An organization cannot expect to be secure, unless security is directed from the top-down. Management must realize the need for security Management must create a security policy Management must empower the security team to design and enforce the security program | Security+ All-In-One Edition Chapter 2 – Organizational Security Brian E. Brzezicki no security that is not designed An organization cannot expect to be secure, unless security is directed from the top-down. Management must realize the need for security Management must create a security policy Management must empower the security team to design and enforce the security program Polices, Standards, Guidelines and Procedures A security program needs to be implemented with, procedures, standards and guidelines. These are all part of an organizations security plan. We will talk about each of these in a few slides. Due Care and Due Diligence (41) Corporate polices, standards and guidelines help show and implement Due Diligence and Due Care. Due Diligence – The idea that a company researches and attempts to understand the risk it faces. Risk analysis is a form of Due Diligence. Due Care – shows that a Company makes reasonable efforts to minimize risk and protect a companies assets. Having . | Security+ All-In-One Edition Chapter 2 – Organizational Security Brian E. Brzezicki no security that is not designed An organization cannot expect to be secure, unless security is directed from the top-down. Management must realize the need for security Management must create a security policy Management must empower the security team to design and enforce the security program Polices, Standards, Guidelines and Procedures A security program needs to be implemented with, procedures, standards and guidelines. These are all part of an organizations security plan. We will talk about each of these in a few slides. Due Care and Due Diligence (41) Corporate polices, standards and guidelines help show and implement Due Diligence and Due Care. Due Diligence – The idea that a company researches and attempts to understand the risk it faces. Risk analysis is a form of Due Diligence. Due Care – shows that a Company makes reasonable efforts to minimize risk and protect a companies assets. Having polices, procedures and guidelines show a company is exercising Due Care. Policy (27) Policies – high level non-specific broad statement explaining the companies need and commitment to security. Very much like a mission statement. The corporate Policy will be very non-specific, there will be system/issue specific security policies that attempt to lay the security foundation for the organization Example: Password Policies Example: Data Encryption Policies Standards (27) Standards – mandatory elements regarding the implementation of a policy. Example: All users will wear a ID badge when on the premises, all employees will report any people that are not displaying an ID badge. Guidelines (27) Recommendations relating or supporting a policy, when no specific standard or rule exists. Example: When dealing with customer information you must do your utmost to protect the confidentiality of the information. Procedures (27) Specific step by step actions in relating to implementing part of a .
