information security policies n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Information Security Policies PowerPoint Presentation
Download Presentation
Information Security Policies

play fullscreen
1 / 8

Information Security Policies

114 Views Download Presentation
Download Presentation

Information Security Policies

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Information Security Policies What are they? Information Security Policies

  2. Information Security Policy should give … • a clear direction for all users • have management support • a suitable degree of authority • a means by which compliance can be checked • a legally agreed response in the event of it being violated. Information Security Policies

  3. Why is a policy required? • informal understandings and chats in the corridor can prove insufficient • need to providing the entire company with clear, concise guidelines • increasing legal and regulatory pressures • reduce risk of information loss or damage • improve efficiency Information Security Policies

  4. Policy contents: • a set of objectives • Include basic principles include statements such as ‘We will operate on a “need-to know” basis’ (or conversely, ‘on a “need-to-restrict” basis’). • establish agreed roles and responsibilities • lists of company procedures or processes Information Security Policies

  5. Examples of procedures: • fault reporting • incident reporting • incident management • user ID addition/removal • server backup • access rights relating to company hierarchy Information Security Policies

  6. Policies standards: Approved policy standards, such as: • British Standards (BSMI) or ISO/IEC 27001 • Information Security Forum (ISF) • The Standard of Good Practice (SOGP) • Information Technology Infrastructure Library (ITIL) Information Security Policies

  7. ITIL - www.itil.co.uk • is a collection of best practices in IT service management • ITIL is used in public and private sectors internationally • supported by a comprehensive qualification scheme and accredited training organisations. • best practice in information security management Information Security Policies

  8. Exercise • Find an Information Security policy for a large organisation on the web. • Universities, public organisations like the NHS very often publish • Describe the key features • Suggest additions – do they include the use of mobile technology, use of social media? Information Security Policies