Information security policy practices and standards, Computer Network Security

INFORMATION SECURITY POLICY PRACTICES AND STANDARDS

Management from all the communities of interest should consider policies as basis for all information security efforts. Policies direct that how issues should be addressed and technologies to be used. The Security policies are least costly controls to execute but most difficult to implement properly, as shaping policy should never conflict with laws& should be properly administered through dissemination.

Policy is plan of action used by organization to convey the instructions from management to those who make decisions and then perform duties. These are organizational laws.

Standards are more detailed statements of what should be done to comply with policy. Practices, procedures and guidelines explain how to comply with the policy. For a policy to be effective, it should be properly disseminated, read, understood and agreed by all members of the organization. The following Figure shows policies as the force which drives standards, which in turn drive guidelines.

 

 

1242_INFORMATION SECURITY POLICY PRACTICES AND STANDARDS.png

                   887_INFORMATION SECURITY POLICY PRACTICES AND STANDARDS.png

 

 

 

 

                                           Policies, Standards, and Practices

 

 

Posted Date: 10/9/2012 2:58:43 AM | Location : United States







Related Discussions:- Information security policy practices and standards, Assignment Help, Ask Question on Information security policy practices and standards, Get Answer, Expert's Help, Information security policy practices and standards Discussions

Write discussion on Information security policy practices and standards
Your posts are moderated
Related Questions
Hardware, Software, and Network Asset Identification What information attributes to track is dependent on: •    Requires of organization/risk management efforts •    Management

Question (a) Estimate the average throughput between two hosts given that the RTT for a 100 bytes ICMP request-reply is 1 millisecond and that for a 1500 bytes is 2 millisecon

SDLC Systems development life cycle (SDLC) is process of developing information systems through analysis, design, investigation, implementation and maintenance. SDLC is called as

Question: (i) ‘Implementation' is a critical stage of the Systems Development Life Cycle. Show the four approaches which are commonly used to implement information systems in

REASON FOR MULTIPLE TOPOLOGIES Every topology has disadvantages and advantages, which are described below: IN A RING:  It is simple to coordinate access to other dev

SECURING THE COMPONENTS Computer can be subject of an attack or the object of an attack. When subject of an attack, computer is used as lively tool to conduct attack. The figure

Security Clearances For a security clearance in organizations each data user should be assigned a single level of authorization indicating classification level. Before approachi

Selecting a Risk Control Strategy Risk controls involve selecting one of the 4 risk control strategies for every vulnerability. The flowchart is shown in the figure given below

Electronic Mail: Electronic mail which is famous as e-mail, as it is known to its number of users, has been around for more than two decades. Before 1990, it was mainly used in

UDP DATAGRAM FORMAT: It is given in the figure below: