2023 IT Examiner School

First page Table of contents Previous page 134 Next page Last page

Information Security Policy

• Security policy • Includes statements of rules or standards. • Policies do not change. • Supports mission statement • Establish roles & responsibilities “Authority” • Approval from highest level of management (BoD) • Outline consequences of non-compliance • Must result in a positive cost benefit! Security Policy

Types of Policy

• Three main types of policies exist: • Corporate Policy • System Specific Policy

• Web Servers must have an application firewall. • MFA always used for Domain Controllers. • Issue Specific Policy • Change Management • Acceptable Use • Job Rotation • Least Privilege, Separation of duties

Security Policy

Made with FlippingBook - Share PDF online