Three Steps for The Planning of Security Policy

Tue, Aug 18, 2009, by sahista1

Security

Three steps for the planning of security policy.

Create a security policy does not need to be a difficult task. Breaking all the necessary components can turn an overwhelming task and one for implementation and can be controlled easily. And this article will discuss the first step for the success of policy: planning. (To learn how to implement your security policy, after he was planning, and reading and the implementation of your security policy.) 

It is common for many companies to the notice of a security problem, and then immediately in the search for technical solutions to fill the hole up. In the end, we do not know why the companies have plenty of solutions that do not effectively secure corporate assets. This is the place that becomes a need for planning. 

The importance of planning 

Read more in Security
« Beware of on Line Thefts!
Tips in Creating a Strong Password »

Planning your security policy requires the analysis of the behavior of workers in different jobs and roles, as well as time for the company’s goals of security and they should. The existence of problems and evaluate the objectives at the same time makes it easier to develop comprehensive solutions that would be effective and useful for all. The best rule of thumb when planning the security policy is based on the risk of such a policy, not technology. Policy should not change the technology changes (1). 

The planning stage, and help to address this situation, by focusing on the behavior of the employee. This is extremely important for that, and changes in policy often begins in the changes. “The organization need to understand that a lot of information, privacy, security and work to be done by people on the basis of [the] policies and procedures, training, and awareness [and] response activities.” (2) 

Planning for your security policy 

There are three factors to take into account when planning your own policies. The first requires you to express the objectives of your policy. What are you trying to accomplish? What are you trying to protect? The second step requires you to survey the working environment and to identify weaknesses in current operations. The final step asks you to create a plan of action that would help alleviate the defects. The equality of all contributors to the success of planning. 

Step 1: Identify the goals of your security policy 

Your security policy objectives should be consistent with the goals set for your company. For example, if the company’s customer-oriented, the objective of the security policy should be to protect customers and their data through the use of encryption and network security. 

Furthermore, all parties should play a role in setting goals. This is very important because if there was a security breach to occur, each department plays a different role in the recovery process, as well as the re-evaluation of the actions related to improving global policies and allow for the participation of each department to invest the time in politics, and to ensure the highest level of cooperation when it comes time to implement this policy . 

Step 2: Identify security holes 

We must examine the company’s existing procedures and identify all the processes that constitute a security risk. For example, policies on data management and how to protect data during storage, and the duration of the stay and the means to delete the sound common data between the mother in the corporate world. Some of the issues that may assist in identifying such weaknesses are: 

What types of sensitive information do not deal with your company? 

Administrator of each piece of sensitive information? 

Sensitive information is stored with non-sensitive information? 

These are some questions that should stimulate thought on what changes were needed in order to begin to mitigate the risks associated with the ongoing processes within the departments. 

Step 3: Develop a plan of action 

After identifying the processes needed to change, and create a plan of action to mitigate these risks. We should consider each plan for each change will take place, and the type of training required for each person / department to meet the newly adopted standards, and also what are the responsibilities of each individual / department can be responsible for How is any gap analysis (3) With respect to security, and who conducted them?) 

Other challenges include in the budget, and the optimum use of restrictions on the security measures at the time is still committed to auditing standards. Such measures “must be followed from one document to another for the audit so that it can be easily verified that the policies are being implemented.” (4) If the solutions to the choice of technology compared to different products may be useful. 

After the procedures have been established, decision makers should be able to identify the “members of roles that are responsible for the activities, and activities that require registration, [and] how the reviews and inspections carried out at home.” (5) should also be follow-up procedures to make more changes to the policy in the future.

1
Liked it

, , ,

1 Comments For This Post

  1. Deepak Kumar Singh Says:
    August 18th, 2009 at 10:47 am

    Thought provoking article… liked it..

Leave a Reply

« Previous Article
Next Article »