Click me

Develop and Deploy a Security Policy

Security Policy Develop and Deploy a Creating a security policy is like the tortoise: take your time and keep moving. Security/ Security Policy Many organizations have no formal documentation that indicates how employees should act to uphold security. Regulatory pressure is making a lack of security policies a business inhibitor due to the fines and sanctions that can be Security Policy defines the enterprise's security intent and the methods it will use to achieve that intent. levied against enterprises that fail audits. Slow and Steady Wins the Race Policy creation and implementation needs to be a relatively slow process so that nothing is missed and user adoption is as high as possible. Establishing a baseline and building your policies must be a comprehensive and exhaustive process so that nothing is missed, nothing is misappropriated. Implementation must be move slowly to ease acceptance. Inconsistent enforcement can create a rift between who is following policies and who is not. Managers cannot skip policies just because they Start want to. Establish a Baseline First, define enterprise security intentions in order to achieve them Second, establish security objectives Security policy is a hierarchy of related documents Objectives Standarda What needs to be secured and how Step 1 Security Policy Defining the intentions of the policy development and deployment is the only way to demonstrably achieve them. Guidelines Procedures Baselines why? how? By themselves "thou shall/shall not" objectives don't do enough to protect the enterprise; they may indicate "what" needs to be done, but don't provide enough context to discern the "why" and "how". Without these factors enterprises find it difficult to enact security. zzzz Build the Policies Determine required Policies Determine number of framework layers Security Policy Assign Policies to framework layers Phased policy development and deployment improves security faster. Step 2 While it may seem ideal to first fully create and then implement the entire security policy, doing so slows down adoption and leaves security gaps during the process. Develop and distribute policies Negotiate, not mandate, restrictiveness of policy to ensure higher levels of acceptance and adoption. A phased approach allows for the deployment of individual policies as they are developed, but calls for care that policies are built and distributed in an order that makes sense. Incident Response Assessment Take an iterative approach: determine controls, establish stringency, review with business, publish, solicit feedback, review again Personnel Security Acceptable Usage Training Focus your efforts on what is important and work your way up. Policy is a living document – IT can work towards stronger policy over time. Remember; a weaker than ideal policy is better than no policy at all. Most important will be policies that need immediate creation and Systems Security Data Account Passwords Security Management implementation. Implement and Enforce Security Policies First, obtain acceptance from management and assess impacts of policy deployment Policy impact matrix Step 3 Change in-place security capacity/ process for an equivalant Implement net-new security capacity/ process that is user facing Security Policy Extend reach of an existing security capability / Implement net-new security capacity/ process that is user facing process Second, enforce your policies Low High Security Impact Security Policy You must minimize user impact to ensure policy implementation is Staggered implementations that balance security impact against user impact result in more successful rollouts. Security concepts will be new to many users though so remember to train before things get too complex. The work doesn't end with implementation - enforcement is required to make even acceptable policies stick and dedicated tools are the key to successful enforcement along with regular employee awareness retraining. more successful. Start this project today INFO~TECH RESE ARCH GROUP 1-888-670-8889 User Impact High MOT

Develop and Deploy a Security Policy

shared by cmontwerp on Apr 09
0 share
Creating a security policy is like the tortoise: take your time and keep moving




Cees Mensen


Did you work on this visual? Claim credit!

Get a Quote

Embed Code

For hosted site:

Click the code to copy


Click the code to copy
Customize size