Updating of security procedures definition
Once in a while it contains a description about how certain tasks will be accomplished.For example, updating applications on the production system.Agencies that are compliant with Safeguarding requirements in these areas have a significant advantage when it comes to integrating security into IT operations.The recommendations outlined in this memo is for all systems that receive, process, store or transmit FTI, including Tumbleweed workstations and server, database servers, application servers, file servers, mainframes, routers, switches and firewalls.The documents I usually get are examples of security procedures.Consider an organization that requires management approval before developers are given *ALLOBJ special authority on the production system. In order to enforce this policy, the company uses the help desk ticketing system along with a homegrown application to accomplish this.Non-compliance with this standard must be reported to University Information Security ([email protected]).
Generalised policies need to be written so that updates do not become overly burdensome, but can bring a call to action to prevent breaches from occurring, or lay out the proper procedures should a breach occur.
Importantly, security policy shouldn’t include descriptions of how to enforce, prevent, or identify wanted and unwanted behavior.
Security procedures, on the other hand, do describe various processes and techniques that will be used to enforce, prevent, or identify wanted and unwanted behavior.
Most organisations opt to write the security policies themselves, using common sense and their own experiences as a guideline.
However, there are also software packages available from organisations, such as Pentasafe (recently acquired by Net IQ), that automate the ability to create these policies.