Professional Documents
Culture Documents
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
1
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Learning Objectives
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
2
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
3
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Why Policy?
Chapter 04: Information Security Policy
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Introduction
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
5
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Why Policy?
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
7
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
8
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Security Policy?
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
9
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
10
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
12
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
13
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Policy Statements
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
14
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
15
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
16
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
17
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
18
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
19
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Enterprise Information Security Policy
Chapter 04: Information Security Policy
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
21
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
EISP Elements
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
22
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
23
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
EISP Elements
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
24
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
25
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Issue-Specific Security Policy
Chapter 04: Information Security Policy
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
27
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
• Statement of Purpose
• Scope and Applicability
• Definition of Technology Addressed
• Responsibilities
• Authorized Access and Usage of Equipment
• User Access
• Fair and Responsible Use
• Protection of Privacy
• Prohibited Usage of Equipment
• Disruptive Use or Misuse
• Criminal Use
• Offensive or Harassing Materials
• Copyrighted, Licensed, or Other Intellectual Property
• Other Restrictions
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
30
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
• Systems Management
• Management of Stored Materials
• Employer Monitoring
• Virus Protection
• Physical Security
• Encryption
• Violations of Policy
• Procedures for Reporting Violations
• Penalties for Violations
• Policy Review and Modification
• Scheduled Review of Policy and Procedures for Modification
• Limitations of Liability
• Statements of Liability or Disclaimers
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
31
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
• Common approaches:
• A number of independent ISSP documents, each tailored to a
specific issue
• A single comprehensive ISSP document that covers all issues
• A modular ISSP document that unifies policy creation and
administration while maintaining each specific issue’s
requirements
• The recommended approach is the modular policy,
which provides a balance between issue orientation and
policy management
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
32
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
33
distributed with a certain product or service or otherwise on a password-protected website for classroom use
System-Specific Security Policy
Chapter 04: Information Security Policy
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
35
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
36
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
37
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
38
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
40
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
41
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
42
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Configuration Rules
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
43
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
44
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Combination SysSPs
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
45
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
46
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
47
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
48
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
49
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Guidelines for Effective Policy
Development and Implementation
Chapter 04: Information Security Policy
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
51
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Policy Distribution
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
53
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Policy Reading
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
54
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Policy Comprehension
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
56
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Policy Compliance
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
57
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
58
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Policy Enforcement
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
59
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
60
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Investigation Phase
Analysis Phase
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
62
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Design Phase
Implementation Phase
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
64
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Maintenance Phase
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
65
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
67
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
68
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Policy Administrator
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
69
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Review Schedule
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
70
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
71
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
72
distributed with a certain product or service or otherwise on a password-protected website for classroom use
A Final Note on Policy
Chapter 04: Information Security Policy
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
75
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Summary
Summary (Continued)
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
78
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Summary (Continued)
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
79
distributed with a certain product or service or otherwise on a password-protected website for classroom use
Management of Information Security, 6th ed. - Whitman & Mattord
Summary (Continued)
© 2018 Cengage May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license
80
distributed with a certain product or service or otherwise on a password-protected website for classroom use