SlideShare a Scribd company logo

242714436-Organizational-Security-Policies.pptx

Download as PPTX, PDF
S
ssuser6c814f

Operational Security power point

Education
1 of 19
Organizational Security Policies PRESENTED BY: ARTI DEEPAK SHINDE MSC. CS-II ROLL NO.13521 1
Outline  Organizational Security Policies  Purpose  Audience  Contents  Characteristics of a Good security policy.  Nature of security policies.  Data sensitivity policy  Defined Levels of Data Sensitivity.  Conclusion 2
Organizational Security Policies  Who can access which resources in what manner?  That describe as:  Who should be allowed access?  Which system and organizational resources should access be allowed?  What types of access should each user be allowed for each resource? 3
Organizational Security Policies  Security policy - A high-level management document to inform users of the objectives and constraints on using a system.  The purpose of using the policy document:  Recognise sensitive information assets  Clarifying security responsibilities  Promoting awareness for existing staff  Giving guidelines to new employees. 4 Qu. Define security policy.?
Organizational Security Policies  The policy statement should specify the following:  The organization's goals on security:  For example should the system protect data from leakage to outsiders example, outsiders, protect against loss of data due to physical disaster, protect the data's integrity, or protect against loss of business when computing resources fail?  What is the higher priority: serving customers or securing data?  Where the responsibility for security lies:  For example, should the responsibility rest with a small computer security group with each employee or with relevant managers?  The organization's commitment to security:  For example, who provides security support for staff and where does security fit into the organization's staff, organization’s structure? 5
Organizational Security Policies  A security policy must address the following:  The audience  who can access?  Contents  which resources?  Characteristics of a good security policy.  in what way? 6
Audience  Audience can be classified in four groups:  users,  owners,  Beneficiaries (e.g. customers, clients)  Balance Among All Parties  Audience uses the security policy in important but different ways.  For each policy define the degree of confidentiality, integrity, and continuous availability in the computing resources provided to them. 7
Audience  Users: Users legitimately expect a certain degree of confidentiality, integrity, and continuous availability in the computing resources provided to them. Although the degree varies with the situation, a security policy should reaffirm a commitment to this requirement for service.  Owner: Each piece of computing equipment is owned by someone, and the owner may not be a system user. An owner provides the equipment to users for purpose, such as to further education, support commerce, or enhance productivity. 8
Audience  Beneficiaries: A business has paying customers or clients; they are beneficiaries of the products and services offered by that business. At the same time the general public may benefit in several ways:  As a source of employment or  By provision of infrastructure  Balance Among All Parties: A security policy must relate to the needs of users, owners, and beneficiaries. Unfortunately, the needs of these groups may conflict. A beneficiary might require immediate access to data, but owners or users might not want to bear the expense or inconvenience of providing access at all hours. 9
Security Policies: Contents  Purpose: The policy should state the purpose of the organization’s security functions, reflecting the requirements of beneficiaries, user and owners. o There are typically three to five goals, such as:  Promote efficient business operation.  Facilitate sharing of information throughout the organization.  Safeguard business and personal information.  Ensure that accurate information is available to support business process.  Ensure a safe and productive place to work.  Comply with applicable laws and regulations. 10
Security Policies: Contents  Protected Resources: The risk analysis identified the assets (resources) that are to be protected.  These assets should be listed in the policy document:  The resources can be computers, networks, general data, management data,…  Nature of the Protection: The policy should also indicate  who should have access to the protected resources,  how that access will be ensured and  how unauthorised people will be denied access. 11
Characteristics of a Good security policy  A good security policy should address the following characteristics:  Coverage  Comprehensive and general  Durability  Survive the system's growth and expansion  Realism  Feasible to implement  Usefulness  The policy should be concise, clear, and direct. 12 Qu. What are the characteristics of a Good Security Policy ?
Characteristics of a Good security policy  Coverage: A security policy must be comprehensive: It must either apply to or explicitly exclude all possible situations.  Durability: A security policy must grow and adapt well. In large measure, it will survive the system’s growth and expansion without change. If written in a flexible way, the existing policy will be applicable to new situations. However there are times when the policy must change, so the policy must be changeable when it needs to be. An important key to durability is keeping the policy free from ties to specific data or protection mechanisms that almost certainly will change. 13
 Realism: The policy must be realistic. That is, it must be possible to implement the stated security requirements with existing technology. Moreover, the implementation must be beneficial in terms of time, cost and convenience; the policy should not recommend a control that works but prevents the system or its users from performing their activities and functions  Usefulness: An obscure or implement security policy will not be implemented properly, if at all. The policy must be written in the language that can be read, understood, and followed by anyone who must implement it or is affected by it. Characteristics of a Good security policy 14
Nature of security policies  To understand the nature of security policies, we study a example…  Data Sensitivity Policy: Our first example is form an organization that decided to classify all its data resources into four levels, based on how severe might be the affect if a resource were damaged.  This levels are listed below.. 15
Example: Defined Levels of Data Sensitivity.  Name: Sensitive  Description: could damage competitive advantage.  Examples:  Audit reports  Operating plans -----------------------------------------------------------------------  Name: Personal or protected  Description: could reveal personal, private, or protected information.  Examples:  Personal data:- employee’s salaries or performance reviews  Private data:- employee lists  Protected data:- data obligated to protect, such as those obtained under a nondisclosure agreement 16
Example: Defined Levels of Data Sensitivity.  Name: Company confidential  Description: could damage company’s public image.  Examples:  Audit reports  Operating plans -----------------------------------------------------------------------  Name: Open  Description: No harm.  Examples:  Press releases  White paper  Marketing materials 17
Conclusion  An organizational security policy is a document that specifies the organization’s goals regarding security.  It lists policy elements that are statements of actions that must or must not be taken to preserve those goals.  Policy documents often lead to implementation procedures.  Also, users education and awareness activities ensure that users are aware of policy restrictions 18
19

Recommended

Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasSundas Kayani
 
Cissp notes
Cissp notesCissp notes
Cissp notesJagbir Singh
 
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxHomework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxadampcarr67227
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxjenkinsmandie
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehAnne Starr
 
IAS101_Week 2-3_Introduction to Information Systems and Security.pptx
IAS101_Week 2-3_Introduction to Information Systems and Security.pptxIAS101_Week 2-3_Introduction to Information Systems and Security.pptx
IAS101_Week 2-3_Introduction to Information Systems and Security.pptxAngela Arago
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 

Recommended

Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasSundas Kayani
 
Cissp notes
Cissp notesCissp notes
Cissp notesJagbir Singh
 
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxHomework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxadampcarr67227
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxjenkinsmandie
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehAnne Starr
 
IAS101_Week 2-3_Introduction to Information Systems and Security.pptx
IAS101_Week 2-3_Introduction to Information Systems and Security.pptxIAS101_Week 2-3_Introduction to Information Systems and Security.pptx
IAS101_Week 2-3_Introduction to Information Systems and Security.pptxAngela Arago
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfalokkesh
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docxoswald1horne84988
 
11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docxmoggdede
 
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docxalinainglis
 
What is Information Assurance Model in Cyber Security.pptx
What is Information Assurance Model in Cyber Security.pptxWhat is Information Assurance Model in Cyber Security.pptx
What is Information Assurance Model in Cyber Security.pptxinfosec train
 
Testing
TestingTesting
Testinglorenceman
 
Security and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxSecurity and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxTRSrinidi
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionVivek Maurya
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Mediadevbhargav1
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptxcejobelle
 
Importance of Information Security and Goals for Preventing Data Breaches
Importance of Information Security and Goals for Preventing Data Breaches Importance of Information Security and Goals for Preventing Data Breaches
Importance of Information Security and Goals for Preventing Data Breacheskimsrung lov
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
Sample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxSample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxrtodd599
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfAbuHanifah59
 
Cybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdfCybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdfLarisaAlbanians
 
File000169
File000169File000169
File000169Desmond Devendran
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & StrategyTony Hauxwell
 
Security, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSecurity, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSheldon Byron
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 

More Related Content

Similar to 242714436-Organizational-Security-Policies.pptx

12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfalokkesh
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docxoswald1horne84988
 
11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docxmoggdede
 
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docxalinainglis
 
What is Information Assurance Model in Cyber Security.pptx
What is Information Assurance Model in Cyber Security.pptxWhat is Information Assurance Model in Cyber Security.pptx
What is Information Assurance Model in Cyber Security.pptxinfosec train
 
Security and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxSecurity and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxTRSrinidi
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionVivek Maurya
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Mediadevbhargav1
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptxcejobelle
 
Importance of Information Security and Goals for Preventing Data Breaches
Importance of Information Security and Goals for Preventing Data Breaches Importance of Information Security and Goals for Preventing Data Breaches
Importance of Information Security and Goals for Preventing Data Breacheskimsrung lov
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
Sample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxSample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxrtodd599
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfAbuHanifah59
 
Cybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdfCybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdfLarisaAlbanians
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & StrategyTony Hauxwell
 
Security, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSecurity, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSheldon Byron
 

Similar to 242714436-Organizational-Security-Policies.pptx (20)

12 security policies
12 security policies12 security policies
12 security policies
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
 
11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx
 
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
 
What is Information Assurance Model in Cyber Security.pptx
What is Information Assurance Model in Cyber Security.pptxWhat is Information Assurance Model in Cyber Security.pptx
What is Information Assurance Model in Cyber Security.pptx
 
Testing
TestingTesting
Testing
 
Security and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxSecurity and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptx
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solution
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Media
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptx
 
Importance of Information Security and Goals for Preventing Data Breaches
Importance of Information Security and Goals for Preventing Data Breaches Importance of Information Security and Goals for Preventing Data Breaches
Importance of Information Security and Goals for Preventing Data Breaches
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
Sample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxSample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docx
 
Chapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdfChapter 7 Managing Secure System.pdf
Chapter 7 Managing Secure System.pdf
 
Cybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdfCybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdf
 
File000169
File000169File000169
File000169
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & Strategy
 
Security, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSecurity, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptx
 

Recently uploaded

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...RKavithamani
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 

Recently uploaded (20)

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 

242714436-Organizational-Security-Policies.pptx

  • 1. Organizational Security Policies PRESENTED BY: ARTI DEEPAK SHINDE MSC. CS-II ROLL NO.13521 1
  • 2. Outline  Organizational Security Policies  Purpose  Audience  Contents  Characteristics of a Good security policy.  Nature of security policies.  Data sensitivity policy  Defined Levels of Data Sensitivity.  Conclusion 2
  • 3. Organizational Security Policies  Who can access which resources in what manner?  That describe as:  Who should be allowed access?  Which system and organizational resources should access be allowed?  What types of access should each user be allowed for each resource? 3
  • 4. Organizational Security Policies  Security policy - A high-level management document to inform users of the objectives and constraints on using a system.  The purpose of using the policy document:  Recognise sensitive information assets  Clarifying security responsibilities  Promoting awareness for existing staff  Giving guidelines to new employees. 4 Qu. Define security policy.?
  • 5. Organizational Security Policies  The policy statement should specify the following:  The organization's goals on security:  For example should the system protect data from leakage to outsiders example, outsiders, protect against loss of data due to physical disaster, protect the data's integrity, or protect against loss of business when computing resources fail?  What is the higher priority: serving customers or securing data?  Where the responsibility for security lies:  For example, should the responsibility rest with a small computer security group with each employee or with relevant managers?  The organization's commitment to security:  For example, who provides security support for staff and where does security fit into the organization's staff, organization’s structure? 5
  • 6. Organizational Security Policies  A security policy must address the following:  The audience  who can access?  Contents  which resources?  Characteristics of a good security policy.  in what way? 6
  • 7. Audience  Audience can be classified in four groups:  users,  owners,  Beneficiaries (e.g. customers, clients)  Balance Among All Parties  Audience uses the security policy in important but different ways.  For each policy define the degree of confidentiality, integrity, and continuous availability in the computing resources provided to them. 7
  • 8. Audience  Users: Users legitimately expect a certain degree of confidentiality, integrity, and continuous availability in the computing resources provided to them. Although the degree varies with the situation, a security policy should reaffirm a commitment to this requirement for service.  Owner: Each piece of computing equipment is owned by someone, and the owner may not be a system user. An owner provides the equipment to users for purpose, such as to further education, support commerce, or enhance productivity. 8
  • 9. Audience  Beneficiaries: A business has paying customers or clients; they are beneficiaries of the products and services offered by that business. At the same time the general public may benefit in several ways:  As a source of employment or  By provision of infrastructure  Balance Among All Parties: A security policy must relate to the needs of users, owners, and beneficiaries. Unfortunately, the needs of these groups may conflict. A beneficiary might require immediate access to data, but owners or users might not want to bear the expense or inconvenience of providing access at all hours. 9
  • 10. Security Policies: Contents  Purpose: The policy should state the purpose of the organization’s security functions, reflecting the requirements of beneficiaries, user and owners. o There are typically three to five goals, such as:  Promote efficient business operation.  Facilitate sharing of information throughout the organization.  Safeguard business and personal information.  Ensure that accurate information is available to support business process.  Ensure a safe and productive place to work.  Comply with applicable laws and regulations. 10
  • 11. Security Policies: Contents  Protected Resources: The risk analysis identified the assets (resources) that are to be protected.  These assets should be listed in the policy document:  The resources can be computers, networks, general data, management data,…  Nature of the Protection: The policy should also indicate  who should have access to the protected resources,  how that access will be ensured and  how unauthorised people will be denied access. 11
  • 12. Characteristics of a Good security policy  A good security policy should address the following characteristics:  Coverage  Comprehensive and general  Durability  Survive the system's growth and expansion  Realism  Feasible to implement  Usefulness  The policy should be concise, clear, and direct. 12 Qu. What are the characteristics of a Good Security Policy ?
  • 13. Characteristics of a Good security policy  Coverage: A security policy must be comprehensive: It must either apply to or explicitly exclude all possible situations.  Durability: A security policy must grow and adapt well. In large measure, it will survive the system’s growth and expansion without change. If written in a flexible way, the existing policy will be applicable to new situations. However there are times when the policy must change, so the policy must be changeable when it needs to be. An important key to durability is keeping the policy free from ties to specific data or protection mechanisms that almost certainly will change. 13
  • 14.  Realism: The policy must be realistic. That is, it must be possible to implement the stated security requirements with existing technology. Moreover, the implementation must be beneficial in terms of time, cost and convenience; the policy should not recommend a control that works but prevents the system or its users from performing their activities and functions  Usefulness: An obscure or implement security policy will not be implemented properly, if at all. The policy must be written in the language that can be read, understood, and followed by anyone who must implement it or is affected by it. Characteristics of a Good security policy 14
  • 15. Nature of security policies  To understand the nature of security policies, we study a example…  Data Sensitivity Policy: Our first example is form an organization that decided to classify all its data resources into four levels, based on how severe might be the affect if a resource were damaged.  This levels are listed below.. 15
  • 16. Example: Defined Levels of Data Sensitivity.  Name: Sensitive  Description: could damage competitive advantage.  Examples:  Audit reports  Operating plans -----------------------------------------------------------------------  Name: Personal or protected  Description: could reveal personal, private, or protected information.  Examples:  Personal data:- employee’s salaries or performance reviews  Private data:- employee lists  Protected data:- data obligated to protect, such as those obtained under a nondisclosure agreement 16
  • 17. Example: Defined Levels of Data Sensitivity.  Name: Company confidential  Description: could damage company’s public image.  Examples:  Audit reports  Operating plans -----------------------------------------------------------------------  Name: Open  Description: No harm.  Examples:  Press releases  White paper  Marketing materials 17
  • 18. Conclusion  An organizational security policy is a document that specifies the organization’s goals regarding security.  It lists policy elements that are statements of actions that must or must not be taken to preserve those goals.  Policy documents often lead to implementation procedures.  Also, users education and awareness activities ensure that users are aware of policy restrictions 18
  • 19. 19