<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Networking Reviews</title>
	<atom:link href="https://www.networkingreviews.com/tag/security-policy/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.networkingreviews.com</link>
	<description></description>
	<lastBuildDate>Wed, 30 Jul 2008 21:09:20 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.9.1</generator>
	<item>
		<title>Security Policy</title>
		<link>https://www.networkingreviews.com/security-policy/</link>
					<comments>https://www.networkingreviews.com/security-policy/#respond</comments>
		
		<dc:creator><![CDATA[Admin]]></dc:creator>
		<pubDate>Wed, 30 Jul 2008 21:09:20 +0000</pubDate>
				<category><![CDATA[Information Security]]></category>
		<category><![CDATA[security policy]]></category>
		<guid isPermaLink="false">https://www.networkingreviews.com/?p=92</guid>

					<description><![CDATA[Security Policies in an organization’s security system are divided into two broad categories: 1. Management’s Security Policy (or Organizational Policy) This is the high level security policy of the whole organization. It provides management’s security goals and objectives in writing. It documents compliance and creates a security culture within the company. It establishes also the security [&#8230;]]]></description>
										<content:encoded><![CDATA[<p><strong><span style="text-decoration: underline;">Security Policies</span></strong> in an organization’s security system are divided into two broad categories:</p>
<h4>1. Management’s Security Policy (or Organizational Policy)</h4>
<p>This is the high level security policy of the whole organization. It provides management’s security goals and objectives in writing. It documents compliance and creates a security culture within the company. It establishes also the security activity/function, and holds individuals personally responsible for any security breaches.</p>
<h4>2. Functional Implementing Policies</h4>
<p>The functional policies are guided by the high level organization policy, and are used to actually implement the goals and objectives of the general organization policy. Examples of functional policies are:</p>
<ul>
<li>Data Classification</li>
<li>Access Control Policy</li>
<li>Remote Access Policy</li>
<li>Internet and Acceptable use policy</li>
<li>Privacy policy</li>
</ul>
<p>From functional policies come the supporting elements which are:</p>
<ul>
<li>Standards</li>
<li>Procedures</li>
<li>Baselines</li>
<li>Guidelines</li>
</ul>
<p><strong><span style="text-decoration: underline;">Standards</span></strong></p>
<p>These are common solutions for the whole organization regarding common hardware and software mechanisms and products used to enforce and establish a secure environment.</p>
<p><strong><span style="text-decoration: underline;">Procedures</span></strong></p>
<p>Procedures, like policies, are considered to be MANDATORY requirements is a security system. Procedures are step-by-step written actions to be performed to accomplish a security requirement or objective. Examples of procedures are password changing, incident response, Business Continuity procedures etc. Procedures can be helpful to reduce mistakes in a crisis and ensure that important steps are not missed.</p>
<p><strong><span style="text-decoration: underline;">Baselines</span></strong></p>
<p>These are the minimum level of security configuration that can be carried across multiple implementations of the systems and on many different products. Baselines are descriptions of how to implement security mechanisms to ensure that implementations result in a consistent level of security throught the organization.</p>
<p><strong><span style="text-decoration: underline;">Guidelines</span></strong></p>
<p>Examples of guidelines are ISO17799, Common Criteria, ITIL.</p>
<p>Guidelines are recommendations for security product implementations, procurement, planning etc. They are white papers, best practices etc.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.networkingreviews.com/security-policy/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
