Now I am going to concentrate on the SAMPLE I.T. Security policy for any Organization, I will try to cover in brief some important aspects in the forthcoming weeks, as we all know how important a Security Policy is. I did get an inspiration to draft a sample security policy after reading Network Security Architecture by Sean Convery.
What is a Security Policy?
Security policies are a special type of documented business rule for protecting information and the systems which store and process the information. Information security policies are usually documented in one or more information security policy documents. Within an organization, these written policy documents provide a high-level description of the various controls the organization will use to protect information.
Written information security policy documents are also a formal declaration of management’s intent to protect information, and are required for compliance with various security and privacy regulations. Organizations that require audits of their internal systems for compliance with various regulations will often use information security policies as the reference for the audit.
I am planning to cover following things in coming weeks,
1- PHYSICAL SECURITY
2- HUMAN SECURITY
3- USER POLICY
4- CLIENT SECURITY
5- NETWORK SECURITY
6- SERVER SECURITY
7- DATA SECURITY
8- REMOTE ACCESS SECURITY
9- INTERNET POLICY
First of all I will start with Physical Security policy and later on I will proceed with the next policies.
“IS” CONSIDERED THE FOLLOWING:
1- Make sure that building security is adequate to prevent walk-up access to the workstations.
2- Employ a security officer or an “attack receptionist” to guard the front desk, and don’t allow
non-employees access beyond that point.
3- Physical access to high security areas is to be controlled with strong identification and
authentication techniques. Staffs with authorization to enter such areas are to be provided
with information on the potential security risks involved.
4- Make certain all servers are located in locked and secure rooms. Restrict access to
5- Make certain the servers are stored in an area that is secure from physical compromise under
all reasonable circumstances. Make sure all guests have an escort when they are in the room.
6- Sensitive and value material things must be stored securely. We could use lockable storage
7- Put the sensitive data, material in fire protected storage cabinets
8- The use of safe is must be in mind for saving sensitive material.
Personel Website: www.yasirirfan.com