Security Guidelines

An effective security policy should follow standard guidelines. Many of these guidelines apply common sense, but it is best to define each guideline to ensure that all items are covered. At a minimum, it is important to address the following issues when developing a security policy:

• Management must support the policy.

• The policy must be consistent.

• The policy must be technically feasible.

• The policy should not be written as a technical document.

• The policy must be implemented globally throughout the organization.

• The policy must clearly define roles and responsibilities.

• The policy must be flexible enough to respond to changing technologies and organizational goals.

• The policy must be understandable.

• The policy must be widely distributed.

• The policy must specify sanctions for violations.

• The policy must include an incident-response plan for security breaches.

• Security is an ongoing process.

The next sections explore each of these guidelines.

0 0

Post a comment