Feature

Reworking Risk Policy

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Is your data safe from next-generation attackers?."

Download it now to read this article plus other related content.

The Manual Way
There are two approaches to developing a policy management program: manual and automated. With the former, there is manual intervention to track adherence to the policies. For the latter, software tools are used to enforce policy compliance.

The first step in developing a manual policy management solution is creating a set of procedures that reflects your policies' goals. Keep the policies as high level as possible; the procedures and guidelines will provide the details necessary for day-to-day operations.

Some typical procedures include antivirus, password aging and log monitoring. Each procedure/guideline is an interpretation of a specific section of the policy and is used as criteria for implementing and configuring specific software solutions.

Using our procedure example, the antivirus policy sets the tone by establishing that an antivirus solution will be used within the enterprise. The antivirus procedure will outline exactly how the policy will be enforced, addressing issues such as updates and outbreak response. Normally, that is managed by a central console and the rules are pushed out to workstations and servers.

An acceptable-use policy is interpreted in several procedures that address e-mail usage, data storage and Internet usage, among other activities. A Web usage procedure outlines which sites employees are allowed to visit, what type of technology--such as Web content filtering--will be

    Requires Free Membership to View

in place to enforce the restrictions and how often the logs on the devices are checked.

This was first published in June 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: