Security Standards  «Prev  Next»

Creating Security Policy

When writing a security policy you should include information regarding:
  1. Who is allowed to use the system and when they are allowed to use it
  2. What access different groups and users will be granted
  3. Access procedures including procedures for revoking access and remote access
  4. Training guidelines for users, administrator, and executives
  5. What constitutes acceptable use of the system
  6. What to do in the event of a security breach
  7. What the requirements are for a company’s servers

Creating Security Policy

You should also include information such as resource classification, acceptable software and installation procedures, and system monitoring procedures.


An organization has to ensure that the proper technologies are acquired and deployed to implement the required information protection services. These objectives are accomplished through the following processes and policies for the acquisition of technology:
  1. A security policy
  2. System-level information assurance architectures
  3. System-level information assurance standards
  4. Information assurance principles
  5. Specification criteria for the required information assurance products
  6. Acquisition of reliable, third-party, validated products
  7. Configuration recommendations
  8. Risk assessment processes for the integrated systems