Professional Documents
Culture Documents
Information
Purpose Audience Security
Objectives
Clearly outline the purpose of the Define who the policy applies to and Define the goals management has
policy, which should include who it does not apply to, ensuring that agreed upon and the strategies
preserving the organization's all users within the organization and used to achieve them, focusing on
information security, detecting and its networks are covered. Consider the CIA triad - Confidentiality,
preempting breaches, protecting the including third-party and fourth-party Integrity, and Availability of data and
organization's reputation, upholding risks in the policy to address potential information systems.
ethical, legal, and regulatory vulnerabilities from external sources
requirements, protecting customer
data, and responding to security-
related complaints and queries
Key components of an information assurance
Specify who has the authority to Classify data into categories based on Data protection regulations —
decide data sharing, outline access sensitivity, such as public information, systems that store personal data, or
control levels, handle sensitive confidential data, and critical other sensitive data
information, define security controls, information. Implement increasing Data backup — Encrypt data backup
and establish acceptable security levels of protection based on the data according to industry best
standards. Include network security classification to ensure appropriate practices, both in motion and at
policies and authentication security measures are in place rest
requirements like strong passwords, Movement of data — Only transfer
biometrics, and access tokens data via secure protocols.
Key components of an information assurance
Share IT security policies with your Encryption involves encoding data to A data backup policy defines rules
staff. Conduct training sessions to keep it inaccessible to or hidden from and procedures for making backup
inform employees of your security unauthorized parties. It helps protect copies of data. It is an integral
procedures and mechanisms, data stored at rest and in transit component of overall data
including data protection measures, between locations and ensure that protection, business continuity, and
access protection measures, and sensitive, private, and proprietary data disaster recovery strategy
sensitive data classification. remains private. It can also improve
Social engineering the security of client-server
Clean desk policy communication
Key components of an information assurance
References to
Responsibilities, System
regulations and
rights, and duties hardening
compliance
of personnel benchmarks
standards
Appoint staff to carry out user access The information security policy should The information security policy should
reviews, education, change reference security benchmarks the reference regulations and compliance
management, incident management, organization will use to harden standards that impact the organization, such
implementation, and periodic mission-critical systems, such as the as the General Data Protection Regulation
updates of the security policy. Center for Information Security (CIS) (GDPR), California Consumer Privacy Act
Responsibilities should be clearly benchmarks for Linux, Windows (CCPA), Payment Card Industry Data Security
defined as part of the security policy Server, AWS, and Kubernetes Standard (PCI DSS), the Sarbanes-Oxley Act
(SOX), and the Health Insurance Portability
and Accountability Act (HIPAA).
Information assurance policies that organizations can implement
HIPAA FERPA
stands for the Health Insurance Portability and stands for the Family Educational Rights and
Accountability Act, a U.S. federal law enacted in 1996. Privacy Act, a U.S. federal law that protects the
HIPAA includes provisions that establish standards for privacy of student education records. FERPA applies
protecting sensitive patient health information to educational institutions that receive funding from
known as Protected Health Information (PHI). It sets
the U.S. Department of Education and regulates the
rules for healthcare providers, health plans, and
disclosure of student records and access to them
healthcare clearinghouses to safeguard PHI and
ensure patient privacy
Sources
https://www.unitrends.com/blog/information-assurance
https://www.itgovernanceusa.com/information/information-assurance
https://www.upguard.com/blog/information-security-policy
https://www.ekransystem.com/en/blog/information-security-policies
https://www.doi.gov/ocio/policy-mgmt-support/info-assurance
https://www.itgovernanceusa.com/information/information-assurance
https://sdi.ai/blog/5-principles-of-information-assurance/
https://www.exabeam.com/explainers/information-security/the-12-elements-of-an-information-
security-policy/
https://www.gvsu.edu/irb/ferpahipaagdpr-54.html
https://kb.wisc.edu/security/page.php?id=104454
https://www.pentasecurity.com/blog/4-data-compliance-standards-gdpr-hipaa-pci-dss-ccpa/
March 23 2023
End of Presentation
THANKYOU