Home > Multi-dimensional enterprise-wide security: The goal of an information security policy
10 Tips in 10 Minutes:
EMAIL THIS

Multi-dimensional enterprise-wide security: The goal of an information security policy

10 Jan 2006 | Realtimepublishers.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

This tip is excerpted from Chapter 3 of The Definitive Guide to Security Inside the Perimeter, written by Rebecca Herold and published by Realtimepublishers.com. Read the entire e-book for free.

An information security policy documents executive management's direction on, and commitment to, information security. To be effective, you must communicate the security policy to everyone within your enterprise that handles your information or uses your systems.

An effective information security policy will...

  • Include a statement of direction from executive management supporting the goals and principles of information security.

  • Communicate the business risks associated with information security incidents and accidents.

  • Document information security, responsibilities and the high-level principles personnel must observe.

  • Specify key activities that must occur within the organization, such as carrying out security classifications and risk analyses, safeguarding important records and reporting suspected security weaknesses.

  • Require information to be protected in terms of its requirements for availability, integrity and confidentiality.

  • Emphasize the need for compliance with software licenses and other legal, regulatory and contractual obligations.

  • Prohibit unauthorized or personal use of the organization's information and systems and the use of obscene, racist or otherwise offensive statements (for example, via e-mail or over the Internet).

  • Document that disciplinary action will be taken against individuals who violate policy requirements.

    MULTI-DIMENSIONAL ENTERPRISE-WIDE SECURITY

      Introduction
      Protection strategies
      Risk assessment and analysis methodologies
      Define risks
      The goal of an information security policy
      Due diligence
      Corporate reputation
      Audit and validation
      Simplifying complexity
      Divide and conquer
      An action plan

    ABOUT THE AUTHOR:
    Rebecca Herold is currently an information privacy, security and compliance consultant, author and instructor with her own company, Rebecca Herold, LLC. Rebecca has provided information security, privacy and regulatory services to organizations from a wide range of industries. She has over 15 years of information privacy, security and compliance experience. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the 1998 CSI Information Security Program of the Year Award.


    BROWSE BY TAG
    Information Security Policies, Procedures and Guidelines,   Information Security Management,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Information Security Policies, Procedures and Guidelines
    How to detect and respond to money laundering
    Health Net breach failure of security policy, technology
    How to protect distributed information flows
    Whitelists, SaaS modify traditional security, tackle flaws
    Melissa Hathaway urges more cooperation, government attention to cybersecurity
    Reuters: Obama ready to select cyber security czar
    How a corporate Twitter policy can combat social network threats
    Should enterprises be concerned with Twitter in the workplace?
    Information security management hype: Debunking best practices
    Data breach avoidance begins with security basics, panel says

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    defense in depth  (SearchSecurity.com)
    non-disclosure agreement  (SearchSecurity.com)
    security policy  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary




    • Search Additional Security Research and Solutions
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts