Basic approach
The first step in developing a security policy is recognizing the need for one. To begin designing the policy, it is important to first determine what the policy should cover. Additionally, the policy should be integrated and cohesive with existing organizational policies within the company.
In general, by asking yourself the following questions, you should be able to deter-mine how robust your security system needs to be, as well as ensure that the security yields cost benefits.
1. What am I trying to protect?
2. From what and whom do I need to protect it?
3. How likely are the threats and whatare the consequences if they happen?
4. Can the assets be covered in a cost-effective security manner?
5. And finally, have I reviewed the process and improved any weaknesses?
Once you have the answers to these questions, you can begin designing an information security process. The process should take into consideration that information is valuable to your company and that you have exclusive right to the information. The information and systems must be protected from fraud, disclosure, and intentional misuses. Additionally, the data and software must be securely stored and guarded. The policy should define ac-accountability for information at each employee level.
The security policy developed must con-form to existing policies, rules, regulations and laws to which the organization is subject. Another important element that of-ten is overlooked is the value of collaboration when designing policies. A security policy should be a joint effort by technical Personnel who understand the full ramifications of the proposed policy and the implementation of the policy, and by the decision makers who have the power and responsibility for enforcing the policy.
Without the joint development process, the organization risks implementation of a process that is neither enforceable nor useable.
if u like the post just say thank u in comment box.
No comments:
Post a Comment
its cool