SlideShare a Scribd company logo

Policy InformationPolicy Name __________________________ ID _.docx

Download as DOCX, PDF
S
stilliegeorgiana

Policy Information Policy Name: __________________________ ID: ______________ Type: ☐ Internet, ☐ Networks, ☐ Systems, ☐ Information Company/Agency/Organization: ___________________________________ Date: _____________ Team Name: _______________________________ Project Lead: ___________________________ Chief Executive Officer (CEO): ______________________ Role(s): Define your role(s) for this policy Chief Info Security Officer (CISO): ___________________ Role(s): Define your role(s) for this policy Senior Security Engineer (SSE): _____________________ Role(s): Define your role(s) for this policy Policy Details: 1. Statement of policy 2. Authorized Access and usage equipment 3. Prohibited use of equipment 4. Systems management 5. Violations of policy 6. Policy review and modification 7. Limitations of liability Table 4-2Components of an ISSP11 (Source: Whitman, Townsend, and Aalberts, Communications of the ACM) Components of an ISSP 1.Statement of policy a.Scope and applicability b.Definition of technology addressed c.Responsibilities 2.Authorized access and usage of equipment a.User access b.Fair and responsible use c.Protection of privacy 3.Prohibited use of equipment a.Disruptive use or misuse b.Criminal use c.Offensive or harassing materials d.Copyrighted, licensed, or other intellectual property e.Other restrictions 4.Systems management a.Management of stored materials b.Employee monitoring c.Virus protection d.Physical security e.Encryption 5.Violations of policy a.Procedures for reporting violations b.Penalties for violations 6.Policy review and modification a.Scheduled review of policy procedures for modification b.Legal disclaimers 7.Limitations of liability a.Statements of liability b.Other disclaimers as needed Figure 1 Shperes of Security Table 4-4ISO 27000 Series Current and Planned Standards17 ISO 27000 Series Standard Title or Topic Comment 27000 Series Overview and Terminology Defines terminology and vocabulary for the standard series 27001:2013 Information Security Management System Specification Drawn from BS7799:2 27002:2013 Code of Practice for Information Security Management Renamed from ISO/IEC 17799; drawn from BS7799:1 27003:2010 Information Security Management Systems Implementation Guidelines Guidelines for project planning requirements for implementing an ISMS 27004:2009 Information Security Measurements and Metrics Performance measures and metrics for information security management decisions 27005:2011 ISMS Risk Management Supports 27001, but doesn't recommend any specific risk method 27006:2011 Requirements for Bodies Providing Audit and Certification of an ISMS Largely intended to support the accreditation of certification bodies providing ISMS certification 27007:2011 Guideline for ISMS Auditing Focuses on management systems 27008:2011 Guideline for Information Security Auditing Focuses on security controls 27009:Draft Sector-specific application of ISO/IEC 27001 Guidance for th ...

Education
1 of 8
Policy Information Policy Name: __________________________ ID: ______________ Type: ☐ Internet, ☐ Networks, ☐ Systems, ☐ Information Company/Agency/Organization: ___________________________________ Date: _____________ Team Name: _______________________________ Project Lead: ___________________________ Chief Executive Officer (CEO): ______________________ Role(s): Define your role(s) for this policy Chief Info Security Officer (CISO): ___________________ Role(s): Define your role(s) for this policy Senior Security Engineer (SSE): _____________________ Role(s): Define your role(s) for this policy Policy Details: 1. Statement of policy 2. Authorized Access and usage equipment 3. Prohibited use of equipment 4. Systems management
5. Violations of policy 6. Policy review and modification 7. Limitations of liability Table 4-2Components of an ISSP11 (Source: Whitman, Townsend, and Aalberts, Communications of the ACM) Components of an ISSP 1.Statement of policy a.Scope and applicability b.Definition of technology addressed c.Responsibilities 2.Authorized access and usage of equipment a.User access b.Fair and responsible use c.Protection of privacy 3.Prohibited use of equipment a.Disruptive use or misuse b.Criminal use c.Offensive or harassing materials d.Copyrighted, licensed, or other intellectual property e.Other restrictions 4.Systems management a.Management of stored materials b.Employee monitoring c.Virus protection d.Physical security e.Encryption 5.Violations of policy
a.Procedures for reporting violations b.Penalties for violations 6.Policy review and modification a.Scheduled review of policy procedures for modification b.Legal disclaimers 7.Limitations of liability a.Statements of liability b.Other disclaimers as needed Figure 1 Shperes of Security Table 4-4ISO 27000 Series Current and Planned Standards17 ISO 27000 Series Standard Title or Topic Comment 27000 Series Overview and Terminology Defines terminology and vocabulary for the standard series 27001:2013 Information Security Management System Specification Drawn from BS7799:2 27002:2013 Code of Practice for Information Security Management Renamed from ISO/IEC 17799; drawn from BS7799:1 27003:2010 Information Security Management Systems Implementation Guidelines Guidelines for project planning requirements for implementing an ISMS 27004:2009 Information Security Measurements and Metrics Performance measures and metrics for information security management decisions 27005:2011 ISMS Risk Management
Supports 27001, but doesn't recommend any specific risk method 27006:2011 Requirements for Bodies Providing Audit and Certification of an ISMS Largely intended to support the accreditation of certification bodies providing ISMS certification 27007:2011 Guideline for ISMS Auditing Focuses on management systems 27008:2011 Guideline for Information Security Auditing Focuses on security controls 27009:Draft Sector-specific application of ISO/IEC 27001 Guidance for those who develop “sector-specific” standards based on or relating to ISO/IEC 27001 27010:2015 Information security management for inter-sector and inter- organizational communications Guidance for inter-sector and inter-organizational communications 27011:2008 Information security management guidelines for telecommunications organizations Guidance in the application of ISO/IEC 27002 in telecommunications organizations 27013:2015 Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 Support for implementing an integrated dual management system 27014:2013 Governance of information security ISO's approach to security governance—guidance on evaluating, directing, monitoring, and communicating information security
27015:2012 Information Security Management Guidelines for Financial Services Guidance for financial services organizations 27016:2014 Information security management — Organizational economics Guidance for understanding the economical consequences of information protection decisions 27017:2015 Code of practice for information security controls based on ISO/IEC 27002 for cloud services Guidance for practice in applying 27002 standards to cloud services 27018:2014 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors Guidance for practice in applying 27002 standards to PII processed in cloud services 27019:2013 Information security management guidelines for process control systems specific to the energy industry Focused on helping organizations in the energy industry implement ISO standards 27023:2015 Mapping the revised editions of ISO/IEC 27001 and ISO/IEC 27002 Guidance on the revised editions of ISO/IEC 27001 and ISO/IEC 27002 27031:2011 Guidelines for information and communication technology readiness for business continuity Application of ISO/IEC 27002 to information and communication technology readiness for business continuity 27032:2012 Guidelines for cybersecurity Guidance to achieve cybersecurity
27033-1:2015 Network security — Part 1: Overview and concepts Overview and concepts of network security 27033-2:2012 Network security — Part 2: Design and implementation of network security Guidance for the design and implementation of network security 27033-3:2010 Network security — Part 3: Reference networking scenarios — Threats, design techniques, and control issues Networking scenarios 27033-4:2014 Network security — Part 4: Securing communications between networks using security gateways Securing communications between networks using security gateways 27033-5:2013 Network security — Part 5: Securing communications across networks using virtual private networks (VPNs) Securing communications across networks using VPNs 27034-1:2011 Application security — Part 1: Overview and concepts Overview and concepts of application security 27034-2:2015 Application security — Part 2: Organization normative framework for application security A framework for application security 27035:2011 Information security incident management Guidance for information security incident management 27036-1:2014 Information security for supplier relationships — Part 1: Overview and concepts Overview of information security for supplier relationships 27036-2:2014 Information security for supplier relationships — Part 2:
Requirements Requirements for information security for supplier relationships 27036-3:2013 Information security for supplier relationships — Part 3: Guidelines for information and communication technology supply chain security Guidelines for information security for supplier relationships 27038:2014 Specification for digital redaction Digital redaction specification 27039:2015 Selection, deployment, and operations of intrusion detection systems (IDPSs) Guidance for IDPS selection, deployment, and operations 27040:2015 Storage security Guidance on storage security 27041:2015 Guidance on assuring suitability and adequacy of incident investigative methods Guidance on incident investigative methods 27042:2015 Guidelines for the analysis and interpretation of digital evidence Guidelines for the analysis and interpretation of digital evidence 27043:2015 Incident investigation principles and processes Incident investigation principles and processes 27799:2008 Health informatics-Information security management in health using ISO/IEC 27002 Provides guidance to health organizations and other holders of personal health information on how to protect such information via implementation of ISO/IEC 27002 Identified Future 27000 Series Standards (In Draft)
27033-6 Network security — Part 6: Securing wireless IP network access 27034-3 Application security — Part 3: Application security management process 27034-5 Application security — Part 5: Protocols and application security controls data structure — XML schemas 27034-7 Application security — Part 7: Application security assurance prediction 27035-2 Information security incident management — Part 2: Guidelines to plan and prepare for incident response 27035-3 Information security incident management — Part 3: Guidelines for CSIRT operations Page 2 of 2

Recommended

Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
toncik
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
IPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
IPPAI
 
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smkiBim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 

Recommended

Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
toncik
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
IPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
IPPAI
 
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smkiBim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
cyber security ppt.pptx
cyber security ppt.pptxcyber security ppt.pptx
cyber security ppt.pptx
lidiyamekonnen
 
List of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdfList of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdf
DavidMorris296217
 
Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
Kathirvel Ayyaswamy
 
Tripwire Iso 27001 Wp
Tripwire Iso 27001 WpTripwire Iso 27001 Wp
Tripwire Iso 27001 Wp
ketanaagja
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
PECB
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
Ramana K V
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
IT Governance Ltd
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
lidiyamekonnen
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
Michael Torres
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber Security
Tharindunuwan9
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Nguyễn Đăng Quang
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
ControlCase
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
PECB
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
Network Intelligence India
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?
Alvin Integrated Services [AIS]
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
SsendiSamuel
 
1. The Incident Command System (ICS) is a tool forA. Co.docx
1. The Incident Command System (ICS) is a tool forA. Co.docx1. The Incident Command System (ICS) is a tool forA. Co.docx
1. The Incident Command System (ICS) is a tool forA. Co.docx
stilliegeorgiana
 
1. The Thirteenth Amendment effectively brought an end to slaver.docx
1. The Thirteenth Amendment effectively brought an end to slaver.docx1. The Thirteenth Amendment effectively brought an end to slaver.docx
1. The Thirteenth Amendment effectively brought an end to slaver.docx
stilliegeorgiana
 

More Related Content

Similar to Policy InformationPolicy Name __________________________ ID _.docx

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
PECB
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 

Similar to Policy InformationPolicy Name __________________________ ID _.docx (20)

cyber security ppt.pptx
cyber security ppt.pptxcyber security ppt.pptx
cyber security ppt.pptx
 
List of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdfList of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdf
 
Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
 
Tripwire Iso 27001 Wp
Tripwire Iso 27001 WpTripwire Iso 27001 Wp
Tripwire Iso 27001 Wp
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber Security
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 

More from stilliegeorgiana

1. The Incident Command System (ICS) is a tool forA. Co.docx
1. The Incident Command System (ICS) is a tool forA. Co.docx1. The Incident Command System (ICS) is a tool forA. Co.docx
1. The Incident Command System (ICS) is a tool forA. Co.docx
stilliegeorgiana
 
1. The Thirteenth Amendment effectively brought an end to slaver.docx
1. The Thirteenth Amendment effectively brought an end to slaver.docx1. The Thirteenth Amendment effectively brought an end to slaver.docx
1. The Thirteenth Amendment effectively brought an end to slaver.docx
stilliegeorgiana
 
1. The Thirteenth Amendment effectively brought an end to slavery in.docx
1. The Thirteenth Amendment effectively brought an end to slavery in.docx1. The Thirteenth Amendment effectively brought an end to slavery in.docx
1. The Thirteenth Amendment effectively brought an end to slavery in.docx
stilliegeorgiana
 
1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx
1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx
1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx
stilliegeorgiana
 
1. Tell us what characteristics of Loma Linda University are particu.docx
1. Tell us what characteristics of Loma Linda University are particu.docx1. Tell us what characteristics of Loma Linda University are particu.docx
1. Tell us what characteristics of Loma Linda University are particu.docx
stilliegeorgiana
 
1. The Research paper will come in five parts. The instructions are.docx
1. The Research paper will come in five parts. The instructions are.docx1. The Research paper will come in five parts. The instructions are.docx
1. The Research paper will come in five parts. The instructions are.docx
stilliegeorgiana
 
1. The initial post is to be posted first and have 300-500 words.docx
1. The initial post is to be posted first and have 300-500 words.docx1. The initial post is to be posted first and have 300-500 words.docx
1. The initial post is to be posted first and have 300-500 words.docx
stilliegeorgiana
 
1. The key elements of supplier measurement are quality, delivery, a.docx
1. The key elements of supplier measurement are quality, delivery, a.docx1. The key elements of supplier measurement are quality, delivery, a.docx
1. The key elements of supplier measurement are quality, delivery, a.docx
stilliegeorgiana
 
1. Search the Internet and locate an article that relates to the top.docx
1. Search the Internet and locate an article that relates to the top.docx1. Search the Internet and locate an article that relates to the top.docx
1. Search the Internet and locate an article that relates to the top.docx
stilliegeorgiana
 
1. Text mining – Text mining or text data mining is a process to e.docx
1. Text mining – Text mining or text data mining is a process to e.docx1. Text mining – Text mining or text data mining is a process to e.docx
1. Text mining – Text mining or text data mining is a process to e.docx
stilliegeorgiana
 
1. Students need to review 3 different social media platforms that a.docx
1. Students need to review 3 different social media platforms that a.docx1. Students need to review 3 different social media platforms that a.docx
1. Students need to review 3 different social media platforms that a.docx
stilliegeorgiana
 

More from stilliegeorgiana (20)

1. The Incident Command System (ICS) is a tool forA. Co.docx
1. The Incident Command System (ICS) is a tool forA. Co.docx1. The Incident Command System (ICS) is a tool forA. Co.docx
1. The Incident Command System (ICS) is a tool forA. Co.docx
 
1. The Thirteenth Amendment effectively brought an end to slaver.docx
1. The Thirteenth Amendment effectively brought an end to slaver.docx1. The Thirteenth Amendment effectively brought an end to slaver.docx
1. The Thirteenth Amendment effectively brought an end to slaver.docx
 
1. The Thirteenth Amendment effectively brought an end to slavery in.docx
1. The Thirteenth Amendment effectively brought an end to slavery in.docx1. The Thirteenth Amendment effectively brought an end to slavery in.docx
1. The Thirteenth Amendment effectively brought an end to slavery in.docx
 
1. The Fight for a True Democracyhttpswww.nytimes.com201.docx
1. The Fight for a True Democracyhttpswww.nytimes.com201.docx1. The Fight for a True Democracyhttpswww.nytimes.com201.docx
1. The Fight for a True Democracyhttpswww.nytimes.com201.docx
 
1. The article for week 8 described hip hop as a weapon. This weeks.docx
1. The article for week 8 described hip hop as a weapon. This weeks.docx1. The article for week 8 described hip hop as a weapon. This weeks.docx
1. The article for week 8 described hip hop as a weapon. This weeks.docx
 
1. The Hatch Act defines prohibited activities of public employees. .docx
1. The Hatch Act defines prohibited activities of public employees. .docx1. The Hatch Act defines prohibited activities of public employees. .docx
1. The Hatch Act defines prohibited activities of public employees. .docx
 
1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx
1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx
1. The Case for Reparations” by Ta-Nehisi Coates (604-19) in Rere.docx
 
1. Some people say that chatbots are inferior for chatting.Others di.docx
1. Some people say that chatbots are inferior for chatting.Others di.docx1. Some people say that chatbots are inferior for chatting.Others di.docx
1. Some people say that chatbots are inferior for chatting.Others di.docx
 
1. Some people say that chatbots are inferior for chatting.Other.docx
1. Some people say that chatbots are inferior for chatting.Other.docx1. Some people say that chatbots are inferior for chatting.Other.docx
1. Some people say that chatbots are inferior for chatting.Other.docx
 
1. Some people say that chatbots are inferior for chatting. Others d.docx
1. Some people say that chatbots are inferior for chatting. Others d.docx1. Some people say that chatbots are inferior for chatting. Others d.docx
1. Some people say that chatbots are inferior for chatting. Others d.docx
 
1. Tell us about yourself and your personal journey that has to .docx
1. Tell us about yourself and your personal journey that has to .docx1. Tell us about yourself and your personal journey that has to .docx
1. Tell us about yourself and your personal journey that has to .docx
 
1. Tell us what characteristics of Loma Linda University are particu.docx
1. Tell us what characteristics of Loma Linda University are particu.docx1. Tell us what characteristics of Loma Linda University are particu.docx
1. Tell us what characteristics of Loma Linda University are particu.docx
 
1. Tell us about yourself and your personal journey that has lea.docx
1. Tell us about yourself and your personal journey that has lea.docx1. Tell us about yourself and your personal journey that has lea.docx
1. Tell us about yourself and your personal journey that has lea.docx
 
1. The Research paper will come in five parts. The instructions are.docx
1. The Research paper will come in five parts. The instructions are.docx1. The Research paper will come in five parts. The instructions are.docx
1. The Research paper will come in five parts. The instructions are.docx
 
1. The minutiae points located on a fingerprint will help determine .docx
1. The minutiae points located on a fingerprint will help determine .docx1. The minutiae points located on a fingerprint will help determine .docx
1. The minutiae points located on a fingerprint will help determine .docx
 
1. The initial post is to be posted first and have 300-500 words.docx
1. The initial post is to be posted first and have 300-500 words.docx1. The initial post is to be posted first and have 300-500 words.docx
1. The initial post is to be posted first and have 300-500 words.docx
 
1. The key elements of supplier measurement are quality, delivery, a.docx
1. The key elements of supplier measurement are quality, delivery, a.docx1. The key elements of supplier measurement are quality, delivery, a.docx
1. The key elements of supplier measurement are quality, delivery, a.docx
 
1. Search the Internet and locate an article that relates to the top.docx
1. Search the Internet and locate an article that relates to the top.docx1. Search the Internet and locate an article that relates to the top.docx
1. Search the Internet and locate an article that relates to the top.docx
 
1. Text mining – Text mining or text data mining is a process to e.docx
1. Text mining – Text mining or text data mining is a process to e.docx1. Text mining – Text mining or text data mining is a process to e.docx
1. Text mining – Text mining or text data mining is a process to e.docx
 
1. Students need to review 3 different social media platforms that a.docx
1. Students need to review 3 different social media platforms that a.docx1. Students need to review 3 different social media platforms that a.docx
1. Students need to review 3 different social media platforms that a.docx
 

Recently uploaded

SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
Peter Brusilovsky
 
Orientation Canvas Course Presentation.pdf
Orientation Canvas Course Presentation.pdfOrientation Canvas Course Presentation.pdf
Orientation Canvas Course Presentation.pdf
Elizabeth Walsh
 

Recently uploaded (20)

How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learning
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...
 
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdfDiuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
Diuretic, Hypoglycemic and Limit test of Heavy metals and Arsenic.-1.pdf
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of Play
 
Observing-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxObserving-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptx
 
Orientation Canvas Course Presentation.pdf
Orientation Canvas Course Presentation.pdfOrientation Canvas Course Presentation.pdf
Orientation Canvas Course Presentation.pdf
 
PANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxPANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptx
 
Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Simple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfSimple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdf
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....
 
How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 

Policy InformationPolicy Name __________________________ ID _.docx

  • 1. Policy Information Policy Name: __________________________ ID: ______________ Type: ☐ Internet, ☐ Networks, ☐ Systems, ☐ Information Company/Agency/Organization: ___________________________________ Date: _____________ Team Name: _______________________________ Project Lead: ___________________________ Chief Executive Officer (CEO): ______________________ Role(s): Define your role(s) for this policy Chief Info Security Officer (CISO): ___________________ Role(s): Define your role(s) for this policy Senior Security Engineer (SSE): _____________________ Role(s): Define your role(s) for this policy Policy Details: 1. Statement of policy 2. Authorized Access and usage equipment 3. Prohibited use of equipment 4. Systems management
  • 2. 5. Violations of policy 6. Policy review and modification 7. Limitations of liability Table 4-2Components of an ISSP11 (Source: Whitman, Townsend, and Aalberts, Communications of the ACM) Components of an ISSP 1.Statement of policy a.Scope and applicability b.Definition of technology addressed c.Responsibilities 2.Authorized access and usage of equipment a.User access b.Fair and responsible use c.Protection of privacy 3.Prohibited use of equipment a.Disruptive use or misuse b.Criminal use c.Offensive or harassing materials d.Copyrighted, licensed, or other intellectual property e.Other restrictions 4.Systems management a.Management of stored materials b.Employee monitoring c.Virus protection d.Physical security e.Encryption 5.Violations of policy
  • 3. a.Procedures for reporting violations b.Penalties for violations 6.Policy review and modification a.Scheduled review of policy procedures for modification b.Legal disclaimers 7.Limitations of liability a.Statements of liability b.Other disclaimers as needed Figure 1 Shperes of Security Table 4-4ISO 27000 Series Current and Planned Standards17 ISO 27000 Series Standard Title or Topic Comment 27000 Series Overview and Terminology Defines terminology and vocabulary for the standard series 27001:2013 Information Security Management System Specification Drawn from BS7799:2 27002:2013 Code of Practice for Information Security Management Renamed from ISO/IEC 17799; drawn from BS7799:1 27003:2010 Information Security Management Systems Implementation Guidelines Guidelines for project planning requirements for implementing an ISMS 27004:2009 Information Security Measurements and Metrics Performance measures and metrics for information security management decisions 27005:2011 ISMS Risk Management
  • 4. Supports 27001, but doesn't recommend any specific risk method 27006:2011 Requirements for Bodies Providing Audit and Certification of an ISMS Largely intended to support the accreditation of certification bodies providing ISMS certification 27007:2011 Guideline for ISMS Auditing Focuses on management systems 27008:2011 Guideline for Information Security Auditing Focuses on security controls 27009:Draft Sector-specific application of ISO/IEC 27001 Guidance for those who develop “sector-specific” standards based on or relating to ISO/IEC 27001 27010:2015 Information security management for inter-sector and inter- organizational communications Guidance for inter-sector and inter-organizational communications 27011:2008 Information security management guidelines for telecommunications organizations Guidance in the application of ISO/IEC 27002 in telecommunications organizations 27013:2015 Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 Support for implementing an integrated dual management system 27014:2013 Governance of information security ISO's approach to security governance—guidance on evaluating, directing, monitoring, and communicating information security
  • 5. 27015:2012 Information Security Management Guidelines for Financial Services Guidance for financial services organizations 27016:2014 Information security management — Organizational economics Guidance for understanding the economical consequences of information protection decisions 27017:2015 Code of practice for information security controls based on ISO/IEC 27002 for cloud services Guidance for practice in applying 27002 standards to cloud services 27018:2014 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors Guidance for practice in applying 27002 standards to PII processed in cloud services 27019:2013 Information security management guidelines for process control systems specific to the energy industry Focused on helping organizations in the energy industry implement ISO standards 27023:2015 Mapping the revised editions of ISO/IEC 27001 and ISO/IEC 27002 Guidance on the revised editions of ISO/IEC 27001 and ISO/IEC 27002 27031:2011 Guidelines for information and communication technology readiness for business continuity Application of ISO/IEC 27002 to information and communication technology readiness for business continuity 27032:2012 Guidelines for cybersecurity Guidance to achieve cybersecurity
  • 6. 27033-1:2015 Network security — Part 1: Overview and concepts Overview and concepts of network security 27033-2:2012 Network security — Part 2: Design and implementation of network security Guidance for the design and implementation of network security 27033-3:2010 Network security — Part 3: Reference networking scenarios — Threats, design techniques, and control issues Networking scenarios 27033-4:2014 Network security — Part 4: Securing communications between networks using security gateways Securing communications between networks using security gateways 27033-5:2013 Network security — Part 5: Securing communications across networks using virtual private networks (VPNs) Securing communications across networks using VPNs 27034-1:2011 Application security — Part 1: Overview and concepts Overview and concepts of application security 27034-2:2015 Application security — Part 2: Organization normative framework for application security A framework for application security 27035:2011 Information security incident management Guidance for information security incident management 27036-1:2014 Information security for supplier relationships — Part 1: Overview and concepts Overview of information security for supplier relationships 27036-2:2014 Information security for supplier relationships — Part 2:
  • 7. Requirements Requirements for information security for supplier relationships 27036-3:2013 Information security for supplier relationships — Part 3: Guidelines for information and communication technology supply chain security Guidelines for information security for supplier relationships 27038:2014 Specification for digital redaction Digital redaction specification 27039:2015 Selection, deployment, and operations of intrusion detection systems (IDPSs) Guidance for IDPS selection, deployment, and operations 27040:2015 Storage security Guidance on storage security 27041:2015 Guidance on assuring suitability and adequacy of incident investigative methods Guidance on incident investigative methods 27042:2015 Guidelines for the analysis and interpretation of digital evidence Guidelines for the analysis and interpretation of digital evidence 27043:2015 Incident investigation principles and processes Incident investigation principles and processes 27799:2008 Health informatics-Information security management in health using ISO/IEC 27002 Provides guidance to health organizations and other holders of personal health information on how to protect such information via implementation of ISO/IEC 27002 Identified Future 27000 Series Standards (In Draft)
  • 8. 27033-6 Network security — Part 6: Securing wireless IP network access 27034-3 Application security — Part 3: Application security management process 27034-5 Application security — Part 5: Protocols and application security controls data structure — XML schemas 27034-7 Application security — Part 7: Application security assurance prediction 27035-2 Information security incident management — Part 2: Guidelines to plan and prepare for incident response 27035-3 Information security incident management — Part 3: Guidelines for CSIRT operations Page 2 of 2