Saturday, January 11, 2014

Week 5. Post "Information Security Policy"

 The creation of the company security policy is make stressful to employee and management.
But, the organization need the standard foundation rule for the controlling system.
The high tech information data can simple lose the data by incident or hacker and miss handing process by weak knowledge from internal employee.
When they make strong violations of policy and make penalties to user or audience that might be keep safety data but hardly use the database or processing information data.

For the implementing the security policy.
They have to use the Issue-Specific Security Policy.
A number of approaches for creating and managing ISSPs are possible.
Three of the most common are described here:
- Create a number of independent ISSP documents, each tailored to a specific issue.
- Create a single comprehensive ISSP document that covers all issues.
- Create a modular ISSP document that unifies policy creation and administration, while maintaining each specific issue’s requirements.
This approach results in a modular document with a standard template for structure and appearance, in which certain aspects are standardized, while others- including much of the content-are customized for each issue.
The end result is several independent ISSP documents, all derived from a common template and physically well managed and easy to use.

For the end-user for using system.
They need the access control lists policy.
Access control lists (ACLs) include the user access lists, matrices, and capability tables that govern the rights and privileges of users. ACLs can control access to file storage systems, object brokers, or other network communications device.
A capability table specifies which subjects and objects that users or groups can access.

Reference.
Michael E. Whitman & Herbert J. Mattord "Management of Information security" 3e,
(2010), Boston Course Technology, Cengage Learning.

No comments:

Post a Comment