Applying Information Security Policies & Computer Security Standards
Easier Implementation Of Your Security Policies
Security policies, information security standards, computer security standards, information security policies, computer security policies, baseline security policies… words that present a headache to so many organizations!
Information security policies and computer security standards must be implemented to be effective. But how can this be fully and demonstrably achieved? How can the task be effectively managed and monitored?
This site introduces an approach to easing the problem of organization wide deployment, implementation and compliance management.
The first step of course concerns the policies themselves… they must be high quality, clear, comprehensive and appropriate to your specific or cultural needs.
A common approach to ensure this, is to obtain pre-written policies “off the shelf”, and then amend them if necessary. This is certainly a reasonable approach, but it is important to ensure that the policies are of the requisite standard, and perhaps are compliant with standards such as ISO 17799.
If you are currently lacking a set of policies that meet all these requirements, a ratified set can be obtained from Security Policy World
Policy Deployment & Implementation
Having a set of quality security policies is not the end of the story – it is the beginning.
The next step is to deploy them in a manner such that they are actually used, as opposed to becoming ‘shelfware’… a fate that all too often meets otherwise well crafted and produced policies.
Several options are available here, the most recent being to fully utilise the users desktop.
This brings a number of benefits. For instance, it delivers them directly to the point of need, as well as delivering them via a familiar and potentially interesting medium.
This latter point is important, because this fact has been exploited during the creation of one of the most well known policy delivery mechanisms – the highly acclaimed SOS Interactive Security Policy system. This product delivers the policies directly to the desktop in a dynamic and sometimes entertaining way. It has proved very effective indeed in many organizations.
Policy Compliance Management
Compliance mangement is the final step in the process… monitoring and manageing the process of implementation to ensure organization wide adoption of the policies. The policies have been deployed (perhaps using the method above), but how to you monitor what is happening in the field, and how do you manage this?
One widely used solution is to use the COBRA system. COBRA is a knowledge based system designed to make compliance with information security policies more straightforward and manageable. It is shipped with an optional set of predefined knowledge bases which can be tailored and changed to suit individual needs.
Using the optional Module Manager component, EVERY element can be amended, or alternatively, a brand new knowledge base can be created to reflect your own organizations existing policy in its entirity.
In effect COBRA will interrogate the devolved areas and enable them (and you) to check their position against the policies.
This product is very well covered on the internet. The following sites cover:
- compliance with ISO 17799
- risk based security policy compliance
- information security policy compliance based upon BS 7799
COBRA offers a flexible, easy to use and PROVEN approach to security policy compliance. It is used across the globe, by many of the worlds major organizations.