tailieunhanh - information security policy development guide large small companies phần 2
và điều tra, xác định và ủy quyền cho hậu quả của hành vi vi phạm, xác định đường cơ sở sự đồng thuận của công ty quan điểm về an ninh, giúp giảm thiểu rủi ro và giúp theo dõi việc tuân thủ các quy định và pháp luật. Các nhóm sau đây (và trong một số trường hợp, phải) có thể có đầu vào trong quá trình phát triển của chính sách trong việc rà soát và / hoặc | 4. Policy Types Policy Hierarchy Overview The diagram below outlines a hierarchical policy structure that enables all policy audiences to be addressed efficiently. This is a template for a policy hierarchy and can be customized to suit the requirements of any company The diagram above shows a hierarchy for a fairly mature developed process probably aligned to that possible in a large company where policy development has been underway for several years. For smaller companies or for those just starting to develop policy it is possible to use this basic framework but to initially have a smaller number of Technical Policies and possibly no guidelines or job aids early in the process. Rather than trying to develop a large hierarchy all at once it is more realistic to develop a Governing Policy and a small number of Technical Policies initially then increase the number of policies and supporting documents as well as the complexity of the policies as you move forward. As we have seen in large companies there will be several audiences for your policy and you will want to cover many different topics on different levels. For this reason a suite of policy documents rather than a single policy document works better in a large corporate environment. The hierarchical structure of the suite of security policy documents reflects the hierarchical structure of roles in a SANS Institute 2007 As part of the Information Security Reading Room 6 Author retains full rights. large company. The proposed scheme provides for all levels of audience and for all topics by using two policy types supported by procedural documents Governing P olicy Technical P olicy Job Aids Guidelines Governing Policy Governing Policy should cover information security concepts at a high level define these concepts describe why they are important and detail what your company s stand is on them. Governing Policy will be read by managers and end users. By default it will also be read by technical custodians .
đang nạp các trang xem trước