Page 154 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 154
Information Security and Privacy
Notes 8. Compliance – outlines measures on how compliance with this policy will be calculated
including any metrics involved.
9. Sanctions – outlines what appears when the policy is violated. This may include X happens
on the first offense, Y happens on the second offense, and Z happens on the third offense.
10. Review and evaluation – states when the policy must be reviewed for accuracy, applicability,
and compliance purposes (i.e. SOX, HIPAA, GLBA, PCI, etc.).
11. References – Points to rigid code sections and information security standards (ISO/IEC
17799, ITIL, COBIT, etc.).
12. Related documents – refers to other policies, guidelines, standards, and related documents.
13. Revisions – section for documenting ongoing alterations made to this policy document.
14. Notes – highlights notes, tips, etc. that can help with future policy management and
enforcement.
Notes If you do all of this to construct out your policies in the right method, it’ll save you
a lot of time over the long drag and make your auditors pleased to boot.
Self Assessment
Fill in the blanks:
13. To be precise, in order to find out exactly which security policies are required, you need to
perform an information ........................ assessment.
14. ........................ include detailed steps on how the policy is being executed and enforced in
your environment.
15. ........................ points to rigid code sections and information security standards (ISO/IEC
17799, ITIL, COBIT, etc.).
Caselet Symantec Corp Launches Database Security Products
rying to keep ahead of security threats that could affect consumers, Symantec Corp
has introduced the Symantec Database Security and the Raw Disk Virus Scan. Most
Tof the development work has been carried out from its Pune development centre.
Talking to presspersons, Mr Mark Bregaman, Chief Technology Officer, Symantec Corp,
said it had developed a new tool that would help identify root kits in the users’ systems
that usually escape its antivirus tools. The new product, called “Raw Disk Virus Scan,”
goes below the file level to read raw blocks of data, enabling it to “see” rootkits that
otherwise would be difficult to spot. It is a technology that has been developed bringing
together storage management technologies from the erstwhile Veritas and security
technology from Symantec.
He said that most of the development work was handled by the Pune development team.
The company was now shipping products to the customers. On the Symantec database
security, he said that it was always ‘trying to keep the bad boys out.’ But this software
would sit on the system and continuously monitor what was being sent out or received.
Contd...
148 LOVELY PROFESSIONAL UNIVERSITY
