Network technologies and trends

Jun 22 2008   6:08AM GMT

Sample I.T Security Policy

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Dear Folks

Now I am going to concentrate on the SAMPLE I.T. Security policy for any Organization, I will try to cover in brief some important aspects in the forthcoming weeks, as we all know how important a Security Policy is. I did get an inspiration to draft a sample security policy after reading Network Security Architecture by Sean Convery.

What is a Security Policy?
Security policies are a special type of documented business rule for protecting information and the systems which store and process the information. Information security policies are usually documented in one or more information security policy documents. Within an organization, these written policy documents provide a high-level description of the various controls the organization will use to protect information.
Written information security policy documents are also a formal declaration of management’s intent to protect information, and are required for compliance with various security and privacy regulations. Organizations that require audits of their internal systems for compliance with various regulations will often use information security policies as the reference for the audit.
(Source http://en.wikipedia.org/wiki/Information_security_policy)

I am planning to cover following things in coming weeks,

1- PHYSICAL SECURITY
2- HUMAN SECURITY
3- USER POLICY
4- CLIENT SECURITY
5- NETWORK SECURITY
6- SERVER SECURITY
7- DATA SECURITY
8- REMOTE ACCESS SECURITY
9- INTERNET POLICY

First of all I will start with Physical Security policy and later on I will proceed with the next policies.

1‐PHYSICAL SECURITY
“IS” CONSIDERED THE FOLLOWING:
1- Make sure that building security is adequate to prevent walk-up access to the workstations.
2- Employ a security officer or an “attack receptionist” to guard the front desk, and don’t allow
non-employees access beyond that point.
3- Physical access to high security areas is to be controlled with strong identification and
authentication techniques. Staffs with authorization to enter such areas are to be provided
with information on the potential security risks involved.
4- Make certain all servers are located in locked and secure rooms. Restrict access to
administrative personnel.
5- Make certain the servers are stored in an area that is secure from physical compromise under
all reasonable circumstances. Make sure all guests have an escort when they are in the room.
6- Sensitive and value material things must be stored securely. We could use lockable storage
cupboards.
7- Put the sensitive data, material in fire protected storage cabinets
8- The use of safe is must be in mind for saving sensitive material.

Cheers

Yasir
Personel Website: www.yasirirfan.com

Bookmark and Share     Comment     RSS Feed     Email a friend

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: