Information Security Policy Architecture Step by Step

The basic process how to develop sounds good information security policy.

1. Selecting an information security policy architecture development/review team. The size of the team will vary depending on the organization size. A suggestion for the policy development team would be as follows:

a. Senior administrator (servers, network devices);
b. Management team member who will be assisting with enforcement;
c. Counsel team member;
d. Internal audit team member;
e. User community member (this person could be the policy interpreter before implementing into the enterprise);
f. Writer—a technical writer, if possible.

2. Reviewing the information security team’s reporting structure to ensure appropriate staffing for monitoring and appropriate level of authority for enforcement.

3. Deciding on the scope, mission, and objectives of the policy architecture.

4. Selecting a sample staff and support population for review and input before implementation.

5. Acquiring sign-off from the executive management team, depending on the level of document being implemented.

6. Implementing the information security policy architecture and setting up user awareness sessions.

7. Documenting the review and maintenance process of the information security policy architecture.

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Facebook
  • Google
  • Yahoo
  • Technorati

Trackback URL for this post:

http://www.smashingpasswords.com/trackback/94

User login

Who's online

There are currently 0 users and 1 guest online.

Who's new

  • asejPeelwrx
  • swigicky
  • EthefwafMaife
  • lerafuxse
  • NugRigquiff