Organisation Policy, Security and Infrastructure
Today, A good manager will know the types and forms of information generated and how the information is used to in the business before planning, and how to manage it.
An organizational policy provides the rules the governs how systems should be configured and how employees of an organization should act in normal circumstances and react during unusual circumstances. The policy defines how security should be implemented.
However, the technical aspects of security are not the only things that are defined by the policy. The policy also defines how employees should perform certain security-related duties such as the administration of users. The policy also defines how employees are expected to behave when using computer systems that belong to the organization.
The security policy tells its audience what must be done. It does not address how these things should be done-that falls under the domain of implementation. which must be kept completely separate from the policy itself.
Infrastructure security begins with the actual design of the infrastructure itself. The proper user of the right components not only improves performance but also improves security.
An important part of any organization's approach to implementing security are the policies, standards, procedures and guidelines that are established to detail what users and administrators should be doing to maintain the security of the systems and network. Collectively, these documents provide the guidance needed to determine how security will be implemented in the organizations. Given this guidance, the specific technology and security mechanisms required can be planned for:
Policies are high-level, broad statements of what the organization wants to accomplish. They are made by management when laying out the organizations position on some issue.
Standards are mandatory elements regarding the implementation of a policy. They are accepted specifications providing specific details on how a policy is to be enforced.
Guidelines are recommendations relating to a policy.
Procedures are the step-by-step instructions on how to implement policies in the organization.
The constant monitoring of the network and the periodic review of the relevant documents are part of the process that is the operational model. When applied to policies, this process results in what is known as the policy life cycle. This operational process roughly consists of four steps:
- Plan
- Implement
- Monitor
- Evaluate.
The first step is to plan for security in your organization. In this step, you develop the policies, procedures, and guidelines that will be implemented and design the security components that will protect your network.
In second step, implement the plans and next you monitor to ensure that both the hardware and software as well as the policies, procedures and guidelines are effective in securing your systems. Finally, you evaluate the effectiveness of the security measures you have in place. After evaluating your security posture, you begin again with step one, this time adjusting the security mechanisms you have in place, and then continue with this cyclic process.
0 comments:
Post a Comment