IT Security Policy Framework - 1100 Words

IT Security Policy Framework (Case Study Sample) Content: IT Security Policy Framework Name Institution I.T Security Policy Framework A comprehensive security program is of paramount importance for the establishment of a reliable Information Technology security Policy Framework. It will ensure that the information of an organization is secure. All types of organizations including medium-sized companies ought to have such policies implemented. In this paper I will draft an IT Security Policy Framework for a medium-sized Insurance organization (Desman, 2002). After having reviewed three different alternatives with the IT team; I recommended the Bind view/Meta Security Group Policy Operations Center solution as the basis of the framework. In this solution there are 7 domains in which policies can be grouped into and these include; Asset Protection, Asset Management, Acceptable Use, Threat Assessment and Monitoring, Vulnerability Assessment and Management and Security Awareness. It is very simple for manag ers of the organization to understand this framework. Having put all the documents of the organization in proper categories it becomes easier to establish where to fit each one of them. In addition, with the solution came with a lot of study findings compiled together in policy documents. With this document there is no doubt that this is was the model to apply. For better representation of the organization we also included Business Continuity Physical Security†¦. 1. Asset Identification Classification 2. Asset Protection Business Continuity 3. Security Awareness 4. Asset Management Threat Assessment frequently Asked Questions, Email Security Procedure, Email Security Guidelines an organization’s inventory of information, hardware and software must be solid enough to show clearly where the information is fetched, kept and processed. The organization should be aware of the requirements of handling data of every regulation. Indicate how the organization handles inf ormation to the security policy. The organization’s requirements should be reflected in the security policies so as to enable the organization to learn how to deal with various regulations. It is recommended for an organization to select a security framework that will allow it to let the regulators know that it is applying the best acceptable guidelines, procedures, standards and practices (Schneider, 2000). If is not possible to use standard practices at times, it is recommended to prepare instructions to use as a guide. Applying the instructions consistently will eventually become like a standard procedure and even if the instructions cannot be used all the time exceptions can be documented. It is also recommended to map the security controls built to the related policies which in turn map to regulations. This will come in handy in indicating how far the regulatory requirements cover .This indicates the role of each security control. It is important for an organization to t est and monitor all or most of the security control that is related to regulations that are to be complied with. There are a times when an organization is required to provide evidence to the regulators who ask to be shown a good compliance approach. A good beginning would be characterized by control mapping, framework and security policies. Having a mapping is a clear indication of a good understanding and the interest to comply. Efforts to test and comply also demonstrate that an organization is on the right track. Each of the seven domains in the developing an effective IT Security Policy Framework is presents business challenges in an organization. In the Asset Identification Classification if the security framework is such that the confidentiality of information is not only accessed by authorized persons then the integrity of protecting the completeness and accuracy of the information may be compromised. Ne...