Purpose
This document is intended to address the importance of having a written and enforceable Information Technology (IT) security policy, and to provide an overview of the necessary components of an effective policy. The reader will gain an understanding of the basic processes, methodologies, and procedures needed to initiate the development of an organization-wide IT Security Policy.
When developing an IT Security Policy you should keep in mind the ‘defense in-depth ‘model. In other words, you should not be relying on one principal means of protection (or layer), instead, you should develop your security program so that it provides multiple layers of defense. This will ensure maximum protection of your data and resources and will minimize the potential for compromise. Please keep in mind that we
…show more content…
An IT Security Policy is the most critical element of an IT security program. A security policy identifies the rules and procedures that all persons accessing computer resources must adhere to in order to ensure the confidentiality, integrity, and availability of data and resources. Furthermore, it puts into writing an organization’s security posture, describes and assigns functions and responsibilities, grants authority to security professionals, and identifies the incident response processes and procedures.
Note: The security-related decision’s you make, or fail to make largely determine how secure or insecure your network is, how much functionality your network offers, and how easy your network is to use. However, you cannot make good decisions about security without first determining what your security goals are. Until then, you cannot make effective use of any collection of security tools because you simply will not know what to check for and what restrictions to impose.
What Determines a Good IT Security Policy?
In general a good IT Security Policy does the following:
· Communicates clear and concise information and is