2. The challenges
Define security policies and standards
Measure actual security against policy
Report violations to policy
Correct violations to conform with policy
Summarize policy compliance for the
organization
8. The Purpose
Provide a framework for the
management of security
across the enterprise
9. Definitions
Policies
High level statements that provide guidance to
workers who must make present and future
decision
Standards
Requirement statements that provide specific
technical specifications
Guidelines
Optional but recommended specifications
10. Security Policy
Access to
network resource
will be granted
Passwords
through a unique
will be 8
user ID and
characters
password
long
Passwords
should include
one non-alpha
and not found
in dictionary
11. Elements of Policies
Set the tone of Management
Establish roles and responsibility
Define asset classifications
Provide direction for decisions
Establish the scope of authority
Provide a basis for guidelines and procedures
Establish accountability
Describe appropriate use of assets
Establish relationships to legal requirements
12. Policies should……
Clearly identify and define
the information
security goals and the goals
of the institution/unit/company.
14. Policy Hierarchy
Governance
Policy
Access User ID
Control Policy
Policy
Access
Password User ID
Control
Construction Naming
Authentication
Standard Standard
Standard
Strong
Password
Construction
Guidelines
Editor's Notes
A policy may have many standards associated. A standard should have only one policy associated. A standard may have many guidelines associated........