Updating of security procedures definition consolidating company financials

He was now expected to develop, institute, manage, and monitor an organization-wide security policy without assistance, consent, or buy-in from a single employee, much less empowered high-level administrators.

He knew that the organizational support he failed to receive meant that there was little chance of his being able to effectively secure the system--and that it was just a matter of time before a significant breach in system security would take place.

updating of security procedures definition-46

Who is responsible for securing an organization's information? By definition, security policy refers to clear, comprehensive, and well-defined plans, rules, and practices that regulate access to an organization's system and the information included in it.

While policies themselves don't solve problems, and in fact can actually complicate things unless they are clearly written and observed, policy does define the ideal toward which all organizational efforts should point.

As the Information Systems Manager in a small school district, he was responsible for operating a district-wide computer network--everything from installation and maintenance to user support and training.

While it was clearly not a one-man job, he was his own one-man staff.

Tenable security policy must be based on the results of a risk assessment as described in Chapter 2.

Findings from a risk assessment provide policy-makers with an accurate picture of the security needs specific to their organization.But regardless of those findings, the following general questions should be addressed clearly and concisely in any security policy: Policy should be written in a way that makes sense to its intended audience.After all, guidelines that aren't implemented foreshadow objectives that won't be met.In the meantime, you get cracking on securing our system as if your job depends on it...in fact, I guess your job does depend on it." Fred watched his unrealistic, if well-intentioned, boss walk away, realizing that his job was no longer difficult, but truly impossible.Fred had tried to explain to his superintendent that the district's network was vulnerable to a range of threats because his small budget and non-existent staff prevented him from handling system security effectively, but his warnings had always been ignored.

Tags: , ,