IT Examiner School eBook

First page Table of contents Previous page 112 Next page Last page

Types of Policy

• Three main types of policies exist: • Corporate Policy • System Specific Policy

• Web Servers must have an application firewall. • MFA always used for Domain Controllers. • Issue Specific Policy • Change Management • Acceptable Use • Job Rotation • Least Privilege, Separation of duties

Security Policy

15

Security Policy Summary

• Business objective drive policy • Policy drives technology

• Increases cost-effectiveness/reduce risk • Provide guidelines for uncertain scenarios

• Establish consistency • Change management • The basis for IT Audit compliance

16

Made with FlippingBook - Online magazine maker