Updating of security procedures definition
The actual setting of security policies within an appliance, such as the firewall server, is the other aspect of policy management.Companies need to make sure that the policies are flexible enough to allow information to flow, but not so lenient that the doors to the organisation are completely open.
Collaborate, contribute, consume and create knowledge around various information security policies and procedures including BYOD, password complexity, and other topics. The recommendations outlined in this memo is for all systems that receive, process, store or transmit FTI, including Tumbleweed workstations and server, database servers, application servers, file servers, mainframes, routers, switches and firewalls.Who is responsible for securing an organization's information? By definition, security policy refers to clear, comprehensive, and well-defined plans, rules, and practices that regulate access to an organization's system and the information included in it.The policy format is a living document that needs to be created in such a manner to appeal to the general employee population, third-party auditors, the IT department, as well as potential partners and suppliers.Generalised policies need to be written so that updates do not become overly burdensome, but can bring a call to action to prevent breaches from occurring, or lay out the proper procedures should a breach occur. Ultimately, it is not only individual employees or departments that are responsible for the security of confidential information, but also the institution itself.
Good policy protects not only information and systems, but also individual employees and the organization as a whole.
Compliance – identifies the requirement to comply with the document and where to report non-compliance and to request exceptions.
Standard and Process – Standard defines the rules by which the individuals or assets within the scope must adhere; the process provides greater detail on the standard by describing how the individuals or assets comply with the standard.
These standards apply the principles of ISO/IEC 27005 section 4.3.2.
All Information Security documents developed for creating University-wide standards, procedures or best practices must follow these documentation standards.
, Vice President and Chief Information Officer Effective Date: August 31, 2012Last Reviewed Date: October 2, 2015This document establishes standards for Information Security documentation.