|
The Manual Way
There are two approaches to developing a policy management program: manual and automated. With the former, there is manual intervention to track adherence to the policies. For the latter, software tools are used to enforce policy compliance.
The first step in developing a manual policy management solution is creating a set of procedures that reflects your policies' goals. Keep the policies as high level as possible; the procedures and guidelines will provide the details necessary for day-to-day operations.
Some typical procedures include antivirus, password aging and log monitoring. Each procedure/guideline is an interpretation of a specific section of the policy and is used as criteria for implementing and configuring specific soft...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
ware solutions.
Using our procedure example, the antivirus policy sets the tone by establishing that an antivirus solution will be used within the enterprise. The antivirus procedure will outline exactly how the policy will be enforced, addressing issues such as updates and outbreak response. Normally, that is managed by a central console and the rules are pushed out to workstations and servers.
An acceptable-use policy is interpreted in several procedures that address e-mail usage, data storage and Internet usage, among other activities. A Web usage procedure outlines which sites employees are allowed to visit, what type of technology--such as Web content filtering--will be in place to enforce the restrictions and how often the logs on the devices are checked.
|
 |
|
