Monitoring activities are mostly separate evaluations, activity evaluations and the mixture of two is controlled by the different parts of the internal control. Two policies regarding Monitoring Activities are: (Soske, S. E, 2013)
IT SECURITY POLICY FRAMEWORK 4 1. The organization selects, produces, and conducts continuous separate evaluations to resolve whether the parts of internal control are in working condition or not. 2. The organization decides and communicates with internal control that requires a proper way to communicate with those companies which are responsible for taking corrective action, including directors and senior management. Policies would be the high-level papers that would strengthen our organization level information security policy. Procedures would have more detail, but would not be an operational process document. Policies and procedures would be substantial requirements that must be met. “The structure of policy information is given as: A. Acceptable Use Policy a. Frequently Asked Questions 1. Email Security Procedure a. Email Security Guidelines ß 2. Instant Messaging Procedure” (VanCura, L. , 2005) The security frameworks provided by NIST (SP 800-53), ISO / IEC 27000 series and COBIT provided you the laws and regulations in which the security policies should be followed. By studying these regulations in the connection of security policies, you can recognize how they can be avoided. (Johnson, 2011) The seven domains in developing an effective IT Security Policy Framework are: User, Workstation, LAN, WAN, LAN-to-Wan, Remote Access, System Application are managed. (Johnson, 2011). Each domain has unique functions for the data quality and handling. The following individuals analyze the challenge with the security group to ensure data quality in business: • Data administrators • Data security administrators
IT SECURITY POLICY FRAMEWORK 5 •
You've reached the end of your free preview.
Want to read all 6 pages?
- Spring '16
- Information Security, IT Security Policy Framework, security policy, Committee of Sponsoring Organizations of the Treadway Commission, security policy framework