Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Policies

Published byMarie-Claire Boulet Modified over 5 years ago

Similar presentations

Presentation on theme: "Information Security Policies"— Presentation transcript:

1 Information Security Policies
What are they? DMM Information Security Policies

2 Information Security Policy
should give … a clear direction for all users have management support a suitable degree of authority a means by which compliance can be checked a legally agreed response in the event of it being violated. DMM Information Security Policies

3 Why is a policy required?
informal understandings and chats in the corridor can prove insufficient need to providing the entire company with clear, concise guidelines increasing legal and regulatory pressures reduce risk of information loss or damage improve efficiency DMM Information Security Policies

4 Information Security Policies
Policy contents: a set of objectives Include basic principles include statements such as ‘We will operate on a “need-to know” basis’ (or conversely, ‘on a “need-to-restrict” basis’). establish agreed roles and responsibilities lists of company procedures or processes DMM Information Security Policies

5 Examples of procedures:
fault reporting incident reporting incident management user ID addition/removal server backup access rights relating to company hierarchy DMM Information Security Policies

6 Information Security Policies
Policies standards: Approved policy standards, such as: British Standards (BSMI) or ISO/IEC 27001 Information Security Forum (ISF) The Standard of Good Practice (SOGP) Information Technology Infrastructure Library (ITIL) DMM Information Security Policies

7 Information Security Policies
ITIL - is a collection of best practices in IT service management ITIL is used in public and private sectors internationally supported by a comprehensive qualification scheme and accredited training organisations. best practice in information security management DMM Information Security Policies

8 Information Security Policies
Exercise Find an Information Security policy for a large organisation on the web. Universities, public organisations like the NHS very often publish Describe the key features Suggest additions – do they include the use of mobile technology, use of social media? DMM Information Security Policies

Download ppt "Information Security Policies"

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Software Quality Assurance Plan

Software Quality Assurance Plan
New Directions for the Collections Trust Nick Poole, Chief Executive, Collections Trust.

New Directions for the Collections Trust Nick Poole, Chief Executive, Collections Trust.
Information Security Policies and Standards

Information Security Policies and Standards
IT Security Requirements

IT Security Requirements
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Eleonora Babayants Galaxy Consulting. Information Governance  It is the set of policies, procedures, processes, roles, metrics, and controls implemented.

Eleonora Babayants Galaxy Consulting. Information Governance  It is the set of policies, procedures, processes, roles, metrics, and controls implemented.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Network security policy: best practices

Network security policy: best practices
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
A Major Business Disruption A Strategy for Minimising the Downtime Anthony Hegarty Mitigating Risks.

A Major Business Disruption A Strategy for Minimising the Downtime Anthony Hegarty Mitigating Risks.
Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.

Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.
1 Copyright © 2014 M. E. Kabay. All rights reserved. CSH5 Chapter 67 “Developing Classification Policies for Data” Karthik Raman & Kevin Beets Classification.

1 Copyright © 2014 M. E. Kabay. All rights reserved. CSH5 Chapter 67 “Developing Classification Policies for Data” Karthik Raman & Kevin Beets Classification.
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.

CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC 27001 Standard for Information Security Management Systems.

© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Similar presentations

Ads by Google