For example what happens if someone doesnt comply

  • Test Prep
  • DrRockWrench
  • 55
  • 100% (9) 9 out of 9 people found this document helpful

This preview shows page 21 - 23 out of 55 pages.

For example, what happens if someone doesn't comply with computer security policies? NOTE An employee can unintentionally violate a policy. For example, an employee may lack knowledge or training. This can result in noncompliance. The program-level policy is a high-level document. It usually does not include penalties and disciplinary actions for specific infractions. However, this policy may authorize the creation of other policies or standards that describe violations and penalties. One common strategy for handling this issue is to have the information security policy refer to disciplinary procedures found elsewhere, such as in a human resources policy that broadly covers disciplinary actions. Industry-Standard Policy Frameworks Policy frameworks provide industry-standard references for governing information security in an organization. They allow you to leverage the work 2/22/2011…… 3/17
Image of page 21

Subscribe to view the full document.

of others to help jump-start your security program efforts. The following areas determine where framework policies are helpful: Areas where there is an advantage to the organization in having the issue addressed in a common manner, such as shared IT resources Areas that affect the entire organization, such as personnel security Areas for which organization-wide oversight is necessary, such as compliance Areas that, through organization-wide implementation, can result in significant economies of scale, such as unified desktop computer management No two organizations are alike. For-profit companies may have different goals and concerns than nonprofit organizations or government agencies. Different needs require different solutions. Therefore, security professionals have a wide variety of policy frameworks to work with. It's up to each organization to determine the best policy framework that meets the needs of the organization and the threats they face. Three frameworks stand out because of their scope and wide acceptance within the security community: Control Objectives for Information and related Technology (COBIT) —A widely accepted set of documents that is commonly used as the basis for an information security program. COBIT is an initiative from the Information Systems Audit and Control Association (ISACA) and is preferred among IT auditors. COBIT was addressed in Chapter 3 . ISO/IEC 27000 series —An internationally adopted standard for any information security management program in virtually any organization National Institute of Standards and Technology (NIST) Special Publications, such as (SP) 800-53, "Recommended Security Controls for Federal Information Systems and Organizations" Geared to U.S. government agencies and their subcontractors Many of the regulatory bodies use these standards to develop security guidance and auditing practices. By relying on those who have paved the way for you, you can help to assure compliance with regulations that affect your organization without reworking all of your compliance processes. The
Image of page 22
Image of page 23
  • Fall '11
  • MilesJohnson
  • RFID, USB flash drive, Radio-frequency identification, u.s. copyright laws, prior written permission

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern