II. Organizational Policies & Procedures
It is critical that policies procedures be loped which reflect the significance of the information resource
A. Scope Of Security Mechanisms
Security policies specify the rules that govern how information is to be protected; security mechanisms enforce these policies. Since a secure system is one that should be part of the total organization, the scope of the security mechanism may include all the administrative, procedural, physical, operational and technical aspects of the organization.
B. Basic Goals
Basic goals of a secure system are:
- Prevention includes those organizational, operational and physical methods thought necessary to keep a system secure from both internal and external penetration;
- Deterrence includes those policies, procedures and actions designed to discourage penetration of the system;
- Containment focuses on keeping sensitive data within the system;
- Detection means to find the nature, existence, presence or fact of the system penetration;
- Recovery is the action necessary to restore a system’s computational capability and data files after a system failure or penetration. A disaster plan is part of recovery.
C. Written Management Policies & Procedures
Once sensitive data are identified, and policies and procedures for handling sensitive data have been established, these policies and procedures must be communicated to those who are affected. A variety of methods including training and a security manual may be used for communicating this information.
The materials on these pages are Copyright by the respective authors. The materials may be used for non-commercial academic purposes. Please cite the original author and source where appropriate.