SlideShare a Scribd company logo

Security policies

Download as PPSX, PDF
N
Nishant Pahad

This document discusses information security policies and standards. It defines a security policy as a set of rules that define what it means to be secure for a system or organization. An information security policy sets rules to ensure all users and networks follow security prescriptions for digitally stored data. The challenges are to define policies and standards, measure against them, report violations, correct violations, and ensure compliance. It then discusses the key elements of developing an information security program, including performing risk assessments, creating review boards, developing plans, implementing policies and standards, providing awareness training, monitoring compliance, evaluating effectiveness, and modifying policies over time.

Education
1 of 23
Information Security Policies and Standards Dr Paras Kothari
What is Security Policy?  Security policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behaviour of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls.
What is Information Security Policy?  Information Security Policy /ISP/ is a set or rules enacted by an organization to ensure that all users or networks of the IT structure within the organization's domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its authority.
The challenges  Define security policies and standards  Measure actual security against policy  Report violations to policy  Correct violations to conform with policy  Summarize policy compliance for the organization
The Foundation of Information Security
The Information Security Functions
Managing Information Security
Definitions  Policies  High level statements that provide guidance to workers who must make present and future decision  Standards  Requirement statements that provide specific technical specifications  Guidelines  Optional but recommended specifications
Security Policy Access to network resource will be granted through a unique user ID and password Passwords should include one non-alpha and not found in dictionary Passwords will be 8 characters long
Elements of Policies  Set the tone of Management  Establish roles and responsibility  Define asset classifications  Provide direction for decisions  Establish the scope of authority  Provide a basis for guidelines and procedures  Establish accountability  Describe appropriate use of assets  Establish relationships to legal requirements
Actions Cabinet Goals Policy Standards Procedures Guidelines Awareness IS Goals Info Security Policy Lifecycle
The Ten-Step Approach
Step 1 – Collect Background Information  Obtain existing policies  Identify what levels of control are needed  Identify who should write the policies
Step 2 – Perform Risk Assessment  Justify the Policies with Risk Assessment  Identify the critical functions  Identify the critical processes  Identify the critical data  Assess the vulnerabilities
Step 3 – Create a Policy Review Board  The Policy Development Process  Write the initial “Draft”  Send to the Review Board for Comments  Incorporate Comments  Resolve Issues Face-to-Face  Submit “Draft” Policy to Cabinet for Approval
Step 4 – Develop the Information Security Plan  Establish goals  Define roles  Define responsibilities  Notify the User community as to the direction  Establish a basis for compliance, risk assessment, and audit of information security
S5 – Develop Information Security Policies, Standards, and Guidelines  Policies  High level statements that provide guidance to workers who must make present and future decision  Standards  Requirement statements that provide specific technical specifications  Guidelines  Optional but recommended specifications Note: Guidelines are used when standards cannot be enforced or management support is lukewarm. E.g. Standard: Passwords must be 8 characters long and expire every 90 days. Guideline: Passwords should be constructed using alpha, numeric, upper, lower, and special characters.
S6 – Implement Policies and Standards  Distribute Policies.  Obtain agreement with policies before accessing Creighton Systems.  Implement controls to meet or enforce policies.
S7 – Awareness and Training  Makes users aware of the expected behavior  Teaches users How & When to secure information  Reduces losses & theft  Reduces the need for enforcement
S8 – Monitor for Compliance  Management is responsible for establishing controls  Management should REGULARLY review the status of controls  Enforce “User Contracts” (Code of Conduct)  Establish effective authorization approval  Establish an internal review process  Internal Audit Reviews
S9 – Evaluate Policy Effectiveness  Evaluate  Document  Report
S10 – Modify the Policy Policies must be modified due to:  New Technology  New Threats  New or changed goals  Organizational changes  Changes in the Law  Ineffectiveness of the existing Policy
Query Session Ask if Any?

Recommended

Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
System security
System securitySystem security
System securitysommerville-videos
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and StandardsDirectorate of Information Security | Ditjen Aptika
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 

Recommended

Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
System security
System securitySystem security
System securitysommerville-videos
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and StandardsDirectorate of Information Security | Ditjen Aptika
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.pptFaheem Ul Hasan
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101April Mardock CISSP
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 

More Related Content

What's hot

IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 

What's hot (20)

Information security
Information securityInformation security
Information security
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 
Access Controls
Access ControlsAccess Controls
Access Controls
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
 
Network security policies
Network security policiesNetwork security policies
Network security policies
 
12 security policies
12 security policies12 security policies
12 security policies
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.ppt
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 

Similar to Security policies

Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.pptImXaib
 
How to set up your security policy
How to set up your security policyHow to set up your security policy
How to set up your security policyTim Wulgaert
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 
Harrisburg UniversityISEM 547 IT PolicyOb.docx
Harrisburg UniversityISEM 547 IT PolicyOb.docxHarrisburg UniversityISEM 547 IT PolicyOb.docx
Harrisburg UniversityISEM 547 IT PolicyOb.docxshericehewat
 
What are policies procedures guidelines standards
What are policies procedures guidelines standardsWhat are policies procedures guidelines standards
What are policies procedures guidelines standardsManish Chaurasia
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Tammy Clark
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
ISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxjojo82637
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 

Similar to Security policies (20)

Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
 
How to set up your security policy
How to set up your security policyHow to set up your security policy
How to set up your security policy
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
Testing
TestingTesting
Testing
 
Harrisburg UniversityISEM 547 IT PolicyOb.docx
Harrisburg UniversityISEM 547 IT PolicyOb.docxHarrisburg UniversityISEM 547 IT PolicyOb.docx
Harrisburg UniversityISEM 547 IT PolicyOb.docx
 
Ch14 Policies and Legislation
Ch14 Policies and LegislationCh14 Policies and Legislation
Ch14 Policies and Legislation
 
What are policies procedures guidelines standards
What are policies procedures guidelines standardsWhat are policies procedures guidelines standards
What are policies procedures guidelines standards
 
Osha Manager Role
Osha Manager RoleOsha Manager Role
Osha Manager Role
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
An IT Governance program
An IT Governance programAn IT Governance program
An IT Governance program
 
Chapter004
Chapter004Chapter004
Chapter004
 
File000169
File000169File000169
File000169
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
ISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptx
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 

More from Nishant Pahad

International business 1
International business 1International business 1
International business 1Nishant Pahad
 
International business 4 WORLD TRADE
International business 4 WORLD TRADEInternational business 4 WORLD TRADE
International business 4 WORLD TRADENishant Pahad
 
International business 2 ECONOMIC SYSTEM
International business 2 ECONOMIC SYSTEMInternational business 2 ECONOMIC SYSTEM
International business 2 ECONOMIC SYSTEMNishant Pahad
 
10 online transactions
10 online transactions10 online transactions
10 online transactionsNishant Pahad
 
Micro finance in India: legal and regulatory framework
Micro finance in India: legal and regulatory frameworkMicro finance in India: legal and regulatory framework
Micro finance in India: legal and regulatory frameworkNishant Pahad
 
Credit facilities and support services
Credit facilities and support services Credit facilities and support services
Credit facilities and support services Nishant Pahad
 
e-business technologies and trends
e-business technologies and trendse-business technologies and trends
e-business technologies and trendsNishant Pahad
 
E marketing planning
E marketing planningE marketing planning
E marketing planningNishant Pahad
 
E marketing planning
E marketing planningE marketing planning
E marketing planningNishant Pahad
 
Unit 5 E-BUSINESS OPERATIONS AND PROCESSES
Unit 5 E-BUSINESS OPERATIONS AND PROCESSESUnit 5 E-BUSINESS OPERATIONS AND PROCESSES
Unit 5 E-BUSINESS OPERATIONS AND PROCESSESNishant Pahad
 
Online commodity trading
Online commodity tradingOnline commodity trading
Online commodity tradingNishant Pahad
 
commodity trading and derivatives
commodity trading and derivativescommodity trading and derivatives
commodity trading and derivativesNishant Pahad
 
Commodity derivatives
Commodity derivativesCommodity derivatives
Commodity derivativesNishant Pahad
 
Issues and challenges in e-business
Issues and challenges in e-businessIssues and challenges in e-business
Issues and challenges in e-businessNishant Pahad
 

More from Nishant Pahad (20)

International business 1
International business 1International business 1
International business 1
 
International business 4 WORLD TRADE
International business 4 WORLD TRADEInternational business 4 WORLD TRADE
International business 4 WORLD TRADE
 
International business 2 ECONOMIC SYSTEM
International business 2 ECONOMIC SYSTEMInternational business 2 ECONOMIC SYSTEM
International business 2 ECONOMIC SYSTEM
 
10 online transactions
10 online transactions10 online transactions
10 online transactions
 
Micro finance in India: legal and regulatory framework
Micro finance in India: legal and regulatory frameworkMicro finance in India: legal and regulatory framework
Micro finance in India: legal and regulatory framework
 
Credit facilities and support services
Credit facilities and support services Credit facilities and support services
Credit facilities and support services
 
e-business technologies and trends
e-business technologies and trendse-business technologies and trends
e-business technologies and trends
 
E ticketing
E ticketing E ticketing
E ticketing
 
E marketing planning
E marketing planningE marketing planning
E marketing planning
 
E marketing planning
E marketing planningE marketing planning
E marketing planning
 
E - governance
E - governanceE - governance
E - governance
 
E governance
E governance E governance
E governance
 
E banking
E bankingE banking
E banking
 
Unit 5 E-BUSINESS OPERATIONS AND PROCESSES
Unit 5 E-BUSINESS OPERATIONS AND PROCESSESUnit 5 E-BUSINESS OPERATIONS AND PROCESSES
Unit 5 E-BUSINESS OPERATIONS AND PROCESSES
 
Online commodity trading
Online commodity tradingOnline commodity trading
Online commodity trading
 
commodity trading and derivatives
commodity trading and derivativescommodity trading and derivatives
commodity trading and derivatives
 
Commodity derivatives
Commodity derivativesCommodity derivatives
Commodity derivatives
 
Issues and challenges in e-business
Issues and challenges in e-businessIssues and challenges in e-business
Issues and challenges in e-business
 
EDI
EDIEDI
EDI
 
E business models
E business modelsE business models
E business models
 

Recently uploaded

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsNbelano25
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Pooja Bhuva
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17Celine George
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxPooja Bhuva
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptxJoelynRubio1
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
latest AZ-104 Exam Questions and Answers
latest AZ-104 Exam Questions and Answerslatest AZ-104 Exam Questions and Answers
latest AZ-104 Exam Questions and Answersdalebeck957
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Amil baba
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 

Recently uploaded (20)

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
latest AZ-104 Exam Questions and Answers
latest AZ-104 Exam Questions and Answerslatest AZ-104 Exam Questions and Answers
latest AZ-104 Exam Questions and Answers
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 

Security policies

  • 1. Information Security Policies and Standards Dr Paras Kothari
  • 2. What is Security Policy?  Security policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behaviour of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls.
  • 3. What is Information Security Policy?  Information Security Policy /ISP/ is a set or rules enacted by an organization to ensure that all users or networks of the IT structure within the organization's domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its authority.
  • 4. The challenges  Define security policies and standards  Measure actual security against policy  Report violations to policy  Correct violations to conform with policy  Summarize policy compliance for the organization
  • 5. The Foundation of Information Security
  • 8. Definitions  Policies  High level statements that provide guidance to workers who must make present and future decision  Standards  Requirement statements that provide specific technical specifications  Guidelines  Optional but recommended specifications
  • 9. Security Policy Access to network resource will be granted through a unique user ID and password Passwords should include one non-alpha and not found in dictionary Passwords will be 8 characters long
  • 10. Elements of Policies  Set the tone of Management  Establish roles and responsibility  Define asset classifications  Provide direction for decisions  Establish the scope of authority  Provide a basis for guidelines and procedures  Establish accountability  Describe appropriate use of assets  Establish relationships to legal requirements
  • 13. Step 1 – Collect Background Information  Obtain existing policies  Identify what levels of control are needed  Identify who should write the policies
  • 14. Step 2 – Perform Risk Assessment  Justify the Policies with Risk Assessment  Identify the critical functions  Identify the critical processes  Identify the critical data  Assess the vulnerabilities
  • 15. Step 3 – Create a Policy Review Board  The Policy Development Process  Write the initial “Draft”  Send to the Review Board for Comments  Incorporate Comments  Resolve Issues Face-to-Face  Submit “Draft” Policy to Cabinet for Approval
  • 16. Step 4 – Develop the Information Security Plan  Establish goals  Define roles  Define responsibilities  Notify the User community as to the direction  Establish a basis for compliance, risk assessment, and audit of information security
  • 17. S5 – Develop Information Security Policies, Standards, and Guidelines  Policies  High level statements that provide guidance to workers who must make present and future decision  Standards  Requirement statements that provide specific technical specifications  Guidelines  Optional but recommended specifications Note: Guidelines are used when standards cannot be enforced or management support is lukewarm. E.g. Standard: Passwords must be 8 characters long and expire every 90 days. Guideline: Passwords should be constructed using alpha, numeric, upper, lower, and special characters.
  • 18. S6 – Implement Policies and Standards  Distribute Policies.  Obtain agreement with policies before accessing Creighton Systems.  Implement controls to meet or enforce policies.
  • 19. S7 – Awareness and Training  Makes users aware of the expected behavior  Teaches users How & When to secure information  Reduces losses & theft  Reduces the need for enforcement
  • 20. S8 – Monitor for Compliance  Management is responsible for establishing controls  Management should REGULARLY review the status of controls  Enforce “User Contracts” (Code of Conduct)  Establish effective authorization approval  Establish an internal review process  Internal Audit Reviews
  • 21. S9 – Evaluate Policy Effectiveness  Evaluate  Document  Report
  • 22. S10 – Modify the Policy Policies must be modified due to:  New Technology  New Threats  New or changed goals  Organizational changes  Changes in the Law  Ineffectiveness of the existing Policy