Big4Guy

Confessions, Thoughts, Observations and Musings of a Big4Guy

Big4Guy

Welcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.

Post details: Developing Information Security Policies - Things to keep in mind before developing an Information Security Policy

03/22/06

Permalink 09:24:25 pm, Categories: Information Security, 252 words   English (US)

Developing Information Security Policies - Things to keep in mind before developing an Information Security Policy

One of the keys to better security in the organization is a comprehensive information security policy. A well documented information security policy with senior management support can go a long way in helping the defense indepth cause. Lately, I came across an article in a magazine on four important issues to consider before developing a security policy. The problem most companies face while developing a security policy is to develop a policy which is both implementable and organization specific. The four factors before developing an information security policy are as under:

1. What purpose does the management intend to serve by drafting a security policy? This points at, what is the risk management is trying to address through the security policy?

2. What does the management expect employees or individuals who are accountable to do once the policy is in place? How would management ensure buy-out of the policy at all levels in the organization?

3. What process does the management intend to put in place to ensure conformance with the policy? What monitoring processes would be instated?

4. Finally, management needs to understand the risk of a policy non-complaince. If compliance to policy fails what corrective action does the management intend to take? In other words, what mitigating controls would the management prefer to have?

The above four issues combined can help the management in making an informed decision while formulating information security policies.

Related Posts

Making an Inventory of Information Assets
Auditing Change Controls and Patch Management
Recovery Time Objectives
ISO OSI Presentation Layer

Permalink Leave a comment

Comments:

No Comments for this post yet...

Official Websites

Categories


Archives

  • SAP GRC Virsa Rule Sets Updates
  • SAP MM Requirements for Setting up Plant
  • Lessons Learned Log for ASAP Implementation
  • SAP Solution Configuration Realization Phase
  • SAP MDM Master Data Import Manager Loading Data into SAP MDM
  • Compliance Calibrator SOD Conflicts Remediation Strategy
  • SAP Workload Analysis Monitor Tools ST03N
  • SAP BW Data Staging Basics Tutorial
  • How to Implement BW Infoobject Level Security
  • SAP BW Admnistrator Authorizations S_RS_ADMWB
  • BIW Reporting Auth Objects S_RS_COMP
  • SAP BW Security Authorization Objects for SAP BW
  • more...

    • Search

    Google

    Web Big4Guy.com

    September 2008
    Mon Tue Wed Thu Fri Sat Sun
    <<  <   >  >>
    1 2 3 4 5 6 7
    8 9 10 11 12 13 14
    15 16 17 18 19 20 21
    22 23 24 25 26 27 28
    29 30          

    Misc

    Syndicate this blog XML

    What is RSS?