Page 25 - DCAP516_COMPUTER_SECURITY
P. 25

Unit 2: Information Security Policies




          2.5.3 General Policies                                                                Notes

               High Level Program Policy: Defines who owns other policies, who is responsible for
               them, scope and purpose of policies, any policy exceptions, related documents or policies.

               Business Continuity Plan: Includes the following plans:
                    Crisis Management: What to do during the (any) crisis which may threaten the
                    organization.

                    Disaster Recovery: Sub-functions:
                         Server recovery
                         Data recovery

                         End-user recovery
                         Phone system recovery
                         Emergency response plan
                         Workplace recovery

          Policy Levels

          Policies can exist on many levels of the organization from a group or team level, to department
          level, plant level, or global organizational level. Some policies may only be effective on a local
          level while others may be enterprise wide throughout the organization.

          Self Assessment

          State whether the following statements are true or false:

          5.   Information security, computer security and information assurance are one and the same
               concepts.
          6.   A military security policy is also called as governmental security policy.

          7.   Commercial security policy is a security policy developed primarily to provide availability.
          8.   The first items that should be defined are the policies related to the use and handling of
               your data.

          2.6 Summary


               Information security is the ongoing process of exercising due care and due diligence to
               protect information, and information systems, from unauthorized access, use, disclosure,
               destruction, modification, or disruption or distribution. The never ending process of
               information security involves ongoing training, assessment, protection, monitoring &
               detection, incident response & repair, documentation, and review. This makes information
               security an indispensable part of all the business operations across different domains.
               Confidentiality, integrity, and authenticity are the most important concerns of a computer
               security for everyday Internet users. Although users may feel that they have nothing to
               hide when they are registering with an Internet site or service, privacy on the Internet is
               about protecting one’s personal information, even if the information does not seem
               sensitive.





                                           LOVELY PROFESSIONAL UNIVERSITY                                   19
   20   21   22   23   24   25   26   27   28   29   30