Scribd Logo
Carica

Benvenuto in Scribd!

  • Security Policies

    Caricato da

    Ravi
    329 visualizzazioni9 pagine
    The document discusses security policies, including that a security policy outlines what is being secured, who must comply, and what risks exist. It also describes different types of policies like regulatory, advisory, and informative policies. The role of security awareness training is to educate employees on cybersecurity risks and how to protect information. Steps to ensure policy compliance include making policies accessible, setting deadlines, and assessing understanding. The document also briefly outlines risk assessment, mitigation, common safeguards, and references.

    Descrizione originale:

    Security Policies.ppt

    Titolo originale

    Security Policies.ppt

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    The document discusses security policies, including that a security policy outlines what is being secured, who must comply, and what risks exist. It also describes different types of policies like regulatory, advisory, and informative policies. The role of security awareness training is to educate employees on cybersecurity risks and how to protect information. Steps to ensure policy compliance include making policies accessible, setting deadlines, and assessing understanding. The document also briefly outlines risk assessment, mitigation, common safeguards, and references.

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    329 visualizzazioni9 pagine

    Security Policies

    Caricato da

    Ravi
    The document discusses security policies, including that a security policy outlines what is being secured, who must comply, and what risks exist. It also describes different types of policies like regulatory, advisory, and informative policies. The role of security awareness training is to educate employees on cybersecurity risks and how to protect information. Steps to ensure policy compliance include making policies accessible, setting deadlines, and assessing understanding. The document also briefly outlines risk assessment, mitigation, common safeguards, and references.

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 9

    Security Policies

    A Security Policy is Overall a general


    statement stated by the senior
    managment in an Organization.
    A well designed Policy illustrates..
    a) what is being Secured?
    b) who is expected to comply with this
    policy?
    c) where is the vulnerability, threat or risk?

    03/25/17 1
    Types of Policies
    Regulatory: This policy ensures that the Organization
    should follow some specific industry regulations.
    Example: American Financial Institutions should follow
    the Federal Reserve regulations.
    Advisory: This policy advices to its employees for
    which types of behaviors, and activities should have,&
    should nt have.
    Example: how to handle the process confidential
    Information, financial transactions.
    Informative: It is not an enforceable policy, it teaches
    Individuals about a specific issues relevant to the
    Company,and its goals&mission.

    03/25/17 2
    Role of Security Awareness
    training.
    To days world Security Awareness training
    (SAT)is a top priority for all organizations of all
    sizes.
    Many companies invest in cyber security
    education programs for its employees to learn
    how to protect their computer and personal
    information from the hackers.
    By adopting a Security Awareness training
    program a company greatly increases its
    security related risk posture.

    03/25/17 3
    Steps that can be taken to help
    ensure compliance with policies
    Meet with the divisional leaders to ensure the
    policies and procedures are feasible.
    Determine the best format of policies for your
    audience.
    Make policies, and procedures easily accessible
    to all employees.
    Set deadline for each policy & procedure.
    Determine the best way to measure the
    understanding your employees have of policies
    and procedures .
    03/25/17 4
    Human resources security
    This policy provides a guidelines for its
    employees to aware of policies and duties.
    The policy ensure that employee-employer
    relationships and behavior with in the work
    place.
    Any regulations such as conflict
    resolution,employement laws, healthy and
    safety measures incorporated within this
    policy.
    03/25/17 5
    Risk Assessment
    Risk Assessment is the first process in the risk
    management .
    Risk Assessment activities includes,
    System characterization,
    Threat identification,
    Vulnerability identification,
    Control analysis,
    Likely hood determination,
    Impact analysis,
    Risk determination,
    Control recommendations,
    Results Documentation.
    03/25/17 6
    Risk Mitigation
    Risk Mitigation is the Second process,
    The activities includes
    Prioritize actions
    Evaluate recommended control options
    Conduct a cost-benefit analyses
    Select controls
    Assign responsibility.
    Develop safeguard implementation plan.
    And implement selected controls.

    03/25/17 7
    Safeguards
    Authentication
    Authorization
    Access control Enforcement
    Non repudiation
    Protected communication
    And transaction Privacy.

    03/25/17 8
    References
    HHS Gov book
    And Wikipedia

    03/25/17 9

    Potrebbero piacerti anche