Security
Policies
We help organizations achieve their security and risk management
goals by working with them to develop security policies, guidelines,
standards, procedures, and related policies. These documents
minimize and manage risks and liabilities.
Security Policy
The security policy is not a technical document. It communicates
senior management's direction, guidelines, expectations, and
intentions concerning organizational security. The security
policy will reference security standards, guidelines or best
practices, procedures, and related policies.
Security Standards - Standards are the minimum requirements
that must be met. Standards are compilsory in nature. They
should be easy to understand and not open to interpretation.
They can include rules for authentication, network services,
host configuration, workstation software, and availability.
Security Guidelines - Guidelines are documents that
address intentions and allow for interpretation. They are
recommendations or best practices. Guidelines are most useful
when implementing very complex applications or Web sites.
Procedures - Procedures are documented, step-by-step
actions that guide people through a particular process to
produce the desired outcome. Procedures are best applied to
operations that are repetitive in nature. Examples include
workstation setup, VPN configuration, first level troubleshooting,
password resets, and initial host hardening.
More about security policies
Related Policies
Related Policies are a collection of supporting policies that
address specific security concerns in an organization. These
may include an acceptable usage policy, enforcement policy
and logging policy, to name a few.
Acceptable Usage Policy
Privacy Policy
Enforcement
Policy
Logging and Monitoring
Policy
© 2003 Hudson Business Networks
|
