Security policies are a formal set of rules which is issued by an
organization to ensure that the user who are authorized to access company technology and information assets comply with rules and guidelines related to the security of information. It is a written document in the organization which is responsible for how to protect the organizations from threats and how to handles them when they will occur. A security policy also considered to be a "living document" which means that the document is never finished, but it is continuously updated as requirements of the technology and employee changes. Sample Security Policy Document Need of Security policies- 1) It increases efficiency. 2) It upholds discipline and accountability 3) It can make or break a business deal 4) It helps to educate employees on security literacy i. Virus and Spyware Protection policy ii. Firewall Policy iii. Intrusion Prevention policy iv. Live Update policy v. Application and Device Control Security Standards A security standard is "a published specification that establishes a common language, and contains a technical specification or other precise criteria and is designed to be used consistently, as a rule, a guideline, or a definition." The goal of security standards is to improve the security of information technology (IT) systems, networks, and critical infrastructures. The Well-Written cybersecurity standards enable consistency among product developers and serve as a reliable standard for purchasing security products. Types of Standards 1. ISO i. ISO 27001 ii. ISO 27000 iii. ISO 27002 iv. ISO 27005 v. ISO 27032 2. IT Act 3. Copyright Act 4. Patent Law 5. IPR Digital Signature A digital signature is a mathematical technique which validates the authenticity and integrity of a message, software or digital documents. It allows us to verify the author name, date and time of signatures, and authenticate the message contents. The digital signature offers far more inherent security and intended to solve the problem of tampering and impersonation (Intentionally copy another person's characteristics) in digital communications. Signature 1). Authentication 2). Non-repudiation 3). Integrity Algorithms in Digital Signature
1. Key generation algorithm
2. Signing algorithm 3. Signature verifying algorithm How digital signatures work Types of Digital Signature
1). Certified Signatures
2). Approval Signatures 3). Visible Digital Signature 4). Invisible Digital Signature