures2
Writing Effective Policies & Procedures2
 
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of PrinciplesSheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principles
 
Creating Effective Policies & Procedures for Your Incubator
Creating Effective Policies & Procedures for Your IncubatorCreating Effective Policies & Procedures for Your Incubator
Creating Effective Policies & Procedures for Your Incubator
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
 
Policy management framework_for_managing
Policy management framework_for_managingPolicy management framework_for_managing
Policy management framework_for_managing
 
Why do you need an it policy it-toolkits
Why do you need an it policy it-toolkitsWhy do you need an it policy it-toolkits
Why do you need an it policy it-toolkits
 
The benefits of technology standards it-toolkits
The benefits of technology standards it-toolkitsThe benefits of technology standards it-toolkits
The benefits of technology standards it-toolkits
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
ISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptx
 
Security policies
Security policiesSecurity policies
Security policies
 
CLE-Unit-III.ppt
CLE-Unit-III.pptCLE-Unit-III.ppt
CLE-Unit-III.ppt
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.ppt
 
Governing IT | TechExpress.co
Governing IT | TechExpress.coGoverning IT | TechExpress.co
Governing IT | TechExpress.co
 
ComplianceGuidelinesUploaded6.14PDF
ComplianceGuidelinesUploaded6.14PDFComplianceGuidelinesUploaded6.14PDF
ComplianceGuidelinesUploaded6.14PDF
 
CIS333 – Assignments and Rubrics Assignment 1 Creatin.docx
CIS333 – Assignments and Rubrics Assignment 1 Creatin.docxCIS333 – Assignments and Rubrics Assignment 1 Creatin.docx
CIS333 – Assignments and Rubrics Assignment 1 Creatin.docx
 
Article 1Question1.  What is that project Provide complete .docx
Article 1Question1.  What is that project Provide complete .docxArticle 1Question1.  What is that project Provide complete .docx
Article 1Question1.  What is that project Provide complete .docx
 
Strategic management and business policy
Strategic management and business policyStrategic management and business policy
Strategic management and business policy
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx
 

More from shericehewat

You have been asked to explain the differences between certain categ.docx
You have been asked to explain the differences between certain categ.docxYou have been asked to explain the differences between certain categ.docx
You have been asked to explain the differences between certain categ.docxshericehewat
 
You have been asked to help secure the information system and users .docx
You have been asked to help secure the information system and users .docxYou have been asked to help secure the information system and users .docx
You have been asked to help secure the information system and users .docxshericehewat
 
You have been asked to participate in a local radio program to add.docx
You have been asked to participate in a local radio program to add.docxYou have been asked to participate in a local radio program to add.docx
You have been asked to participate in a local radio program to add.docxshericehewat
 
You have been hired asa cons.docx
You have been hired asa cons.docxYou have been hired asa cons.docx
You have been hired asa cons.docxshericehewat
 
You have been appointed as a system analyst in the IT department of .docx
You have been appointed as a system analyst in the IT department of .docxYou have been appointed as a system analyst in the IT department of .docx
You have been appointed as a system analyst in the IT department of .docxshericehewat
 
You choose one and I will upload the materials for u.Choose 1 of.docx
You choose one and I will upload the materials for u.Choose 1 of.docxYou choose one and I will upload the materials for u.Choose 1 of.docx
You choose one and I will upload the materials for u.Choose 1 of.docxshericehewat
 
You are Incident Commander and principal planner for the DRNC even.docx
You are Incident Commander and principal planner for the DRNC even.docxYou are Incident Commander and principal planner for the DRNC even.docx
You are Incident Commander and principal planner for the DRNC even.docxshericehewat
 
You DecideCryptographic Tunneling and the OSI ModelWrite a p.docx
You DecideCryptographic Tunneling and the OSI ModelWrite a p.docxYou DecideCryptographic Tunneling and the OSI ModelWrite a p.docx
You DecideCryptographic Tunneling and the OSI ModelWrite a p.docxshericehewat
 
You are working as a behavioral health specialist in a neurological .docx
You are working as a behavioral health specialist in a neurological .docxYou are working as a behavioral health specialist in a neurological .docx
You are working as a behavioral health specialist in a neurological .docxshericehewat
 
You are to write up a reflection (longer than 2 pages) that discusse.docx
You are to write up a reflection (longer than 2 pages) that discusse.docxYou are to write up a reflection (longer than 2 pages) that discusse.docx
You are to write up a reflection (longer than 2 pages) that discusse.docxshericehewat
 
You can only take this assignment if you have the book Discovering t.docx
You can only take this assignment if you have the book Discovering t.docxYou can only take this assignment if you have the book Discovering t.docx
You can only take this assignment if you have the book Discovering t.docxshericehewat
 
You are to interview a woman 50 and older and write up the interview.docx
You are to interview a woman 50 and older and write up the interview.docxYou are to interview a woman 50 and older and write up the interview.docx
You are to interview a woman 50 and older and write up the interview.docxshericehewat
 
You are to complete TWO essays and answer the following questions.  .docx
You are to complete TWO essays and answer the following questions.  .docxYou are to complete TWO essays and answer the following questions.  .docx
You are to complete TWO essays and answer the following questions.  .docxshericehewat
 
You are the vice president of a human resources department and Susan.docx
You are the vice president of a human resources department and Susan.docxYou are the vice president of a human resources department and Susan.docx
You are the vice president of a human resources department and Susan.docxshericehewat
 
You are the purchasing manager of a company that has relationships w.docx
You are the purchasing manager of a company that has relationships w.docxYou are the purchasing manager of a company that has relationships w.docx
You are the purchasing manager of a company that has relationships w.docxshericehewat
 
You are to briefly describe how the Bible is related to the topics c.docx
You are to briefly describe how the Bible is related to the topics c.docxYou are to briefly describe how the Bible is related to the topics c.docx
You are to briefly describe how the Bible is related to the topics c.docxshericehewat
 
You are the manager of an accounting department and would like to hi.docx
You are the manager of an accounting department and would like to hi.docxYou are the manager of an accounting department and would like to hi.docx
You are the manager of an accounting department and would like to hi.docxshericehewat
 
You are the new chief financial officer (CFO) hired by a company. .docx
You are the new chief financial officer (CFO) hired by a company. .docxYou are the new chief financial officer (CFO) hired by a company. .docx
You are the new chief financial officer (CFO) hired by a company. .docxshericehewat
 
You are the manager of a team of six proposal-writing professionals..docx
You are the manager of a team of six proposal-writing professionals..docxYou are the manager of a team of six proposal-writing professionals..docx
You are the manager of a team of six proposal-writing professionals..docxshericehewat
 
You are the environmental compliance officer at a company that is .docx
You are the environmental compliance officer at a company that is .docxYou are the environmental compliance officer at a company that is .docx
You are the environmental compliance officer at a company that is .docxshericehewat
 

More from shericehewat (20)

You have been asked to explain the differences between certain categ.docx
You have been asked to explain the differences between certain categ.docxYou have been asked to explain the differences between certain categ.docx
You have been asked to explain the differences between certain categ.docx
 
You have been asked to help secure the information system and users .docx
You have been asked to help secure the information system and users .docxYou have been asked to help secure the information system and users .docx
You have been asked to help secure the information system and users .docx
 
You have been asked to participate in a local radio program to add.docx
You have been asked to participate in a local radio program to add.docxYou have been asked to participate in a local radio program to add.docx
You have been asked to participate in a local radio program to add.docx
 
You have been hired asa cons.docx
You have been hired asa cons.docxYou have been hired asa cons.docx
You have been hired asa cons.docx
 
You have been appointed as a system analyst in the IT department of .docx
You have been appointed as a system analyst in the IT department of .docxYou have been appointed as a system analyst in the IT department of .docx
You have been appointed as a system analyst in the IT department of .docx
 
You choose one and I will upload the materials for u.Choose 1 of.docx
You choose one and I will upload the materials for u.Choose 1 of.docxYou choose one and I will upload the materials for u.Choose 1 of.docx
You choose one and I will upload the materials for u.Choose 1 of.docx
 
You are Incident Commander and principal planner for the DRNC even.docx
You are Incident Commander and principal planner for the DRNC even.docxYou are Incident Commander and principal planner for the DRNC even.docx
You are Incident Commander and principal planner for the DRNC even.docx
 
You DecideCryptographic Tunneling and the OSI ModelWrite a p.docx
You DecideCryptographic Tunneling and the OSI ModelWrite a p.docxYou DecideCryptographic Tunneling and the OSI ModelWrite a p.docx
You DecideCryptographic Tunneling and the OSI ModelWrite a p.docx
 
You are working as a behavioral health specialist in a neurological .docx
You are working as a behavioral health specialist in a neurological .docxYou are working as a behavioral health specialist in a neurological .docx
You are working as a behavioral health specialist in a neurological .docx
 
You are to write up a reflection (longer than 2 pages) that discusse.docx
You are to write up a reflection (longer than 2 pages) that discusse.docxYou are to write up a reflection (longer than 2 pages) that discusse.docx
You are to write up a reflection (longer than 2 pages) that discusse.docx
 
You can only take this assignment if you have the book Discovering t.docx
You can only take this assignment if you have the book Discovering t.docxYou can only take this assignment if you have the book Discovering t.docx
You can only take this assignment if you have the book Discovering t.docx
 
You are to interview a woman 50 and older and write up the interview.docx
You are to interview a woman 50 and older and write up the interview.docxYou are to interview a woman 50 and older and write up the interview.docx
You are to interview a woman 50 and older and write up the interview.docx
 
You are to complete TWO essays and answer the following questions.  .docx
You are to complete TWO essays and answer the following questions.  .docxYou are to complete TWO essays and answer the following questions.  .docx
You are to complete TWO essays and answer the following questions.  .docx
 
You are the vice president of a human resources department and Susan.docx
You are the vice president of a human resources department and Susan.docxYou are the vice president of a human resources department and Susan.docx
You are the vice president of a human resources department and Susan.docx
 
You are the purchasing manager of a company that has relationships w.docx
You are the purchasing manager of a company that has relationships w.docxYou are the purchasing manager of a company that has relationships w.docx
You are the purchasing manager of a company that has relationships w.docx
 
You are to briefly describe how the Bible is related to the topics c.docx
You are to briefly describe how the Bible is related to the topics c.docxYou are to briefly describe how the Bible is related to the topics c.docx
You are to briefly describe how the Bible is related to the topics c.docx
 
You are the manager of an accounting department and would like to hi.docx
You are the manager of an accounting department and would like to hi.docxYou are the manager of an accounting department and would like to hi.docx
You are the manager of an accounting department and would like to hi.docx
 
You are the new chief financial officer (CFO) hired by a company. .docx
You are the new chief financial officer (CFO) hired by a company. .docxYou are the new chief financial officer (CFO) hired by a company. .docx
You are the new chief financial officer (CFO) hired by a company. .docx
 
You are the manager of a team of six proposal-writing professionals..docx
You are the manager of a team of six proposal-writing professionals..docxYou are the manager of a team of six proposal-writing professionals..docx
You are the manager of a team of six proposal-writing professionals..docx
 
You are the environmental compliance officer at a company that is .docx
You are the environmental compliance officer at a company that is .docxYou are the environmental compliance officer at a company that is .docx
You are the environmental compliance officer at a company that is .docx
 

Recently uploaded

Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 

Recently uploaded (20)

Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 

Harrisburg University ISEM 547 IT Policy Objectives

  • 1. Harrisburg University ISEM 547 IT Policy Objectives Why Policy? Policy, Procedures, Guidelines Writing IT Policy (Best Practices) IT Policy Management 2 IT Policy 3
  • 2. What is Policy, Procedures, Guidelines & Standards ? Policy: are principles, rules, and protocols formulated or adopted by an organization to govern its actions. The requirements outlined in policies, are used to control and guide important organizational decisions (e.g., managerial, financial, administrative, acquisitions, contractual, programmatic, operational, technical, etc.); within the boundaries set by them Procedures are specific instructions to be used to implement policy requirements in a specific way; they are enforceable through the policy Guidelines are general rules, practices, and/or instructions that can be referenced to comply with policy; they are not enforceable but recommended as best practices that should be followed Standards: refer to something that is considered by an authority or by general consent as a basis of comparison (e.g., industry, protocols, academic, etc.) The purpose of standards is to outline agreed principles or criteria, so that their users can make reliable assumptions about a particular product, service or practice Standards are often referenced in policies or can be used to frame a policy Policies should have a formal lifecycle and change management process 4
  • 3. Why IT Policy is Important Primary reasons for IT Policy: Protecting corporate assets (keeping systems and corporate information safe) The policy aligns stakeholders and drives desired behaviors, actions, and provides guidance on how to do things Only written and published policy can be used to prove the company has exercised “Due Diligence” in a court of law There may be legal or regulatory reasons a policy must be created and published (e.g., HIPAA, FTI1075, Federal Green- Book Standard, etc.) Enable an organization to manage business risk through defined controls that provide a benchmark for audit and corrective action Without documented policies and procedures each and every employee and contractor will act in accordance with their own perception of acceptable use and system management will be ad-hoc and inconsistent 5 Features of good policy Features of good policy usually include the following Specific- Policy should be specific/definite. If it is uncertain, then the implementation will become difficult. Clear & Understandable - Policy must be unambiguous. It should avoid use of jargons and connotations. There should be no misunderstandings in following the policy. Unclear policies can lead to indecisiveness and uncertainty in minds of those
  • 4. who look into it for guidance Uniform- Policy must be uniform enough so that it can be efficiently followed by the subordinates. Appropriate- Policy should be appropriate to the present organizational strategies and goals and address the intended policy objectives. Simple- A policy should be simple and easily understood by all in the organization. Inclusive/Comprehensive- In order to have a wide scope, a policy must be comprehensive. Flexible- Policy should be flexible in operation/application. This does not imply that a policy should be altered always, but it should be wide in scope so as to ensure that the line managers use them in repetitive/routine scenarios. Enforceable- Policy should be monitored with established criteria as to how it will be enforced and determine compliance Doable- ensure that the policy can be successfully implemented and not so restrictive or costly that the mission of the organization is placed at risk. 6 IT Policy Types of Policy 7 IT Policy Types & Domains?
  • 5. Policy Types General Program Policy: sets the strategic directions of the enterprise for global behavior and assigns resources for its implementation( e.g., conflict of interest, codes or standards of conduct, etc.) Topic Specific Policy: addresses specific issues of concern to the organization (e.g., e-mail, Internet usage, social media, physical security, application development, systems maintenance, BYOD, etc.) System/Application –Specific Policy: focus is on decisions taken by management protect a particular application or system (e.g., controls for financial management associated with AP, AR, business expenses; employee appraisal system, etc.) Each ITP is categorized based on its primary subject matter. This categorization is called a domain. IT Policy Domains Security Applications & Software Architecture/Infrastructure Services Project Management Procurement IT Finance & Budgeting 8 Creating IT Policies
  • 6. 9 Creating IT Policy – Getting Started Determining need for and framing a new or revisions to existing IT policy? What is the problem or issue(s) that you are trying to solve? Has a risk assessment been completed and validated the extent of the potential risks involved with the problem or issue(s) (e.g., financial, legal, public relations, security vulnerability, etc.) ? How would a policy assist in remediating or mitigating the problem or issue(s)? Can the problem or issue(s) be resolved by creating new or changing existing standard operating procedure (SOP), guideline, process, and/or training program? How will the policy effect/impact your stakeholders? Will this policy apply to the entire community or a subset? 10 Creating IT Policy – Getting Started Determining need for and framing a new or revisions to existing
  • 7. IT policy? Will this policy apply to the entire community or a subset? Will this policy apply to users of a given product/service, regardless of their affiliation (e.g., O365 users, SAP users, windows machines, etc.)? Will any costs be involved in implementing this policy? How will your policy clarify how IS/IT does its business? Will this policy impact your business partners and/or require contract modifications (e.g., background checks, nondisclosure agreements, security controls, product reference listings, etc.)? Engage stakeholders and inquire as to what other factors should be evaluated and/or considered when creating this policy? How would a policy impact customers in accessing and using your business and/or IT services? 11 Creating IT Policy – Getting Started Determining need for and framing a new or revisions to existing IT policy? What teams are responsible for the product and/or service area that is impacted by this policy? Are there multiple teams? How will these teams coordinate the administration of the policy? Will any costs be involved in implementing this policy? Is there any other related document that you want to refer to or incorporate in your policy (e.g., procedures, guidelines, Standards, other policies, etc.)? Who is the policy owner (considered the source of the authority
  • 8. for this policy)? Who shall review and approve this policy? Note: The some of above information may appear in your policy, but it will confirm for you whether or not you really need a policy. 12 Creating IT Policy – Getting Started When developing policy, need to be careful in saying too much or saying too little. The more complex and detailed the policy, the higher degree of maintenance and training required Policies should be written at a high level and incorporate standards, procedures, and/or guidelines to provide those affected by the policy with methods for implementing and ensuring compliance When incorporating standards, ensure the standards are reasonable, relevant, flexible, and current Conduct research for existing policy examples that can be referenced 13 Creating IT Policy – Getting Started
  • 9. Consult with subject matter experts and stakeholders when drafting the policy (e.g., policy content and understanding impacts) Do not embed the content of procedures, guidelines, and industry standards in the policy document. Should reference them but keep them as separate documents. Sometimes, a policy has progressive discipline actions. For example, policy language can list the situation: for the first offense, you will receive sanction 1, for the second offense, you will receive sanction 2, etc. Your policy language should state that the sanctions are enforced and are in the best interest of the service provider and the larger community. Should be written keeping in mind the features of good policy 14 Creating IT Policy - Draft Draft the language Now that you have your information, you are ready to write a draft. Who will write the draft? Don't assume that the team's content expert should be the person to write the draft. Find out who is the most experienced writer on your team (could be the content expert) and ask that person to write the first draft. The first draft is important because it sets the tone you want to
  • 10. present for the policy. 15 Creating IT Policy – Draft Suggestions Here are some suggestions to help you write your draft: Create a brief outline of the topics you want to cover State clearly what your stakeholders can and cannot do Explain how to correct an action Include any terms that might be confusing to the customer and provide definitions If appropriate, list any special circumstances in which this policy would not apply If appropriate, include any time constraints (e.g., does this policy apply only at the beginning or end of the a specific business cycle, or only at tax time)? 16 Policy Elements IT policy document should contain the following sections: Organization Name & Logo Policy Title
  • 11. Policy Number (logical number sequence and categorized by policy domain area) Date the policy was written Date policy was last revised Date the policy will be effective Policy Statement Purpose Scope/Jurisdiction Objectives Definitions Policy Requirements & Controls References The organization who is responsible for policy lifecycle management usually facilitate the creation and maintenance of polices and IT Governance Charters 17 Creating IT Policy – Suggestions Review and get final approval It's time to send the draft out for review. Send the draft to the appropriate reviewers and let them know that this is a draft and that their comments are welcomed If you receive comments that are confusing, unclear, or contradict other's points of view, consider conducting a face to face meeting to review all the comments. That way, you will ensure that everyone has heard all the suggested changes and has agreed on the revised wording. Where appropriate, incorporate the comments and be sure you indicate these changes.
  • 12. Circulate the draft again until everyone agrees on the wording Send the policy to the approver(s) for a final approval 18 Creating IT Policy –Suggestions Communicate to the Stakeholders You have final approval for your policy and are ready to make it public How do you want to promote this policy? What medium and communications channels will be used to promote the policy? Corporate Home page or IT Intranet site, CIO newsletter, webinars, forums, visits to departments direct mail, and/or campus-wide email? What is the timing for this policy (immediate, phased, big- bang)? Depending on the breadth and impact of the policy, you might choose different strategies Certain corporate and IT polices require reoccurring training certain times during the calendar year or every 2-5 years. 19 Creating IT Policy – Suggestions
  • 13. Recommended bodies to use reference for IT Policies: National Institute of Standards and Technology (NIST) American National Standards Institute (ANSI) Gartner Inc. Institute of Electrical and Electronics Engineers (IEEE) 20 IT Security Policy Considerations Every organization should have a strategy for how it will implement Information Security principles, technologies, and policies All these require, in some form, a written IT security policy: PCI Data Security Standard (DSS) Health Insurance Portability and Accountability Act (HIPAA) HITECH Act Sarbanes-Oxley Act (SOX) ISO family of security standards Graham-Leach-Bliley Act (GLBA) 21
  • 14. IT Security Policy Considerations IT security polices within an organization typically encompass the following areas: Acceptable Use Organization Security IT Asset Classification Personnel Security Physical & Environmental Security Authentication & Access Controls (e.g., guest, employees, remote, business partners, etc.) Business Continuity Data/Information Security (e.g., encryption, data classification, e-commerce, DLP) Network & Firewall Incident Response Policy 22 IT Security Policy Considerations Why is IT policy important? Think of a situation that could have been or can be prevented had an IT policy been in place? List and briefly describe five features for structuring good policy? What elements should be contained in your policy outline?
  • 15. 23 Group Discussion IT Policy Management 24 IT Policy Adoption and Management It is important to a group within the IT Organization who oversees IT Policies and performs compliance audits. The IT policy group also coordinates with business side of the house regarding HR polices related to IT. IT policy organization should establish policy life cycle model with processes and procedures e.g., request, create, modify, review, approve, communicate, publish, etc.) New and/or changes to existing IT policy should require a formal review and approval leveraging IT governance entities IT Policy Domain Workgroups or Subcommittees shall review IT polices on a annual basis to examine waiver patterns, relevancy, and alignment and recommend changes to higher level governance entity 25
  • 16. IT Policy Adoption and Management There should be a IT policy waiver process to grant exceptions on a temporary basis. The IT policy waiver process should be linked to risk management and audit compliance processes as well. IT Policy Dashboard should be maintained to provide the stakeholder community with a transparent and high-level reporting mechanism for all IT polices currently in the governance process Create a policy glossary to be referenced as a common standard language of terminology and definitions to ensure consistency when developing policy Establish routine (20-day review), expedited (10-day review), and emergency (as determined by CIO or CISO) process categories to be able to make IT policy changes in a timely manor based on the situation Leverage a robust EDMS with configurable workflow process to facilitate the IT Policy LSM processes. 26 IT Policy Adoption and Management Policy Reference Matrix A policy matrix should be developed and maintained; typically a source or record for the IT Policy Dashboard This matrix maps existing policies with other policies. This provides IT policy stakeholders with a reference to what policies may affect other policies, particularly if a policy is modified or rescinded The policy matrix captures all published policies and their
  • 17. current status (active, create, modify, rescinded, etc.) The policy matrix captures information on whether a policy has Product Standards references The policy matrix captures the IT policy Business Owner The IT policy coordinator should review the policy matrix on a routine basis and provide the necessary revisions based on the current IT policy environment The policy matrix is usually an internal IT document but it can be made available at the request of policy stakeholders 27 IT Policy Adoption and Management Key Steps in IT Policy Creation Determine Need (new policy or changes to existing policy) Request Submission (New of Change) Policy request and approval Research, Evaluation, & SME consultation (Impacts, standards, exist references, requirements, scope, costs, enforceability, etc.) Draft initial draft policy document Stakeholder initial review and feedback on draft policy document Evaluation and consideration of feedback/recommendations Revisions and creation of final policy draft Stakeholder secondary review and feedback Evaluation and consideration of feedback/recommendations Create signature ready IT Policy Final Policy Approval Communications to stakeholders Publication
  • 18. 28 29 30 IT Policy Adoption and Management Important to establish a IT policy lifecycle management program from creation to recension. Formal process should exist for the following: Policy Change Management Policy Release Management Policy Audit & Compliance Management Policy Records Management
  • 19. 31 IT Security Policy Considerations Why is it important to require new and/or changes to existing IT policy ? What is the importance of establishing IT Policy Dashboard, Matrix, and Glossary? What key processes should be established to support the lifecycle management of IT policies? 32 Group Discussion Assignments Chapter 8 (IT Managers Handbook) Homework 4: IT Policy Management & Procedures 33
  • 20. Harrisburg University ISEM 547 IT Policy Procedures Objectives Policy, Procedure, Guidelines, Standards When do you need a procedure Creating Procedures Considerations Guides to writing procedures 2 What are Policies, Procedures, Guidelines & Standards ? Policy: are principles, rules, and protocols formulated or adopted by an organization to govern its actions. Procedures are specific instructions to be used to implement policy requirements in a specific way; they are enforceable through the policy. Procedures are action oriented, factual and instructional. Procedures are often integral components in policies outlining the particular actions or steps to meet policy compliance requirements
  • 21. Guidelines are general rules, practices, and/or instructions that can be referenced to comply with policy; they are not enforceable but recommended as best practices that should be followed Standards: refer to something that is considered by an authority or by general consent as a basis of comparison (e.g., industry, protocols, academic, etc.) Standards are often referenced in policies or can be used to frame a policy 3 Creating Procedures 4 When do you need a procedure? Not everything or IT policy needs a procedure. The number-one rule of procedure writing is to make sure there's a reason to create a procedure Polices require specific processes or protocols are to be followed for compliance
  • 22. Staff forget to take certain actions, perhaps they keep on getting things wrong Tasks are so long and complex that people need guidance on doing things right Serious consequences result when a process if done wrong When a process or situation demands consistency A written procedure is necessary only if the issue is important or if there will be a significant benefit from clarifying a process or outlining specific actions required for policy compliance. 5 Procedures 6 Creating Procedures - Considerations Good procedure means understanding the process and the environment (things that influence or integrate with process) Procedures documents will vary in specific features, based on the type of information that is detailed. Effective procedure documents are those that have clear and consistent formatting so that readers know how to follow the material. Paragraphs should begin and end without confusion so readers
  • 23. should not have to wonder where one step ends and another begins. In describing steps: use strong action verbs, provide enough specificity and explanations to ensure that readers know exactly what to do Embed relevant icons, images, graphs/charts, flow charts, or tables in the procedures to guide and facilitate understanding. 7 Procedures 8 Creating Procedures - Considerations The writing style for a procedure document should rely on clear and concise language. All procedural information should be accurate, and any acronyms should be clarified for instance, the "Food and Drug Administration (FDA)." For procedure document that will be in circulation for some time, avoid using specific information that might become outdated quickly. Technical language and jargon that will be unfamiliar to most, should be clearly defined (SaaS, DR, COTS, DDOS, MIPS, etc….).
  • 24. 9 Creating Procedures - Considerations Effective procedure documents should be in outline format with clear headings, sub-headings, and labels (Diagrams & tables). Those responsible for writing procedure documents are also responsible for reviewing them periodically. If the information is not effective in helping employees, or attaining the desired outcomes; then the procedure should be revised and improved 10 Creating Procedures - Considerations Writing a procedure that is accurate, brief, and readable isn't always easy. But, with a bit of knowledge and practice, you can learn effective procedure-writing skills. Well-written procedures help improve productivity and the quality of work within your organization Ensure that the people who need to use a procedure have not only read it, but also understand and have used it. Validate procedure before publication 11
  • 25. Creating Procedures 12 Creating Procedures – Starting Block The key planning activities for writing effective procedures is to research and gain a keen understand the process that the procedure will document Have a clear understanding of the purpose, scope, objectives, circumstances, and target audience of the procedure Research and collect information (consulting with subject matter experts, observe and interview process owners and process doers) 13 Creating Procedures – Starting Block Procedure document should be derived from what you have learned from the planning phase Once the research an planning phase is complete, define the
  • 26. core functions being performed, associated processes and sub processes (e.g., inputs, outputs, steps, activities, logical sequencing, interdependencies, resources, location, etc.) Integrate meaningful illustrative components such as process maps, flow-charts, outlines, examples, and value streams 14 Creating Procedures – Illustrations Helpful 15 Creating Procedures – Illustrations Helpful 16Budget ScheduleItemQ1Q2Q3Q4OwnerBudget AnalysisxxxxCFO, COO, VPsBudget RequestVP & Department HeadsIncome StatementxxxxFinance & AccountingSales ForecastxSales & MarketingCustomer AnalysisxxSales & MarketingStaffing AnalysisxHuman Resources & Department
  • 27. Heads Creating Procedures – Illustrations Helpful 17Business Systems Technical Specification Compliance RequirementsItemSystem 1System 2System 3System 4OwnerTechnical Specification AxxxxSecurityTechnical Specification Bx x N/Ax Infrastructure & OperationsTechnical Specification CxN/AxxApplicationsTechnical Specification D N/A xN/A N/A Help DeskTechnical Specification E N/A x N/A xEnterprise MessagingTechnical Specification F X N/A xN/A EDC Creating Procedures Core Steps 18
  • 28. Creating Procedures – Core Steps Preparation: Conduct research Provide a purpose statement (why this procedure) Provide an overview of the procedure Identify prerequisite knowledge and skills, if any Highlight any specific issues and other precautions Define list of recourses, systems, equipment, supplies, or parts needed for the procedure 19 Creating Procedures – Core Steps Writing Procedure Define a logical sequence of steps and substeps Define decisions and decision criteria Ensure clarity and economy of words. Write to the level of the reader's ability Define unfamiliar terms Include hints and helps Add illustrations, analogies, models, charts, pictures, workflows, tables, or anything that will aid understanding of the process and steps involved
  • 29. 20 Creating Procedures – Core Steps Validate Walk through and/or pilot test your procedure. Obtain feedback and recommendations from the target audience during this step. Is it understandable, effective, complete? Does it produce the desired results? Revise & Revalidate Evaluate and incorporate the feedback and recommendations and then retest and validate. Finalize the procedure document. Publish Issue the procedure document and establish mechanisms to periodically review to determine accuracy and relevancy as things may change within the environment or policy. 21 Creating Procedures Procedure Document Outline 22
  • 30. Creating Procedures - Outline Title page. This includes 1) the title of the procedure, 2) identification number, 3) date of issue and last revision, 4) the name of the agency/division/branch the SOP applies to, and 5) the owner and author(s) of procedure. Table of Contents. This is only necessary if your procedure is quite long, allowing for ease of reference. A simple standard outline is what you'd find here. Purpose. Define the reason and rationale for the procedure. Include applicable policies, standards, and/or regulatory requirements that may be affiliated or driving need for procedure document Scope and applicability. describe who shall follow, and how and when it's used. Include policies, standards, regulatory requirements, roles and responsibilities, and locations. 23 Creating Procedures - Outline Overview. Provide an synopsis of the procedure and processes outlined in the document Methodology and procedures. The meat of the issue -- list all the processes and steps with necessary details, including resources, inputs, outputs, sequential procedures, decision criteria, approvals, exceptions, and relationships to business and/or IT operations.
  • 31. Clarification of terminology. Identify acronyms, abbreviations, and all phrases that aren't common. Resources. Complete list of what is needed and when, where to find systems, equipment, supplies, etc. (If required) References. Be sure to list all cited or significant references. If you reference other SOPs, be sure to attach the necessary information in the appendix Appendix. Section to append additional support documentation (if required) 24 Procedures Typically, under what circumstances do you require a procedure? What are the core steps in creating a procedure document? Why is it important to validate the procedure? Does anyone use or occasionally refer to procedures in their work environment? 25 Group Discussion Assignments Chapter 8 (IT Managers Handbook) Homework 3: IT Policy Management Project 2: Part A: Create an IT Governance Matrix
  • 32. Part B: Create a Governance Charter for Enterprise Security Committee Part C: Write a Information Security Policy for Data Classifications 26