Chính sách bảo mật thông tin - Hướng dẫn phát triển cho các công ty lớn và nhỏ Một chính sách bảo mật cần phải thực hiện nhiều mục đích. Nó sẽ bảo vệ con người và thông tin, thiết lập các quy tắc cho hành vi mong đợi của người sử dụng, quản trị hệ thống, quản lý và nhân viên an ninh, uỷ quyền cho nhân viên an ninh để giám sát, thăm dò, | Reading Room wis Interested in learning more about security SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Information Security Policy - A Development Guide for Large and Small Companies A security policy should fulfill many purposes. It should protect people and information set the rules for expected behaviour by users system administrators management and security personnel authorize security personnel to monitor probe and investigate define and authorize the consequences of violation define the company consensus baseline stance on security help minimize risk and help track compliance with regulations and legislation. Copyright SANS Institute Author Retains Full Rights Information Security Policy - A Development Guide for Large and Small Companies Author Version Date Sorcha Canavan 11 18 03 Sorcha Diver previously Canavan 07 12 06 SANS Institute 2007 As part of the Information Security Reading Room Author retains full rights. 1. 2. Why Do You Need Security Policy .2 Basic Purpose of Policy and Legislative Policies as Catalysts for Policies Must be 3. Who Will Use Your Policies - Count Your Audience Audience and Policy 4. Policy Policy Hierarchy Governing Technical Job Aids 5. Policy Prioritizing Policy Outline Topic Technical Job Aids 6. Policy Development Development Development Process Top-Down Versus Current Practice Versus Preferred Consider All Threat Types. 15 7. Policy Development Primary Secondary 8. Policy Development .