Đang chuẩn bị liên kết để tải về tài liệu:
Information Security Policy - A Development Guide for Large and Small Companies

This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Information Security Policy - A Development Guide for Large and Small Companies A security policy should fulfill many purposes. It should: protect people and information; set the rules for expected behaviour by users, system administrators, management, and security personnel; authorize security personnel to monitor, probe, and investigate; define and authorize the consequences of violation; define the company consensus baseline stance on security; help minimize risk; and help track compliance with regulations and legislation. . | Simpo PDF Merge and Split Unregistered Version - http www.simpopdf.com Reading Room Interested in learning more about security SANS SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Information Security Policy - A Development Guide for Large and Small Companies A security policy should fulfill many purposes. It should protect people and information set the rules for expected behaviour by users system administrators management and security personnel authorize security personnel to monitor probe and investigate define and authorize the consequences of violation define the company consensus baseline stance on security help minimize risk and help track compliance with regulations and legislation. Copyright SANS Institute Author Retains Full Rights Simpo PDF Merge and Split Unregistered Version - http www.simpopdf.com Information Security Policy - A Development Guide for Large and Small Companies Author Version Date Sorcha Canavan V1.0 11 18 03 Sorcha Diver previously Canavan V2.0 07 12 06 SANS Institute 2007 As part of the Information Security Reading Room Author retains full rights. Simpo PDF Merge and Split Unregistered Version - http www.simpopdf.com 1. Introduction.1 2. Why Do You Need Security Policy .2 2.1 Basic Purpose of Policy.2 2.2 Policy and Legislative Compliance.2 2.3 Policies as Catalysts for Change.3 2.4 Policies Must be Workable.3 3. Who Will Use Your Policies - Count Your Audiences.4 3.1 Audience Groups.4 3.2 Audience and Policy Content.4 4. Policy Types.6 4.1 Policy Hierarchy Overview.6 4.2 Governing Policy.7 4.3 Technical Policies.7 4.4 Job Aids Guidelines.8 5. Policy Topics.9 5.1 Prioritizing Policy Topics.9 5.2 Outline Topic List.9 5.2.1 GoverningPolicy.9 5.2.2 Technical Policies.10 5.2.3 Job Aids Guidelines.12 6. Policy Development Process.14 6.1 Development Approach.14 6.1.1 Development Process Maturity.14 6.1.2 Top-Down Versus Bottom-Up.14 .