policy procedures

FISMA is the US Government Federal Information Security Management Act. It was passed by congress and signed into law in December of 2002 as part of the E-Government Act in order to address the issue of the information security of all US Government agencies. The US Government agency NIST, the National Institute of Standards and Technology, provides a framework to aid agencies in implementing the programs for compliance with FISMA in the form of several standards, requirements, guidelines and recommendations documents.

Download free ISO 27001 Media Handling and Protection Audit Policy and Procedures
Objectives:
- The organization develops and documents media protection policy and procedures;
- The organization disseminates media protection policy and procedures to appropriate elements within the organization;
- Responsible parties within the organization periodically review media protection policy and procedures; and
- The organization updates media protection policy and procedures when organizational review indicates updates are required.

Download Free Security Intruder Detection Checklist. This security checklist could be used to manage intrusion or any others unauthorized activities within the system. This checklist cover basic security activity that should be monitored during intrusion and detection process. This also could be used as part of Intrustion Prevention System (IPS) and Intrustion Detection System (IDS).

The basic process how to develop sounds good information security policy.

1. Selecting an information security policy architecture development/review team. The size of the team will vary depending on the organization size. A suggestion for the policy development team would be as follows:

a. Senior administrator (servers, network devices);
b. Management team member who will be assisting with enforcement;
c. Counsel team member;
d. Internal audit team member;
e. User community member (this person could be the policy interpreter before implementing into the enterprise);
f. Writer—a technical writer, if possible.

2. Reviewing the information security team’s reporting structure to ensure appropriate staffing for monitoring and appropriate level of authority for enforcement.

The purpose of the Server Security Policy is to establish standards for the base configuration of internal server equipment that Blanco Wireless owns and/or operates. Effective implementation of this policy will minimize unauthorized access to Blanco's proprietary information and technology:

Scope
This policy applies to all production servers at Blanco Wireless, including web, application, and database servers.

Configuration requirements
The following directives are required of all servers at Blanco, and should be detailed in every configuration or "hardening" guide used by administrators: